Fix check-peer-review workflow blocking Dependabot auto-merge

[S3DFX-CYBER]

Summary

This PR fixes a regression where the check-peer-review workflow incorrectly runs on Dependabot pull requests and applies the needs-peer-review label, blocking the auto-merge process.

Root Cause

The workflow was relying on github.actor, which does not reliably represent the PR author for pull_request_target events. As a result, Dependabot PRs were no longer excluded.

Fix

• Skip execution based on pull_request.user.login
• Add a defensive early-exit for Dependabot-authored PRs

This restores the intended auto-approve and auto-merge behavior for dependency updates.

Summary by CodeRabbit

• Chores
  • Workflow now skips Dependabot pull requests earlier, exiting the peer-review process for dependency updates.
  • Simplified automated-author detection with a generalized check to identify bot-generated PRs.
  • Core peer-review behavior (review fetching, reviewer filtering, commenting, labeling) remains unchanged.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

👋 Hi @S3DFX-CYBER!

This pull request needs a peer review before it can be merged. Please request a review from a team member who is not:

• The PR author
• DonnieBLT
• coderabbitai
• copilot

Once a valid peer review is submitted, this check will pass automatically. Thank you!

[coderabbitai]

Walkthrough

Adds an early exit that skips peer-review processing for Dependabot PR authors and consolidates multiple actor exclusions into a single negated contains check; core review-fetching and labeling logic remains unchanged.

Changes

Cohort / File(s)	Summary
Workflow configuration \.github/workflows/check-peer-review.yml	Replaced multiple explicit actor inequality checks with a single !contains exclusion for Copilot variants and consolidated Dependabot/DonnieBLT checks into a single comparison against github.event.pull_request.user.login; added a defense-in-depth early exit that logs a skip, sets has_peer_review=true, and exits for Dependabot PRs before running review-fetch/label/comment logic.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

quality: medium

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main fix: resolving the issue where the check-peer-review workflow was incorrectly blocking Dependabot auto-merge.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 1c90579 and f11203b.

📒 Files selected for processing (1)

• .github/workflows/check-peer-review.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Run Tests
• GitHub Check: docker-test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📊 Monthly Leaderboard

Hi @S3DFX-CYBER! Here's how you rank for January 2026:

Rank	User	PRs	Reviews	Comments	Total
🥉 #3	@Pritz395	0	0	11	22
#4	@S3DFX-CYBER ✨	2	0	0	20
#5	@Saptami191	1	0	1	12

---

Leaderboard based on contributions in January 2026. Keep up the great work! 🚀

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/check-peer-review.yml (1)

56-61: Fix indentation for better readability.

The defensive check logic is correct and appropriate. However, lines 59-60 should be indented by 2 additional spaces to clearly indicate they are inside the if block, consistent with the indentation style used elsewhere in the script.

🔎 Proposed fix for indentation

           # Skip Dependabot PRs entirely (defense in depth)
           if [[ "$PR_AUTHOR" == "dependabot[bot]" || "$PR_AUTHOR" == "dependabot-preview[bot]" ]]; then
-          echo "Dependabot PR detected. Skipping peer review check."
-          exit 0
+            echo "Dependabot PR detected. Skipping peer review check."
+            exit 0
           fi

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 6acfe73 and 1a9165c.

📒 Files selected for processing (1)

• .github/workflows/check-peer-review.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Run Tests
• GitHub Check: docker-test

🔇 Additional comments (1)

.github/workflows/check-peer-review.yml (1)

29-31: The condition is correct. Both pull_request_target and pull_request_review events include the pull_request object in their payload, so github.event.pull_request.user.login is available for both event types and will correctly exclude Dependabot PRs.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

.github/workflows/check-peer-review.yml (1)

30-34: Clarification regarding past review comment.

The past review comment suggests that DonnieBLT and copilot accounts will now incorrectly run the job. However, examining the current code:

• Line 33 explicitly excludes github.actor != 'DonnieBLT'
• Line 34 excludes copilot accounts with !contains(github.actor, 'copilot')

Both automation accounts are still excluded at the job level. The change at line 34 simply generalizes the copilot check from explicit username exclusions to a pattern-based check, which is actually more robust. The concerns raised in the past comment are not applicable to the current code state.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 1a9165c and 1c90579.

📒 Files selected for processing (1)

• .github/workflows/check-peer-review.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Run Tests
• GitHub Check: docker-test

[Nachiket-Roy]

LGTM

[S3DFX-CYBER]

would like a peer-review @e-esakman or @rahulnegi20 any reviewer

[e-esakman]

LGTM.

[S3DFX-CYBER]

After all reviews, i request @DonnieBLT to review this pr as it is ready for merge