apache · ppkarwasz · Jun 18, 2026 · Jun 18, 2026
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -24,6 +24,13 @@ on:
       - "2.25.x"
       - "release/2*"
   pull_request:
+    types:
+      # Standard types
+      - opened
+      - synchronize
+      - reopened
+      # Used in Dependabot PRs to retrigger required workflows
+      - ready_for_review
 
 # Cancel in-progress runs when a newer commit lands on the same PR; pushes to 2.x run to completion.
 concurrency:

diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
@@ -22,6 +22,13 @@ on:
     branches: [ "2.x", "main" ]
   pull_request:
     branches: [ "2.x", "main" ]
+    types:
+      # Standard types
+      - opened
+      - synchronize
+      - reopened
+      # Used in Dependabot PRs to retrigger required workflows
+      - ready_for_review
   schedule:
     - cron: '32 12 * * 5'
 

diff --git a/.github/workflows/process-dependabot.yaml b/.github/workflows/process-dependabot.yaml
@@ -39,13 +39,10 @@ jobs:
       }}
     uses: apache/logging-parent/.github/workflows/process-dependabot-reusable.yaml@gha/v0
     permissions:
-      # The default GITHUB_TOKEN will be used to enable the "auto-merge" on the PR
-      # This requires the following two permissions:
+      # Append the changelog commit
       contents: write
+      # Convert the PR into draft
       pull-requests: write
-    secrets:
-      # This token will be used to push new content to the repo and trigger workflows again
-      RECURSIVE_TOKEN: ${{ secrets.DEPENDABOT_TOKEN }}
     with:
       # The path to the changelog directory for the current development branch.
       changelog-path: src/changelog/.2.x.x