feat: implement issue #327 — Compliance: non-stub-dependabot-rebase.yml

[don-petry]

Closes #327

Implemented by dev-lead agent. Please review.

[coderabbitai]

Warning

Review limit reached

@github-actions[bot], we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 58 minutes and 43 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1f715e23-739e-46bd-a94b-05a4b941e648

📥 Commits

Reviewing files that changed from the base of the PR and between b6c4f09 and deb6cab.

📒 Files selected for processing (3)

• .github/workflows/ci-failure-analyst.yml
• .github/workflows/dependabot-rebase.yml
• .gitignore

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev-lead/issue-327-20260526-1717

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request adds a duplicate .dev-lead/ entry to the .gitignore file. The reviewer correctly pointed out that this entry is already present on line 12, making the addition redundant.

[gemini-code-assist]

The entry .dev-lead/ is already present in this file (e.g., on line 8 and line 12). Adding it again is redundant.

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Implements compliance remediation for issue #327 by updating the dependabot-rebase.yml workflow to delegate to the org reusable workflow pinned at @v1.

Changes:

• Update .github/workflows/dependabot-rebase.yml to use petry-projects/.github/.../dependabot-rebase-reusable.yml@v1.
• Modify .gitignore (currently adds an extra duplicate .dev-lead/ entry).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
.gitignore	Adds another .dev-lead/ ignore entry (currently results in duplicates).
.github/workflows/dependabot-rebase.yml	Pins the reusable workflow reference to @v1 for compliance.