From 56f8c6c524f4ae54ac8614ddc0b083cd862cd4fe Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 29 Apr 2026 11:05:18 +0000
Subject: [PATCH 1/4] Document gh aw add and update usage
Agent-Logs-Url: https://github.com/githubnext/dependabot-campaign/sessions/f8a549d3-d44f-44c7-8fcd-8ebf32cd1b72
Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
---
.../dependabot-repair-reusable.lock.yml | 26 ++++----
README.md | 65 ++++++-------------
2 files changed, 34 insertions(+), 57 deletions(-)
diff --git a/.github/workflows/dependabot-repair-reusable.lock.yml b/.github/workflows/dependabot-repair-reusable.lock.yml
index 5179ed5..9c2a96e 100644
--- a/.github/workflows/dependabot-repair-reusable.lock.yml
+++ b/.github/workflows/dependabot-repair-reusable.lock.yml
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"05e61071cba2a2ebb79d78b706879bebfa97570419f8fcca41304fc1249f5aaa","compiler_version":"v0.71.1","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a397f6ed59305cfb51832b7bebb6a2dcf68d3d7439843af71938b38d53f1e22b","compiler_version":"v0.71.1","strict":true,"agent_id":"copilot"}
# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"239aec45b78c8799417efdd5bc6d8cc036629ec1","version":"v0.71.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.28","digest":"sha256:a8834e285807654bf680154faa710d43fe4365a0868142f5c20e48c85e137a7a","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.28@sha256:a8834e285807654bf680154faa710d43fe4365a0868142f5c20e48c85e137a7a"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.28","digest":"sha256:93290f2393752252911bd7c39a047f776c0b53063575e7bde4e304962a9a61cb","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.28@sha256:93290f2393752252911bd7c39a047f776c0b53063575e7bde4e304962a9a61cb"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.28","digest":"sha256:844c18280f82cd1b06345eb2f4e91966b34185bfc51c9f237c3e022e848fb474","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.28@sha256:844c18280f82cd1b06345eb2f4e91966b34185bfc51c9f237c3e022e848fb474"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.0"},{"image":"ghcr.io/github/github-mcp-server:v1.0.2"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}
# ___ _ _
# / _ \ | | (_)
@@ -214,19 +214,19 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
+ cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
- GH_AW_PROMPT_9c97b63044331571_EOF
+ GH_AW_PROMPT_946f6a836ca3180d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
+ cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
Tools: add_comment(max:5), update_issue(max:5), create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_9c97b63044331571_EOF
+ GH_AW_PROMPT_946f6a836ca3180d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
+ cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
The following GitHub context information is available for this workflow:
@@ -256,9 +256,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_9c97b63044331571_EOF
+ GH_AW_PROMPT_946f6a836ca3180d_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
+ cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
# Dependabot Reusable Repair
@@ -318,7 +318,7 @@ jobs:
Summary: `[explanation]`
Next Step: `[action]`
- GH_AW_PROMPT_9c97b63044331571_EOF
+ GH_AW_PROMPT_946f6a836ca3180d_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
@@ -501,9 +501,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_32525aab3e0eb7f6_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_6f1d4720166472c2_EOF'
{"add_comment":{"max":5},"create_pull_request":{"max":1,"max_patch_size":1024,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_path_prefixes":[".github/",".agents/",".githooks/",".husky/"]},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"update_issue":{"allow_body":true,"max":5}}
- GH_AW_SAFE_OUTPUTS_CONFIG_32525aab3e0eb7f6_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_6f1d4720166472c2_EOF
- name: Write Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -788,7 +788,7 @@ jobs:
mkdir -p /home/runner/.copilot
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_83964dab051709bd_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_11a42c997fbafb4d_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -829,7 +829,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_83964dab051709bd_EOF
+ GH_AW_MCP_CONFIG_11a42c997fbafb4d_EOF
- name: Clean git credentials
continue-on-error: true
run: bash "${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh"
diff --git a/README.md b/README.md
index 6e56faf..8d29afb 100644
--- a/README.md
+++ b/README.md
@@ -59,59 +59,36 @@ The campaign workflow supports three signal modes through the `dependency-source
Use `auto` as the default when you want one workflow that still works if a repository later moves away from opening Dependabot PRs.
-## Use From Another Repo
+## Add To Another Repo
-To consume the baseline repair flow from another repository, call the compiled reusable workflow in this repo:
+Do not consume these workflows with GitHub Actions `uses:`. For agentic workflows, add the source workflow into the target repository with `gh aw add`, then update the imported copy later with `gh aw update`.
-```yaml
-name: Dependabot Repair
+For the baseline local repair flow:
-on:
- pull_request:
- types: [opened, synchronize, reopened]
-
-jobs:
- dependabot-repair:
- if: github.actor == 'dependabot[bot]'
- uses: org/dependabot-latest/.github/workflows/dependabot-repair-reusable.lock.yml@v1
- secrets: inherit
+```bash
+gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md
```
-The reusable entry point lives in [.github/workflows/dependabot-repair-reusable.md](/Users/mnkiefer/Enterprise/dependabot-latest/.github/workflows/dependabot-repair-reusable.md), and consumers should reference the compiled lockfile so they use a stable GitHub Actions workflow artifact.
