When creating new repository from template, dependabot immediately breaks it #508
Description
After creating a new repository from this template, dependabot automatically broke it.
Example project: https://github.com/srtfisher/working-action-release
PRs that dependabot created and were automerged that broke it:
- Bump @babel/preset-env from 7.28.3 to 7.28.5 srtfisher/working-action-release#3
- Bump @alleyinteractive/stylelint-config from 0.0.2 to 0.1.0 srtfisher/working-action-release#5
After those PRs merged, npm ci doesn't pass. Heck, you can even see the failures on those PRs from our CI tests.
The problems comes from https://github.com/alleyinteractive/create-wordpress-plugin/blob/develop/.github/workflows/dependabot-auto-approve.yml and https://github.com/alleyinteractive/create-wordpress-plugin/blob/develop/.github/workflows/dependabot-auto-merge.yml.
When a new repository is created, the branch is unprotected and dependabot can merge at will without making sure the plugin works.
A proposed solution would be to make the auto merge also expect the pull request to have some CI steps on it. Worth investigating.