Bump senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml from 3 to 4

[dependabot]

Bumps senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml from 3 to 4.

Release notes

Sourced from senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml's releases.

4.0.0

What's Changed

• #260 make shared workflows generic, misc cleanup by @​kernelsam in senzing-factory/build-resources#261

Full Changelog: senzing-factory/build-resources@v3...4.0.0

3.0.31

What's Changed

• Bump super-linter/super-linter from 8.4.0 to 8.5.0 by @​dependabot[bot] in senzing-factory/build-resources#257
• if the PR's REFRESHED_AT matches main's value, it only passes if that… by @​kernelsam in senzing-factory/build-resources#259

Full Changelog: senzing-factory/build-resources@v3...3.0.31

3.0.30

What's Changed

• Bump super-linter/super-linter from 8.3.1 to 8.3.2 by @​dependabot[bot] in senzing-factory/build-resources#254
• Bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in senzing-factory/build-resources#250
• Bump super-linter/super-linter from 8.3.2 to 8.4.0 by @​dependabot[bot] in senzing-factory/build-resources#255
• Bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in senzing-factory/build-resources#249
• Fix regex for filtering GitHub workflows by @​kernelsam in senzing-factory/build-resources#256

Full Changelog: senzing-factory/build-resources@v3...3.0.30

3.0.29

What's Changed

• Bump super-linter/super-linter from 8.3.0 to 8.3.1 by @​dependabot[bot] in senzing-factory/build-resources#252
• Remove validation for natural language in workflows by @​kernelsam in senzing-factory/build-resources#253

Full Changelog: senzing-factory/build-resources@v3...3.0.29

3.0.28

What's Changed

• Add Markdown formatting guidelines to PR template by @​kernelsam in senzing-factory/build-resources#244
• Enhance PR review instructions for local and GitHub by @​kernelsam in senzing-factory/build-resources#246
• 247 dockter 1 by @​docktermj in senzing-factory/build-resources#248

New Contributors

• @​docktermj made their first contribution in senzing-factory/build-resources#248

Full Changelog: senzing-factory/build-resources@v3...3.0.28

3.0.27

Full Changelog: senzing-factory/build-resources@v3...3.0.27

3.0.26

Full Changelog: senzing-factory/build-resources@v3...3.0.26

... (truncated)

Changelog

Sourced from senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, markdownlint, and this project adheres to Semantic Versioning.

[Unreleased]

• Thing 5
• Thing 4

[1.0.1] - yyyy-mm-dd

Added to 1.0.1

• Thing 3

Fixed in 1.0.1

• Thing 2

[1.0.0] - yyyy-mm-dd

Added to 1.0.0

• Thing 2
• Thing 1

Commits

• 52eb86b bump tags to v4, slack channel override, missing claude settings (#262)
• 08fb769 #260 make shared workflows generic, misc cleanup (#261)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #260
Resolves #262
Resolves #261
Resolves senzing-factory/build-resources#261
Resolves senzing-factory/build-resources#257
Resolves senzing-factory/build-resources#259
Resolves senzing-factory/build-resources#254
Resolves senzing-factory/build-resources#250
Resolves senzing-factory/build-resources#255
Resolves senzing-factory/build-resources#249
Resolves senzing-factory/build-resources#256
Resolves senzing-factory/build-resources#252
Resolves senzing-factory/build-resources#253
Resolves senzing-factory/build-resources#244
Resolves senzing-factory/build-resources#246
Resolves senzing-factory/build-resources#248

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Analyzing the PR diff against the review checklist:

✅ Code Quality

• ✅ Code follows style guide: The change is a version bump in a GitHub Actions workflow file - minimal style considerations apply
• ✅ No commented-out code: None present
• ✅ Meaningful variable names: N/A - no new variables introduced
• ✅ DRY principle followed: N/A - single line change
• ✅ Identify Defects: No bugs, logic errors, or security vulnerabilities introduced. This is a straightforward version bump from @v3 to @v4 for a reusable workflow reference
• ⚠️ Project memory: No ./.claude/CLAUDE.md file found in the repository to evaluate against

File: .github/workflows/add-to-project-garage-dependabot.yaml:15

✅ Testing

• ✅ Unit tests: N/A - GitHub Actions workflow configuration
• ✅ Integration tests: N/A - The workflow itself will be tested when executed
• ✅ Edge cases covered: N/A - Version reference change
• ✅ Test coverage: N/A - Not applicable to workflow files

⚠️ Documentation

• ❌ CHANGELOG.md updated: No CHANGELOG.md changes included in this PR. Consider documenting the workflow version upgrade if this impacts functionality
• ⚠️ Readme updated: Cannot verify if README update is needed without seeing what changes @v4 introduces in the referenced workflow
• ✅ API docs updated: N/A
• ✅ Inline comments: N/A - Simple version reference
• ✅ Markdown formatting: N/A - No markdown changes in diff

✅ Security

• ✅ No hardcoded credentials: Properly uses secrets via ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
• ✅ Input validation: N/A - Configuration file
• ✅ Proper error handling: N/A - Handled by GitHub Actions runtime
• ✅ No sensitive data in logs: No sensitive data introduced
• ✅ No license files: No .lic files or AQAAAD strings present

---

Summary

Overall Assessment: ✅ Approved with Minor Recommendations

This is a clean version bump from v3 to v4 for the add-to-project-dependabot.yaml reusable workflow. The change itself is low-risk and follows proper practices.

