This is a follow up to my post a few days ago pr-compliance-action. I had been excited to see how it would behave on a real project, and yesterday I got my wish!

The Open Sauced project is configured to have dependabot run on Thursdays, and my action contribution had gotten implemented last Friday. @bdougieyo has the Open Sauced discord setup to monitor the GitHub repo for comments and other events and yesterday we got the regular traffic from dependabot, but for each PR that it opened, pr-compliance-action jumped in with a comment of its own! This was because of two things - one was by design, and one was a bug in the design.

By design, pr-compliance-action is checking for PRs opened that don't refer to an existing issue in the repo. Dependabot opens PRs that fit that description. Also by design, pr-compliance-action is supposed to ignore dependabot by default. The bug was in the workflow file for pr-compliance-action's ignore-authors input, using the wrong style of multiline YAML syntax. Easy fix, one character!

Open Sauced Issue #1234
Loving @0vortex issue description:

Steps to reproduce
Wait for Thursday
Wait for Dependabot to open a pull request
Dependabot gets greeted to join Discord

The other opportunity for improvement that became apparent was that pr-compliance-action didn't discriminate whether a PR author was a repo owner or a team member. This was a little more involved a feature to implement than a single character change, but I enjoyed it. This was a matter of leveraging the GitHub's REST API to list out whether the user's orgs included the org that owns the repo in question.

Open Sauced Issue #1240

Two release tags in one day - is that a reason to celebrate? Well I am :-)