Add Dependabot gate to auto-close dependency bumps ahead of Home Assistant

[Copilot]

Dependabot PRs can propose dependency versions newer than what Home Assistant currently pins, creating churn and incompatible update noise. This change adds an automated gate to close those PRs when the proposed version is ahead of HA’s current requirement.

• Workflow entrypoint and safety scope

  • Adds .github/workflows/close_dependabot_pr_if_ha_older.yml.
  • Runs on pull_request_target events and only executes for dependabot[bot].

• Version extraction and comparison logic

  • Parses Dependabot PR titles (Bump <dep> from <old> to <new>) using robust delimiter logic.
  • Fetches home-assistant/core dev/requirements_all.txt.
  • Normalizes dependency names (-, _, .) before matching and compares versions via packaging.version.Version.

• Automated PR action

  • If HA’s pinned version is older than the PR target version, posts a reasoned comment and closes the PR.
  • Falls back safely (no close) for parse failures, missing pins, invalid versions, or fetch errors.

if: steps.compare.outputs.should_close == 'true'
uses: actions/github-script@v8
with:
  script: |
    await github.rest.issues.createComment({ ... });
    await github.rest.pulls.update({ state: "closed", ... });

[Copilot]

Pull request overview

Adds a GitHub Actions workflow to automatically close Dependabot dependency-bump PRs when the proposed dependency version is newer than the version pinned by Home Assistant, reducing upgrade churn and keeping this project aligned with HA’s dependency constraints.

Changes:

• Introduces a pull_request_target workflow that runs only for Dependabot PRs.
• Parses Dependabot PR titles to extract dependency name and target version, then fetches HA’s requirements_all.txt to compare pinned versions.
• If HA’s pinned version is older than the Dependabot target, comments with the reason and closes the PR.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.