From 5c9daba282896af092ed2980f7f53f1b74042805 Mon Sep 17 00:00:00 2001
From: AJ Alon <aj.alon@datarobot.com>
Date: Mon, 11 May 2026 14:17:10 -0700
Subject: [PATCH] Add dependabot smoke test reminder comment

Dependabot PRs run with Secret source: Dependabot, which restricts
access to repository secrets (including DR_API_TOKEN). This causes
smoke tests to silently fail when auto-triggered by the go label.

A maintainer must manually add the run-smoke-tests label to get a
passing run. This job posts a comment on every dependabot PR so that
fact is visible at review time rather than discovered at merge time.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/checks.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
index 160b58b69..dbb33cb33 100644
--- a/.github/workflows/checks.yaml
+++ b/.github/workflows/checks.yaml
@@ -203,6 +203,24 @@ jobs:
               labels: ['go']
             })
 
+  dependabot-reminder:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    name: Dependabot Smoke Test Reminder
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Comment smoke test instructions
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: '👋 **Maintainer reminder:** Smoke tests cannot run automatically on dependabot PRs due to GitHub secret restrictions.\n\nBefore merging, add the `run-smoke-tests` label and wait for the smoke tests to pass.'
+            });
+
   completion-tests:
     needs: [build, detect-changes]
     if: needs.detect-changes.outputs.completion == 'true'