Extend Dependabot workflow to auto-fix build, lint, and test failures

[umair-ably]

Summary

• Adds unit test step to the Dependabot auto-fix workflow so Claude can diagnose and fix test failures from dependency bumps (e.g. React 18→19 breaking changes in fix(deps): bump the all-dependencies group across 1 directory with 9 updates #308)

Test plan

• Merge this PR
• Comment @dependabot recreate on fix(deps): bump the all-dependencies group across 1 directory with 9 updates #308 (React 18→19 bump)
• Verify the workflow detects test failures and invokes Claude to fix them

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cli-web-cli	Ready	Preview, Comment	Apr 15, 2026 0:21am

[claude-code-ably-assistant]

PR Review: Extend Dependabot workflow to auto-fix build, lint, and test failures

Overview: Adds a pnpm test:unit step to the Dependabot auto-fix workflow, captures test output alongside build/lint output, and feeds it to Claude. Also centralises the "needs fixing" check into a dedicated step. Clean, focused change.

---

One concern worth addressing

Job timeout may be too tight now

The job has timeout-minutes: 15 (line 15). That budget now needs to cover: dependency install + lockfile regen + build + lint + unit tests + Claude (--max-turns 30). If a dependency bump causes tests to hang or regress in a slow-to-fail way (e.g., network-dependent tests that weren't mocked before), the job could time out before Claude even runs — which defeats the purpose of the workflow.

Consider bumping to timeout-minutes: 25 or adding a per-step timeout on the test step (e.g., timeout-minutes: 5) to bound the worst case.

---

Everything else looks correct

• Step logic is sound: steps.test.outcome is 'skipped' (not 'failure') when build fails, so the == "failure" check in "Check if fixes needed" won't produce false positives.
• Test runs when lint fails: Intentional — gives Claude more diagnostic context when multiple things break from a single dep bump. Correct call.
• $GITHUB_OUTPUT heredoc pattern: Correct. The tail -n 200 truncation is a sensible guard against size limits.
• set -o pipefail: Applied correctly in all three run steps; exit codes propagate through tee.
• Prompt update: Accurate and actionable — Claude now knows to verify with pnpm test:unit as well.

The change is well-structured and addresses a real gap (React 18→19 test failures wouldn't have been caught before). Just bump the timeout before merging.

[sacOO7]

You can check claude comment about increasing timeout-minutes: 15 + failing security audit/
Since, we only included extra testing step, will approve the PR.