+For the advanced coordination layer:
-Baseline defaults are already baked into the reusable workflow, so `with` is optional unless a caller wants to override behavior. Use workflow inputs for simple operating options, and keep richer campaign policy inside the workflow itself so the workflow stays self-contained.
+```bash
+gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-campaign.md
+```
-For example, a repo that wants to override only one default can keep the call small:
+If you want the reusable repair variant in your own repository, add that file the same way:
-```yaml
-jobs:
- dependabot-repair:
- if: github.actor == 'dependabot[bot]'
- uses: org/dependabot-latest/.github/workflows/dependabot-repair-reusable.lock.yml@v1
- with:
- automerge: false
- secrets: inherit
+```bash
+gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-repair-reusable.md
```
-For the advanced coordination layer, a central operations repo can call the campaign workflow with campaign-mode options:
-
-```yaml
-name: Dependency Operations Control Plane
-
-on:
- workflow_dispatch:
- schedule:
- - cron: '42 12 * * 1-5'
-
-jobs:
- dependency-operations:
- uses: org/dependabot-latest/.github/workflows/dependabot-campaign.lock.yml@v1
- with:
- dependency-source: auto
- mode: campaign
- project-sync: true
- summary-issue: true
- secrets: inherit
+After adding a workflow, review the imported `.md` file and generated `.lock.yml` file in the target repository, then commit them there.
+
+To pull upstream changes later:
+
+```bash
+gh aw update dependabot-repair
+gh aw update dependabot-campaign
+gh aw update dependabot-repair-reusable
```
-Use the repair workflow for local repository behavior when a PR exists, and the campaign workflow for central coordination across repositories whether teams use PRs, security alerts, or both. The campaign workflow owns its policy, labels, risk keywords, and enrolled repositories directly in the workflow file.
+Use the repair workflow for local repository behavior when a Dependabot PR exists, and the campaign workflow for central coordination across repositories whether teams use PRs, security alerts, or both. The campaign workflow owns its policy, labels, risk keywords, and enrolled repositories directly in the workflow file.
From 14e83a500989cfb63ed0528801c7090a68b8ceb7 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 29 Apr 2026 11:05:54 +0000
Subject: [PATCH 2/4] Revert unintended lockfile update
Agent-Logs-Url: https://github.com/githubnext/dependabot-campaign/sessions/f8a549d3-d44f-44c7-8fcd-8ebf32cd1b72
Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
---
.../dependabot-repair-reusable.lock.yml | 26 +++++++++----------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/.github/workflows/dependabot-repair-reusable.lock.yml b/.github/workflows/dependabot-repair-reusable.lock.yml
index 9c2a96e..5179ed5 100644
--- a/.github/workflows/dependabot-repair-reusable.lock.yml
+++ b/.github/workflows/dependabot-repair-reusable.lock.yml
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a397f6ed59305cfb51832b7bebb6a2dcf68d3d7439843af71938b38d53f1e22b","compiler_version":"v0.71.1","strict":true,"agent_id":"copilot"}
+# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"05e61071cba2a2ebb79d78b706879bebfa97570419f8fcca41304fc1249f5aaa","compiler_version":"v0.71.1","strict":true,"agent_id":"copilot"}
# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"239aec45b78c8799417efdd5bc6d8cc036629ec1","version":"v0.71.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.28","digest":"sha256:a8834e285807654bf680154faa710d43fe4365a0868142f5c20e48c85e137a7a","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.28@sha256:a8834e285807654bf680154faa710d43fe4365a0868142f5c20e48c85e137a7a"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.28","digest":"sha256:93290f2393752252911bd7c39a047f776c0b53063575e7bde4e304962a9a61cb","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.28@sha256:93290f2393752252911bd7c39a047f776c0b53063575e7bde4e304962a9a61cb"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.28","digest":"sha256:844c18280f82cd1b06345eb2f4e91966b34185bfc51c9f237c3e022e848fb474","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.28@sha256:844c18280f82cd1b06345eb2f4e91966b34185bfc51c9f237c3e022e848fb474"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.0"},{"image":"ghcr.io/github/github-mcp-server:v1.0.2"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]}
# ___ _ _
# / _ \ | | (_)
@@ -214,19 +214,19 @@ jobs:
run: |
bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh"
{
- cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
+ cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
- GH_AW_PROMPT_946f6a836ca3180d_EOF
+ GH_AW_PROMPT_9c97b63044331571_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md"
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md"
- cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
+ cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
Tools: add_comment(max:5), update_issue(max:5), create_pull_request, missing_tool, missing_data, noop
- GH_AW_PROMPT_946f6a836ca3180d_EOF
+ GH_AW_PROMPT_9c97b63044331571_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_create_pull_request.md"
- cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
+ cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
The following GitHub context information is available for this workflow:
@@ -256,9 +256,9 @@ jobs:
{{/if}}
- GH_AW_PROMPT_946f6a836ca3180d_EOF
+ GH_AW_PROMPT_9c97b63044331571_EOF
cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md"
- cat << 'GH_AW_PROMPT_946f6a836ca3180d_EOF'
+ cat << 'GH_AW_PROMPT_9c97b63044331571_EOF'
# Dependabot Reusable Repair
@@ -318,7 +318,7 @@ jobs:
Summary: `[explanation]`
Next Step: `[action]`
- GH_AW_PROMPT_946f6a836ca3180d_EOF
+ GH_AW_PROMPT_9c97b63044331571_EOF
} > "$GH_AW_PROMPT"
- name: Interpolate variables and render templates
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
@@ -501,9 +501,9 @@ jobs:
mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
mkdir -p /tmp/gh-aw/safeoutputs
mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
- cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_6f1d4720166472c2_EOF'
+ cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_32525aab3e0eb7f6_EOF'
{"add_comment":{"max":5},"create_pull_request":{"max":1,"max_patch_size":1024,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_path_prefixes":[".github/",".agents/",".githooks/",".husky/"]},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{},"update_issue":{"allow_body":true,"max":5}}
- GH_AW_SAFE_OUTPUTS_CONFIG_6f1d4720166472c2_EOF
+ GH_AW_SAFE_OUTPUTS_CONFIG_32525aab3e0eb7f6_EOF
- name: Write Safe Outputs Tools
env:
GH_AW_TOOLS_META_JSON: |
@@ -788,7 +788,7 @@ jobs:
mkdir -p /home/runner/.copilot
GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)
- cat << GH_AW_MCP_CONFIG_11a42c997fbafb4d_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
+ cat << GH_AW_MCP_CONFIG_83964dab051709bd_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs"
{
"mcpServers": {
"github": {
@@ -829,7 +829,7 @@ jobs:
"payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}"
}
}
- GH_AW_MCP_CONFIG_11a42c997fbafb4d_EOF
+ GH_AW_MCP_CONFIG_83964dab051709bd_EOF
- name: Clean git credentials
continue-on-error: true
run: bash "${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh"
From 1c53cf1bca46d3c68eada700450cd77a9d4c0b1a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 29 Apr 2026 11:34:52 +0000
Subject: [PATCH 3/4] Rename README workflow examples to review
Agent-Logs-Url: https://github.com/githubnext/dependabot-campaign/sessions/fb4484ac-fe6c-4497-9e83-88638f107b43
Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
---
README.md | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index 8d29afb..1a14cc9 100644
--- a/README.md
+++ b/README.md
@@ -63,10 +63,10 @@ Use `auto` as the default when you want one workflow that still works if a repos
Do not consume these workflows with GitHub Actions `uses:`. For agentic workflows, add the source workflow into the target repository with `gh aw add`, then update the imported copy later with `gh aw update`.
-For the baseline local repair flow:
+For the baseline local review flow:
```bash
-gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md
+gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md --name dependabot-review
```
For the advanced coordination layer:
@@ -75,20 +75,20 @@ For the advanced coordination layer:
gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-campaign.md
```
-If you want the reusable repair variant in your own repository, add that file the same way:
+If you want the reusable review variant in your own repository, add that file the same way:
```bash
-gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-repair-reusable.md
+gh aw add githubnext/dependabot-campaign/.github/workflows/dependabot-repair-reusable.md --name dependabot-review-reusable
```
-After adding a workflow, review the imported `.md` file and generated `.lock.yml` file in the target repository, then commit them there.
+After adding a workflow, review the imported `.md` file and generated `.lock.yml` file in the target repository, then commit them there. The upstream source filenames in this repository still use `dependabot-repair`, but the installed workflow names below use `dependabot-review`.
To pull upstream changes later:
```bash
-gh aw update dependabot-repair
+gh aw update dependabot-review
gh aw update dependabot-campaign
-gh aw update dependabot-repair-reusable
+gh aw update dependabot-review-reusable
```
-Use the repair workflow for local repository behavior when a Dependabot PR exists, and the campaign workflow for central coordination across repositories whether teams use PRs, security alerts, or both. The campaign workflow owns its policy, labels, risk keywords, and enrolled repositories directly in the workflow file.
+Use the review workflow for local repository behavior when a Dependabot PR exists, and the campaign workflow for central coordination across repositories whether teams use PRs, security alerts, or both. The campaign workflow owns its policy, labels, risk keywords, and enrolled repositories directly in the workflow file.
From 963b5a9a4d8a8ccf0e1cfadd028fa565d8e0271d Mon Sep 17 00:00:00 2001
From: Mara Nikola Kiefer <8320933+mnkiefer@users.noreply.github.com>
Date: Wed, 29 Apr 2026 14:01:19 +0200
Subject: [PATCH 4/4] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 1a14cc9..284d9e7 100644
--- a/README.md
+++ b/README.md
@@ -61,7 +61,7 @@ Use `auto` as the default when you want one workflow that still works if a repos
## Add To Another Repo
-Do not consume these workflows with GitHub Actions `uses:`. For agentic workflows, add the source workflow into the target repository with `gh aw add`, then update the imported copy later with `gh aw update`.
+Add the source workflow into the target repository with `gh aw add`, then update the imported copy later with `gh aw update`.
For the baseline local review flow: