Skip to content

feat: add code-quality ruleset (compliance fix)#86

Merged
don-petry merged 33 commits into
mainfrom
claude/issue-60-20260508-1414
May 14, 2026
Merged

feat: add code-quality ruleset (compliance fix)#86
don-petry merged 33 commits into
mainfrom
claude/issue-60-20260508-1414

Conversation

@don-petry

Copy link
Copy Markdown
Collaborator

Summary

  • Creates the required code-quality repository ruleset enforcing required status checks on main
  • Ruleset was applied directly via GitHub API (already active)
  • This commit adds the configuration as code in .github/rulesets/code-quality.json for auditability

Required checks configured

Check Purpose
SonarCloud Code quality analysis
CodeQL SAST (static analysis security testing)
agent-shield / AgentShield Agent security scan
dependency-audit / Detect ecosystems Dependency vulnerability scan

Bypass actors

Actor Mode Reason
OrganizationAdmin always Emergency admin override
dependabot-automerge-petry (Integration, id: 3167543) always Dependabot auto-merge support

Standard reference

standards/github-settings.md#code-quality--required-checks-ruleset-all-repositories

Closes #60

Generated with Claude Code

Creates the required `code-quality` repository ruleset enforcing required
status checks on the default branch, as mandated by the org standard:
standards/github-settings.md#code-quality--required-checks-ruleset-all-repositories

Required checks:
- SonarCloud (code quality analysis)
- CodeQL (SAST)
- agent-shield / AgentShield (agent security scan)
- dependency-audit / Detect ecosystems (dependency vulnerability scan)

Bypass actors:
- OrganizationAdmin (always) — emergency override
- dependabot-automerge-petry Integration (always) — Dependabot auto-merge

The ruleset was applied directly via GitHub API. This file documents the
configuration as code for auditability and future reapplication.

Closes #60

Co-authored-by: Don Petry <don-petry@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 8, 2026 14:22
@coderabbitai

coderabbitai Bot commented May 8, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@don-petry has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 58 minutes and 39 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4310a0c6-502e-496a-ba39-6e382888b714

📥 Commits

Reviewing files that changed from the base of the PR and between b3c2550 and 18bd5d9.

📒 Files selected for processing (1)
  • .github/rulesets/code-quality.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/issue-60-20260508-1414

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@don-petry

Copy link
Copy Markdown
Collaborator Author

@petry-projects/org-leads — this PR adds the missing code-quality repository ruleset (compliance fix for issue #60). The ruleset is already active. Please review and merge.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an auditable, version-controlled representation of the repository’s required “code-quality” ruleset so the compliance-mandated status-check requirements for main are captured in-repo.

Changes:

  • Added .github/rulesets/code-quality.json defining an active code-quality ruleset targeting the default branch.
  • Configured required status checks: SonarCloud, CodeQL, agent-shield / AgentShield, and dependency-audit / Detect ecosystems.
  • Added bypass actors for OrganizationAdmin and the Dependabot auto-merge integration (id 3167543).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@don-petry don-petry closed this May 11, 2026
auto-merge was automatically disabled May 11, 2026 21:38

Pull request was closed

@don-petry don-petry reopened this May 11, 2026
@don-petry don-petry closed this May 12, 2026
@don-petry don-petry reopened this May 12, 2026
@don-petry don-petry enabled auto-merge (squash) May 12, 2026 01:43

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: d85bc693479d2dd5ee6b6e7b80a378e6251aabc5
Review mode: triage-approved (single reviewer)

Summary

This PR adds a single new file, .github/rulesets/code-quality.json (37 additions, 0 deletions), capturing the already-active code-quality repository ruleset as configuration-as-code. The ruleset enforces required status checks on the default branch and defines two bypass actors. Triage classified this as low-risk and a brief confirmation review concurs.

Linked issue analysis

Closes #60Compliance: missing-code-quality (severity: error, category: rulesets). The issue requires the repository to have a code-quality ruleset enforcing required status checks per standards/github-settings.md#code-quality--required-checks-ruleset-all-repositories. The committed JSON satisfies the standard:

  • enforcement: active
  • target: branch with ref_name.include: ["~DEFAULT_BRANCH"]
  • All four required checks present: SonarCloud, CodeQL, agent-shield / AgentShield, dependency-audit / Detect ecosystems
  • strict_required_status_checks_policy: true (branches must be up to date)
  • Bypass actors limited to OrganizationAdmin (emergency) and the Dependabot auto-merge integration (id 3167543) — both documented and reasonable

Findings

None. The change is a pure additive JSON config snapshot for auditability; it ships no code, no workflow changes, and does not weaken any existing control. The bypass set is conservative and matches stated intent. Structure conforms to the GitHub Rulesets API shape (name, target, enforcement, bypass_actors, conditions, rules).

CI status

  • CodeQL: SUCCESS
  • Analyze (actions): SUCCESS
  • CodeRabbit: SUCCESS
  • SonarCloud quality gate: PASSED (0 new issues, 0 hotspots, per posted comment)

The Copilot review is a COMMENTED overview, not a change request. Merge is BLOCKED only because branch protection requires an approving review, which this approval satisfies.


Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Compliance: missing-code-quality

3 participants