ci: Exempt Dependabot PRs from PR title validation

[edwardtfn]

Dependabot PR titles follow its own format (e.g. "ci: bump actions/foo from 1 to 2") which cannot be customised to match the project's convention of requiring a capital letter after the prefix.

Adds if: github.actor != 'dependabot[bot]' to the validate job in validate_pr_title.yml so the check is skipped for Dependabot PRs. The gate job already treats skipped as success, so branch protection is unaffected.

Also adds the missing permissions: {} to the gate job.

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflow configurations for improved automation handling.

[coderabbitai]

Warning

Rate limit exceeded

@edwardtfn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 14 minutes and 11 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 14 minutes and 11 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0b40a496-7d19-43cb-bc83-3234da2d731f

📥 Commits

Reviewing files that changed from the base of the PR and between e9cf248 and 95a8d72.

📒 Files selected for processing (9)

• .github/workflows/esphome_build.yml
• .github/workflows/shellcheck.yml
• .github/workflows/validate_blueprint.yml
• .github/workflows/validate_clang_format.yml
• .github/workflows/validate_markdown.yml
• .github/workflows/validate_pr_title.yml
• .github/workflows/validate_python.yml
• .github/workflows/validate_yamllint.yml
• .github/workflows/versioning.yml

📝 Walkthrough

Walkthrough

The GitHub Actions workflow for PR title validation is modified to skip validation for Dependabot-created pull requests and to explicitly remove default token permissions from the all-checks-passed job.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Configuration .github/workflows/validate_pr_title.yml	Added conditional if: github.actor != 'dependabot[bot]' to skip PR title validation for Dependabot PRs; added explicit permissions: {} to the all-checks-passed job to remove default token permissions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A workflow refined with conditions so wise,
Dependabot PRs skip validation—what a prize!
Permissions are pruned with precision and care,
Security strengthened beyond compare! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: exempting Dependabot PRs from PR title validation in the CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v9999.99.9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/validate_pr_title.yml:
- Around line 44-45: Replace the Dependabot exemption condition that uses the
workflow trigger actor with the PR author login: update the `if: github.actor !=
'dependabot[bot]'` expression to check `github.event.pull_request.user.login`
instead so the exemption reliably detects Dependabot-created PRs (use the PR
author identity rather than the workflow `github.actor`).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9e667f06-f269-432d-88d1-8a768ccbb938

📥 Commits

Reviewing files that changed from the base of the PR and between 63f2fba and e9cf248.

📒 Files selected for processing (1)

• .github/workflows/validate_pr_title.yml