From 0ad7dca0b58e6355eae2bd057d14e8f8096e2703 Mon Sep 17 00:00:00 2001 From: kkuo Date: Wed, 18 Mar 2026 21:17:56 -0400 Subject: [PATCH] fix(build-debian): Sanitize dependabot for DEBFULLNAME and DEBEMAIL Commits made by Dependabot use the name `dependabot[bot]` and email `49699333+dependabot[bot]@users.noreply.github.com`. However, directly using this for DEBFULLNAME and DEBEMAIL causes issues with lintian, where lintian will error with `malformed-contact` against the changes file. Specifically, lintian dislikes the square brackets. For an example of failures caused by this, see the following runs: https://github.com/canonical/authd/actions/runs/23261849890?pr=1275 https://github.com/ubuntu/ubuntu-insights/actions/runs/23259662695/job/67624442465?pr=330 Just suppressing the `malformed-contact` tag isn't a great option in case there is a legitimate issue unrelated to Dependabot. Having CI skip builds when triggered by Dependabot also isn't an option, as we want to see if a dependency change will cause issues. Since the email and name that Dependabot uses appear to be consistent and static, it should be fine to just hardcode the matching logic to prevent any false positives. We use `support@github.com` as the replacement email since Dependabot typically appends the following line at the end of its commit messages: ``` Signed-off-by: dependabot[bot] ``` --- gh-actions/common/build-debian/action.yaml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/gh-actions/common/build-debian/action.yaml b/gh-actions/common/build-debian/action.yaml index 08c371f..15b312e 100644 --- a/gh-actions/common/build-debian/action.yaml +++ b/gh-actions/common/build-debian/action.yaml @@ -132,9 +132,20 @@ runs: ) >> "${GITHUB_ENV}" if git status --porcelain &>/dev/null; then + _author_name="$(git log -1 --format='%an' HEAD)" + _author_email="$(git log -1 --format='%ae' HEAD)" + + # Dependabot commits use the name dependabot[bot] + # and email "49699333+dependabot[bot]@users.noreply.github.com". + # These cause lintian errors. + if [[ "${_author_name}" == "dependabot[bot]" && "${_author_email}" == "49699333+dependabot[bot]@users.noreply.github.com" ]]; then + _author_name="dependabot" + _author_email="support@github.com" + fi + ( - echo DEBFULLNAME="$(git log -1 --format='%an' HEAD) - GH Action" - echo DEBEMAIL="$(git log -1 --format='%ae' HEAD)" + echo DEBFULLNAME="${_author_name} - GH Action" + echo DEBEMAIL="${_author_email}" ) >> "${GITHUB_ENV}" fi