From eca66b279ee193c05bc13d7bd2d7fcacba981a0d Mon Sep 17 00:00:00 2001
From: Phil-NHS <philip.tate@nhs.net>
Date: Thu, 28 Aug 2025 15:43:01 +0100
Subject: [PATCH 1/2] chore(dependabot): commit lint logical error

---
 .github/workflows/reuseable-ci-checks.yml |  6 ++-
 .github/workflows/workflow-readme.md      | 59 +++++++++++++++++++++++
 2 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml
index ad7c1af..c8d936c 100644
--- a/.github/workflows/reuseable-ci-checks.yml
+++ b/.github/workflows/reuseable-ci-checks.yml
@@ -203,12 +203,14 @@ jobs:
             echo "Branch name: $BRANCH_NAME"
             if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then
               echo "✅ Branch is a dependabot branch - skipping commitlint"
-              exit 0
+              echo "skip=true" >> $GITHUB_OUTPUT
             else
               echo "Regular branch - will run commitlint in next step"
+              echo "skip=false" >> $GITHUB_OUTPUT
             fi
 
-        - name: Run commitlint action
+        - name: Run commitlint actio
+          if: steps.check-branch.outputs.skip != 'true'n
           uses: wagoid/commitlint-github-action@v5
           with:
             configFile: .commitlintrc.json
diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md
index 185fd4e..fe8b3c3 100644
--- a/.github/workflows/workflow-readme.md
+++ b/.github/workflows/workflow-readme.md
@@ -84,3 +84,62 @@ The individual steps also automatically pass so can see if any error at the end
 
 ## Versioning
 Via semantic release and recorded as a generate c# file used by a blazor component
+
+## Alternative Approaches
+
+```
+name: Pull Request Checks
+
+# ⚠️ pull_request_target is dangerous it allows secrets to be used by forks and bots, ⚠️ 
+# ⚠️ we want dependabot only to be using these secrets so addition logic requires an "if" for every job ⚠️
+# We will restrict it by making pull_request_target only for the Automatic_version_update_dependabot and then use
+# an if to ensure its only by dependabot
+
+on:
+  pull_request:
+    branches: ['**']                # Run on all branches
+    branches-ignore: ['dependabot/**']  # Skip Dependabot PRs
+  pull_request_target:
+    branches: ['Automatic_version_update_dependabot']  # Base branch for Dependabot PRs
+  workflow_dispatch:
+  
+jobs:
+  dummy:
+    if: |
+      (github.actor == 'dependabot[bot]' && 
+      startsWith(github.head_ref, 'dependabot/') &&
+      github.event_name == 'pull_request_target')
+      ||
+      (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dummy Step
+        run: echo "This is a dummy job to allow workflow_dispatch"
+        
+  pull-request-call-reusable-ci-checks-workflow:
+    if: |
+      (github.actor == 'dependabot[bot]' && 
+      startsWith(github.head_ref, 'dependabot/') &&
+      github.event_name == 'pull_request_target')
+      ||
+      (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request')
+    name: Pull Request run CI Checks
+    uses: ./.github/workflows/reuseable-ci-checks.yml
+    needs: dummy
+    with:
+      runall: true
+      
+    # could try secrets:inherit QQQQ
+    secrets:
+      UNITTESTS_APPSETTINGS_DEVELOPMENT: ${{ secrets.UNITTESTS_APPSETTINGS_DEVELOPMENT }}
+      WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT }}
+      WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT }}
+      WASMSERVERHOST_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOST_APPSETTINGS_DEVELOPMENT }}
+      TEL_GIT_PACKAGES_TOKEN: ${{secrets.NUGETKEY }}
+      
+      UNITTESTS_APPSETTINGS_PRODUCTION: ${{ secrets.UNITTESTS_APPSETTINGS_PRODUCTION }}
+      WASMSTATICCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_PRODUCTION }}
+      WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION }}
+      WASMSERVERHOST_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOST_APPSETTINGS_PRODUCTION }}
+
+```

From eff7705776ee9ccfcbe72829bd4675b635677424 Mon Sep 17 00:00:00 2001
From: Phil-NHS <philip.tate@nhs.net>
Date: Thu, 28 Aug 2025 15:45:19 +0100
Subject: [PATCH 2/2] chore(dependabot): mistake

---
 .github/workflows/reuseable-ci-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml
index c8d936c..bc48db5 100644
--- a/.github/workflows/reuseable-ci-checks.yml
+++ b/.github/workflows/reuseable-ci-checks.yml
@@ -210,7 +210,7 @@ jobs:
             fi
 
         - name: Run commitlint actio
-          if: steps.check-branch.outputs.skip != 'true'n
+          if: steps.check-branch.outputs.skip != 'true'
           uses: wagoid/commitlint-github-action@v5
           with:
             configFile: .commitlintrc.json