Recommendations:

1. Documentation (.github/workflows/add-to-project-garage-dependabot.yaml:15): Consider updating CHANGELOG.md to document this workflow version upgrade, especially if @v4 introduces new functionality or breaking changes
2. Verification: Ensure the senzing-factory/build-resources repository has published a stable @v4 version of this workflow before merging

Questions for Reviewer:

• What changes does @v4 introduce compared to @v3?
• Are there any breaking changes or new features in the v4 workflow that require configuration updates?

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Automated Code Review

Code Quality

✅ Code follows our style guide

• The change is a version bump in a GitHub Actions workflow file. YAML formatting is correct and follows standard conventions.

✅ No commented-out code

• No commented-out code present in this diff.

✅ Meaningful variable names

• All variables and references use clear, descriptive names (SENZING_GITHUB_PROJECT_RW_TOKEN, SENZING_PROJECT_GARAGE).

✅ DRY principle followed

• The change maintains the DRY principle; it's a single version reference update.

✅ Identify Defects

• No bugs, logic errors, or security vulnerabilities detected.
• Version bump from v3 to v4 appears intentional and follows semantic versioning.
• Note: This change assumes v4 of the reusable workflow exists and is compatible. Verify that:
  • The v4 workflow exists at the referenced path
  • There are no breaking changes between v3 and v4
  • The inputs (project) and secrets (SENZING_GITHUB_PROJECT_RW_TOKEN) remain compatible

✅ Project memory configuration

• No ./.claude/CLAUDE.md file was found in the repository context, so no project-specific guidelines to check.

Testing

⚠️ Testing Considerations

• This is a GitHub Actions workflow configuration change, not application code.
• Recommendation: After merging, monitor the next Dependabot PR to ensure:
  • The workflow triggers correctly
  • The PR is added to the correct project
  • No errors occur in the workflow execution logs

Not applicable for traditional unit/integration tests since this is infrastructure-as-code.

Documentation

✅ Readme updated if needed

• This change doesn't require README updates; it's an internal workflow version bump.

✅ API docs updated

• Not applicable to workflow configuration changes.

✅ Inline comments for complex logic

• No complex logic; the change is self-explanatory.

❌ CHANGELOG.md updated

• File: CHANGELOG.md (root level)
• Issue: No entry found for this workflow version bump.
• Recommendation: Add an entry like:

  ### Changed
  - Updated add-to-project-garage-dependabot workflow from v3 to v4

✅ Markdown files follow CommonMark specification

• No markdown files were modified in this PR.

Security

✅ No hardcoded credentials

• Secrets are properly referenced using ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}.

✅ Input validation implemented

• GitHub Actions handles secret and variable resolution securely.

✅ Proper error handling

• Error handling is managed by the reusable workflow being called.

✅ No sensitive data in logs

• No sensitive data logged in this configuration.

✅ No license files or suspicious strings

• No .lic files or strings starting with AQAAAD detected.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendation

This is a straightforward version bump of a reusable GitHub Actions workflow. The change is low-risk and follows best practices for secret management and configuration.

Action Items:

1. ✅ Pre-merge: Verify that the v4 workflow exists and is compatible with current inputs/secrets
2. ❌ Pre-merge: Update CHANGELOG.md with this change (.github/workflows/add-to-project-garage-dependabot.yaml:15)
3. ✅ Post-merge: Monitor the next Dependabot PR to ensure the workflow executes successfully

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide: The change is minimal and follows standard YAML formatting conventions. The version bump is properly formatted.

✅ No commented-out code: No commented code present.

✅ Meaningful variable names: All variables and references are clear (SENZING_GITHUB_PROJECT_RW_TOKEN, SENZING_PROJECT_GARAGE).

✅ DRY principle followed: Single line change, no duplication.

✅ No defects identified: This is a straightforward workflow version bump from @v3 to @v4. The change updates the reference to a reusable GitHub Actions workflow. No logic errors, edge cases, or security vulnerabilities introduced.

✅ Project memory configuration: No .claude/CLAUDE.md file found in the repository to consider.

Testing

⚠️ Testing considerations:

• GitHub Actions workflow changes are difficult to unit test locally
• This change references an external workflow at senzing-factory/build-resources
• Recommendation: Verify that version @v4 exists and is compatible with current parameters:
  • Confirm repository-projects: write permission is still required
  • Verify SENZING_GITHUB_PROJECT_RW_TOKEN secret is still the expected input
  • Check that the project parameter format hasn't changed
• Test by triggering the workflow on a Dependabot PR after merge

Documentation

⚠️ Documentation status:

• ❌ CHANGELOG.md: No CHANGELOG.md update detected. Consider documenting this workflow version upgrade if it introduces new features or fixes issues from v3.
• ✅ README: No README changes needed for workflow version bumps (internal infrastructure change)
• ✅ API docs: Not applicable for workflow changes
• ✅ Inline comments: The workflow is self-documenting; no complex logic requiring comments

Security

✅ No hardcoded credentials: Credentials properly referenced via ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}

✅ Input validation: Not applicable for workflow version reference

✅ Proper error handling: Delegated to the reusable workflow

✅ No sensitive data in logs: No logging changes introduced

✅ No license files: No .lic files or AQAAAD strings in this diff

---

Summary

Overall Status: ✅ APPROVED with minor recommendations

This is a clean, low-risk change upgrading a reusable GitHub Actions workflow reference. The main recommendations are:

1. Pre-merge verification: Confirm the @v4 version exists at senzing-factory/build-resources and maintains backward compatibility
2. CHANGELOG update: Consider documenting what improvements v4 brings over v3
3. Post-merge testing: Monitor the next Dependabot PR to ensure the workflow executes successfully

Files Changed: .github/workflows/add-to-project-garage-dependabot.yaml:15

Automated code review analyzing defects and coding standards