diff --git a/.github/workflows/dependabot_changelog.yml b/.github/workflows/dependabot_changelog.yml
index 9294c87a16..b6a29a5722 100644
--- a/.github/workflows/dependabot_changelog.yml
+++ b/.github/workflows/dependabot_changelog.yml
@@ -10,9 +10,6 @@ permissions:
   #     https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
   # for a similar example
   contents: write
-  # We need `actions-write` in order to create a `workflow_dispatch` event. See
-  # https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event
-  actions: write
 
 jobs:
   add-changelog:
@@ -31,7 +28,7 @@ jobs:
           git commit -m "Changelog"
           git push
         shell: bash
-      # We have to explicitly start CI.
+      # The `git push` above does not trigger CI on the dependabot PR.
       #
       # By default, workflows can't trigger other workflows when they're just using the
       # default `GITHUB_TOKEN` access token. (This is intended to stop you from writing
@@ -40,16 +37,10 @@ jobs:
       # make your changes (i.e. the `git push` above) using a personal access token.
       # See
       # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
-      - name: Trigger CI
-        # Note: we use $GITHUB_REF here to run PR against the merge of this change with
-        # develop; use github.event.pull_request.head.ref above to commit to the PR
-        # branch.
-        run: |
-          gh workflow run "tests.yml" --ref "${{ github.event.pull_request.head.ref }}"
-          gh workflow run "release-artifacts.yml" --ref "${{ github.event.pull_request.head.ref }}"
-        shell: bash
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #
+      # I have tried and failed to find a way to trigger CI on the "merge ref" of the PR.
+      # See git commit history for previous attempts. If anyone desperately wants to try
+      # again in the future, make a matrix-bot account and use its access token to git push.
 
-  # THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they
+  # THIS WORKFLOW HAS WRITE PERMISSIONS---do not add other jobs here unless they
   # are sufficiently locked down to dependabot only as above.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 0aa5894a10..94eb58b59d 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -60,7 +60,7 @@ jobs:
         run: scripts-dev/check_line_terminators.sh
 
   lint-newsfile:
-    if: ${{ github.base_ref == 'develop'  || contains(github.base_ref, 'release-') }}
+    if: ${{ (github.base_ref == 'develop'  || contains(github.base_ref, 'release-')) && github.actor != 'dependabot[bot]' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3