Bump senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml from 3 to 4

[dependabot]

Bumps senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml from 3 to 4.

Release notes

Sourced from senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml's releases.

4.0.0

What's Changed

• #260 make shared workflows generic, misc cleanup by @​kernelsam in senzing-factory/build-resources#261

Full Changelog: senzing-factory/build-resources@v3...4.0.0

3.0.31

What's Changed

• Bump super-linter/super-linter from 8.4.0 to 8.5.0 by @​dependabot[bot] in senzing-factory/build-resources#257
• if the PR's REFRESHED_AT matches main's value, it only passes if that… by @​kernelsam in senzing-factory/build-resources#259

Full Changelog: senzing-factory/build-resources@v3...3.0.31

3.0.30

What's Changed

• Bump super-linter/super-linter from 8.3.1 to 8.3.2 by @​dependabot[bot] in senzing-factory/build-resources#254
• Bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in senzing-factory/build-resources#250
• Bump super-linter/super-linter from 8.3.2 to 8.4.0 by @​dependabot[bot] in senzing-factory/build-resources#255
• Bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in senzing-factory/build-resources#249
• Fix regex for filtering GitHub workflows by @​kernelsam in senzing-factory/build-resources#256

Full Changelog: senzing-factory/build-resources@v3...3.0.30

3.0.29

What's Changed

• Bump super-linter/super-linter from 8.3.0 to 8.3.1 by @​dependabot[bot] in senzing-factory/build-resources#252
• Remove validation for natural language in workflows by @​kernelsam in senzing-factory/build-resources#253

Full Changelog: senzing-factory/build-resources@v3...3.0.29

3.0.28

What's Changed

• Add Markdown formatting guidelines to PR template by @​kernelsam in senzing-factory/build-resources#244
• Enhance PR review instructions for local and GitHub by @​kernelsam in senzing-factory/build-resources#246
• 247 dockter 1 by @​docktermj in senzing-factory/build-resources#248

New Contributors

• @​docktermj made their first contribution in senzing-factory/build-resources#248

Full Changelog: senzing-factory/build-resources@v3...3.0.28

3.0.27

Full Changelog: senzing-factory/build-resources@v3...3.0.27

3.0.26

Full Changelog: senzing-factory/build-resources@v3...3.0.26

... (truncated)

Changelog

Sourced from senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, markdownlint, and this project adheres to Semantic Versioning.

[Unreleased]

• Thing 5
• Thing 4

[1.0.1] - yyyy-mm-dd

Added to 1.0.1

• Thing 3

Fixed in 1.0.1

• Thing 2

[1.0.0] - yyyy-mm-dd

Added to 1.0.0

• Thing 2
• Thing 1

Commits

• 52eb86b bump tags to v4, slack channel override, missing claude settings (#262)
• 08fb769 #260 make shared workflows generic, misc cleanup (#261)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #260
Resolves #262
Resolves #261
Resolves senzing-factory/build-resources#261
Resolves senzing-factory/build-resources#257
Resolves senzing-factory/build-resources#259
Resolves senzing-factory/build-resources#254
Resolves senzing-factory/build-resources#250
Resolves senzing-factory/build-resources#255
Resolves senzing-factory/build-resources#249
Resolves senzing-factory/build-resources#256
Resolves senzing-factory/build-resources#252
Resolves senzing-factory/build-resources#253
Resolves senzing-factory/build-resources#244
Resolves senzing-factory/build-resources#246
Resolves senzing-factory/build-resources#248

[github-actions]

🤖 Claude Code Review

The CHANGELOG.md has not been updated to reflect this workflow version bump change.

✅ README update - Not applicable. This change is to a GitHub Actions workflow file and does not affect user-facing documentation in the README.

✅ API docs - Not applicable to workflow files.

✅ Inline comments - Not applicable. The change is self-documenting (version bump).

✅ Markdown formatting - The workflow file is in YAML format, not Markdown. YAML formatting is correct.

Security

✅ No hardcoded credentials - No credentials are hardcoded. The workflow correctly uses GitHub secrets (${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}).

✅ Input validation - Not applicable for this type of change.

✅ Proper error handling - Error handling is delegated to the reusable workflow being called.

✅ No sensitive data in logs - No sensitive data would be exposed in logs from this change.

✅ No license files checked in - No license files or AQAAAD strings detected in the diff.

