Updated code has expected behavior on:
https://github.com/MiraGeoscience/GMS/pull/970

Summary of changes to reusable-jira-pr_actions.yml

• Skip branch extraction for Dependabot branches — branches like dependabot/... contain patterns that falsely match the Jira key regex (e.g. TOOLS-8978044). Branch extraction is now skipped for these.
• Fail get_issue_key when no Jira key is found — previously the workflow silently passed. Now it fails with a clear error unless the PR is from an expected bot (Dependabot bump or pre-commit-ci config update).
• check_jira_issue and add_jira_summary skip when get_issue_key fails — avoids running downstream jobs unnecessarily.
• add_jira_summary now runs when a human pushes to a bot-created PR — with idempotency so it only runs once even on subsequent commits.
• Replaced github.actor with github.event.sender — functionally identical for pull_request events but uses the event payload instead of runtime context, resolving the zizmor bot-conditions security warning.

Testing

Tested manually via commits pointing to tag v3.4.3-alpha.1:

• No Jira key in title — get_issue_key fails with a clear error, check_jira_issue and add_jira_summary are skipped as expected.
• Jira key added to title + empty commit — workflow passes, check_jira_issue validates the issue correctly.
• Branch named after Jira issue (e.g. DEVOPS-1060) — key extracted from branch, title auto-updated, summary added on first commit, correctly skipped on subsequent commits (idempotency confirmed).
• add_jira_summary on human commit to Dependabot PR — summary generated correctly when a Jira key is present in the title.

Not tested:

• Pure Dependabot-authored PRs (no human commits) — cannot be tested without Dependabot pointing to the test tag, which requires a human commit to update the reference.
• pre-commit-ci bot — cannot be simulated manually as github.event.sender.login would be the tester's username, not pre-commit-ci[bot].