---

Summary

Overall Assessment: ⚠️ Minor Issue - CHANGELOG.md Update Required

The pull request is a straightforward GitHub Actions workflow version bump from v3 to v4. The change itself is clean and follows best practices. However, there is one missing item:

Required Action:

• Update CHANGELOG.md (.github/workflows/move-pr-to-done-dependabot.yaml:13) - Add an entry documenting the workflow version update from @v3 to @v4 for the move-pr-to-done-dependabot.yaml reusable workflow.

Recommendation:

• Verify that the upstream workflow at senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v4 has been tested and review its changelog for any breaking changes between v3 and v4.

All other checklist items are satisfied or not applicable to this type of change.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

✅ Code Quality

• ✅ Code Style Compliance: The change is a simple version bump in a GitHub Actions workflow file. No code style violations.
• ✅ No Commented-out Code: Clean diff with no commented code.
• ✅ Meaningful Names: All identifiers are clear and descriptive.
• ✅ DRY Principle: Single line change, no duplication.
• ✅ No Defects: This is a straightforward workflow version update from v3 to v4. No logic errors, edge cases, or vulnerabilities introduced.
• ✅ Project Memory: No ./.claude/CLAUDE.md file present in the repository to consider.

File: .github/workflows/move-pr-to-done-dependabot.yaml:16

⚠️ Testing

• ⚠️ Unit Tests: N/A - GitHub Actions workflow files are not typically unit tested.
• ⚠️ Integration Tests: N/A - Workflow changes are validated through actual PR execution.
• ⚠️ Edge Cases: N/A for this type of change.
• ⚠️ Test Coverage: N/A - This is infrastructure configuration, not application code.

Note: The workflow will be tested implicitly when it runs on the next Dependabot PR.

⚠️ Documentation

• ❌ CHANGELOG.md: No CHANGELOG.md update detected. If this project maintains a changelog, workflow version bumps should be documented.
• ✅ README: No README update needed for internal workflow version bump.
• ✅ API Docs: N/A - No API changes.
• ✅ Inline Comments: No complex logic requiring comments.
• ✅ Markdown Formatting: The diff doesn't modify any markdown files.

Recommendation: Check if CHANGELOG.md exists and whether infrastructure updates are documented there.

✅ Security

• ✅ No Hardcoded Credentials: Uses GitHub secrets properly (${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}).
• ✅ Input Validation: N/A - workflow configuration.
• ✅ Error Handling: Delegated to the reusable workflow being called.
• ✅ No Sensitive Data in Logs: No logging changes.
• ✅ No License Files: No .lic files or AQAAAD strings in the diff.

---

Summary

Overall Assessment: ✅ APPROVED with minor documentation suggestion

This is a clean, low-risk change that updates a reusable workflow reference from v3 to v4. The change:

• Follows proper GitHub Actions patterns
• Maintains security best practices with secrets
• Contains no code quality issues

Optional Improvement:

• Consider documenting workflow version updates in CHANGELOG.md if the project maintains one (.github/workflows/move-pr-to-done-dependabot.yaml:16)

Risk Level: 🟢 Low - Standard dependency version bump

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Pull Request Summary

This PR updates the GitHub Actions workflow reference from @v3 to @v4 for the move-pr-to-done-dependabot.yaml reusable workflow.

---

Detailed Review Against Checklist

Code Quality

✅ Code follows style guide

The workflow file follows YAML conventions and GitHub Actions best practices. The change is minimal and maintains consistency.

✅ No commented-out code

No commented-out code present in this change.

✅ Meaningful variable names

All variables and references are clear: SENZING_GITHUB_PROJECT_RW_TOKEN and SENZING_PROJECT_APP_SERVER follow clear naming conventions.

✅ DRY principle followed

Single line change, no duplication.

✅ Identify Defects

No obvious defects detected. However, considerations:

• .github/workflows/move-pr-to-done-dependabot.yaml:16 - The version bump from v3 to v4 should ideally include verification that:
  • The v4 version exists in the referenced repository
  • Breaking changes between v3 and v4 are understood and compatible
  • The required secrets and inputs remain unchanged

Recommendation: Review the changelog/release notes of senzing-factory/build-resources workflow v4 to ensure compatibility.

⚠️ Project memory configuration

No .claude/CLAUDE.md file found in the repository to evaluate against.

---

Testing

⚠️ Unit tests for new functions

Not Applicable - This is a workflow version bump, not application code. However:

• The workflow should be tested by triggering a Dependabot PR to ensure it functions correctly with v4.

⚠️ Integration tests for new endpoints

Not Applicable - No endpoints involved.

⚠️ Edge cases covered

Not Applicable for traditional testing, but edge case consideration:

• What happens if v4 workflow fails?
• Is there a rollback plan?

⚠️ Test coverage > 80%

Not Applicable - GitHub Actions workflows don't have traditional test coverage metrics.

---

Documentation

❌ README updated if needed

.github/workflows/move-pr-to-done-dependabot.yaml:16 - No documentation update found explaining:

• Why the version bump was needed
• What changed between v3 and v4
• Any new features or behavioral changes

Recommendation: If there are breaking changes or new features in v4, document them in the project README or a workflow documentation file.

✅ API docs updated

Not Applicable - No API changes.

✅ Inline comments for complex logic

No complex logic requiring comments in this change.

❌ CHANGELOG.md updated

No CHANGELOG.md update detected for this version bump.

Recommendation: Add an entry like:

### Changed
- Updated `move-pr-to-done-dependabot.yaml` workflow from v3 to v4

✅ Markdown files follow CommonMark

No markdown files modified in this PR.

---

Security

✅ No hardcoded credentials

No credentials are hardcoded. Secrets are properly referenced using ${{ secrets.* }}.

✅ Input validation implemented

Not Applicable - Workflow inputs are validated by GitHub Actions framework.

✅ Proper error handling

Inherited from the reusable workflow - no changes to error handling in this PR.

✅ No sensitive data in logs

No logging changes. Secret handling remains proper.

✅ No license files checked in

No .lic files or AQAAAD strings detected in the diff.

---

Summary

Blocking Issues

None - this is a low-risk version bump.

Recommendations

1. Documentation: Update CHANGELOG.md with the workflow version change
2. Testing: Trigger a test Dependabot PR after merge to verify v4 works as expected
3. Due Diligence: Review the v4 release notes of the referenced workflow to understand what changed

Overall Assessment

✅ APPROVED with minor recommendations

This is a straightforward dependency version bump with low risk. The main improvements would be better documentation and testing verification post-merge.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Review Results

Code Quality

✅ Code follows style guide - The change is minimal and follows standard YAML formatting conventions for GitHub Actions workflows.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - All variables and references are clear and follow GitHub Actions conventions.

✅ DRY principle followed - Change is a simple version bump, no duplication issues.

✅ Identify Defects - No bugs, logic errors, or security vulnerabilities detected. This is a straightforward version update from @v3 to @v4 of a reusable workflow reference.

✅ Project memory configuration - No ./.claude/CLAUDE.md file found in the repository, so this criterion is not applicable.

Testing

⚠️ Testing considerations - This is a GitHub Actions workflow dependency update. The actual testing requirements depend on what changed in the upstream workflow (senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v4).

• If this workflow is triggered by the PR, it will be tested automatically
• Consider testing that the Dependabot PR automation still functions correctly with v4

Documentation

✅ README updates - Not required for a GitHub Actions workflow version bump unless there are breaking changes in v4.

❌ CHANGELOG.md updated - .github/workflows/move-pr-to-done-dependabot.yaml:13 - The CHANGELOG.md should be updated to document this workflow version upgrade from v3 to v4. This helps track infrastructure changes over time.

✅ Inline comments - No complex logic requiring additional comments.

✅ Markdown formatting - No markdown files were modified in this PR.

Security

✅ No hardcoded credentials - Credentials are properly referenced via secrets and vars.

✅ Input validation - Not applicable for this change.

✅ Proper error handling - Handled by the referenced workflow.

✅ No sensitive data in logs - No logging changes.

✅ No license files or AQAAAD strings - No license files or suspicious strings detected.

---

Summary

This is a low-risk change that updates a reusable GitHub Actions workflow reference from v3 to v4. The only actionable item is:

Required Action:

• Update CHANGELOG.md to document the workflow version bump and note any behavioral changes introduced in v4 of the upstream workflow.

Recommended Action:

• Review the changelog/release notes for senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v4 to understand what changed and verify it's compatible with your current usage.

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

⚠️ No file changes detected - skipping code review.

This PR appears to contain only metadata changes (labels, description, etc.).