Skip to content

fix(seed-repo-template): correct dependabot path/default + close test gap (#966)#995

Merged
don-petry merged 2 commits into
mainfrom
fix/seed-repo-template-paths-966
Jun 30, 2026
Merged

fix(seed-repo-template): correct dependabot path/default + close test gap (#966)#995
don-petry merged 2 commits into
mainfrom
fix/seed-repo-template-paths-966

Conversation

@don-petry

Copy link
Copy Markdown
Collaborator

What

Makes scripts/seed-repo-template.sh (epic #964, story #966) actually runnable. It currently cannot populate repo-template — a live run 404s and aborts. Two path defects, both hidden because the bats tests mock the standards fetch (false green):

  1. Inline workflows missing upstreamci/sonarcloud are kind=inline, fetched from standards/workflows/, but those canonical files never existed there. Added in the companion chore(standards): add canonical ci.yml + sonarcloud.yml inline workflow templates (#966) .github#564.
  2. Wrong Dependabot path + default (fixed here) — the seeder fetched standards/dependabot/<stack>/dependabot.yml (a non-existent subdirectory layout) with default stack node (not a real stack). The real layout is flat: standards/dependabot/<stack>.yml.

Changes

  • Dependabot fetch path → standards/dependabot/<stack>.yml; error message includes the repo.
  • Default DEPENDABOT_STACK nodefrontend; fix the env doc and the generated BOOTSTRAP.md (which named non-existent node/go stacks and a <stack>/ subdir) to list the real stacks.
  • Tests — move fixtures to the flat layout; add fail-loud regression guards (a missing inline workflow standard or a missing dependabot stack file must exit non-zero, never ship an empty file); add sonarcloud inline-emit coverage; add a network-free gh stub so fail-loud tests don't pass/fail on live repo state.

No seeder logic change for kind=inline was needed — _emit_workflow already ships inline workflows verbatim (no repin); the defect was purely the missing files + wrong dependabot path.

Validation

End-to-end against a mirror of the live standards/ + the two new files (from #564):

  • all 10 workflow stubs + 10 baseline files emit with zero fetch errors;
  • inline ci/sonarcloud ship byte-identically; caller stubs repin to @<name>/stable (S7637 NOSONAR markers preserved);
  • shellcheck clean; 26/26 bats pass.

Merge order: #564 (canonical files) should land first so a live seed succeeds; this PR is independently green (tests use fixtures).

Refs #966, epic #964.

…se test gap (#966)

The #966 seeder could not run live. Two path defects, both hidden because the
bats tests mocked the standards fetch:

1. ci.yml / sonarcloud.yml are declared kind=inline and fetched from
   standards/workflows/, but those canonical files never existed there (added in
   petry-projects/.github#564).
2. The dependabot baseline fetched standards/dependabot/<stack>/dependabot.yml —
   a subdirectory layout that does not exist — with a default stack of `node`,
   which is not a real stack. The real layout is flat: standards/dependabot/<stack>.yml.

Changes:
- Fix the dependabot fetch path to standards/dependabot/<stack>.yml.
- Default DEPENDABOT_STACK node -> frontend (a real stack); fix the env doc and the
  generated BOOTSTRAP.md, which named non-existent `node`/`go` stacks and a <stack>/ subdir.
- Tests: move fixtures to the flat layout; add fail-loud regression guards so a missing
  inline workflow standard (the ci/sonarcloud class) or a missing dependabot stack file
  exits non-zero instead of shipping an empty file; add sonarcloud inline-emit coverage;
  add a network-free gh stub so fail-loud tests don't depend on live repo state.

Validated end-to-end against a mirror of the live standards/ plus the two new files:
all 10 workflow stubs + 10 baseline files emit with zero fetch errors; inline files
ship byte-identically; callers repin to @<name>/stable. shellcheck clean; 26/26 bats.

Companion to petry-projects/.github#564. Refs #966, epic #964.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@don-petry don-petry requested a review from a team as a code owner June 30, 2026 22:03
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry don-petry enabled auto-merge (squash) June 30, 2026 22:04
@donpetry-bot

Copy link
Copy Markdown
Contributor

Advisory bots were rate-limited; auto-approval is withheld until they recover. pr-review-sweep will re-review this PR after 2026-06-30T23:05:22Z.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the dependabot stack configuration structure in scripts/seed-repo-template.sh to use flat .yml files instead of subdirectories, changing the default stack from node to frontend. It also updates the test suite in tests/test_seed_repo_template.bats to reflect these changes and adds new tests to ensure the script fails loudly when expected workflow or dependabot files are missing. The review feedback suggests using a more readable and idiomatic here-doc in Bash/BATS instead of a single-line printf statement when creating multi-line test fixtures.

Comment thread tests/test_seed_repo_template.bats Outdated
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@don-petry, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 49 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2d64c5a0-ab14-4707-83ea-9a29f3987c35

📥 Commits

Reviewing files that changed from the base of the PR and between d3099c1 and f86befa.

📒 Files selected for processing (2)
  • scripts/seed-repo-template.sh
  • tests/test_seed_repo_template.bats
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/seed-repo-template-paths-966

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@don-petry don-petry disabled auto-merge June 30, 2026 22:06
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 30, 2026
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-reviews (applied)

Changes committed and pushed.

@sonarqubecloud

Copy link
Copy Markdown

@don-petry don-petry disabled auto-merge June 30, 2026 22:10
@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning
Issues addressed: 0
Files changed: none
Skipped (informational): 0
Summary: Quality Gate passed with 0 new issues. No actionable changes required.
```

@donpetry-bot

Copy link
Copy Markdown
Contributor

Advisory bots were rate-limited; auto-approval is withheld until they recover. pr-review-sweep will re-review this PR after 2026-06-30T23:10:58Z.

@don-petry don-petry enabled auto-merge (squash) June 30, 2026 22:11
@don-petry don-petry disabled auto-merge June 30, 2026 22:26
@don-petry

Copy link
Copy Markdown
Collaborator Author

@donpetry-bot the prior review was rate-limited (sha f86befa). All required CI is green (26/26 bats, shellcheck, lint, template-drift), threads resolved; the dev-lead dispatch/ci-relay jobs hit a transient 0s failure and are being re-run. Please re-review for the approving review.

@donpetry-bot

Copy link
Copy Markdown
Contributor

@don-petry I'm on it — starting a fresh review now. Results will appear in a few minutes.

@don-petry

Copy link
Copy Markdown
Collaborator Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry don-petry enabled auto-merge (squash) June 30, 2026 22:27

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: f86befa33cffada966bfe7c47f346d4b354a206d
Review mode: triage-approved (single reviewer)

Summary

Two-file bug fix making scripts/seed-repo-template.sh runnable: corrects the Dependabot standards path from the non-existent nested layout (standards/dependabot//dependabot.yml) to the canonical flat layout (standards/dependabot/.yml), changes the default stack from the non-existent 'node' to the real 'frontend', updates env docs and the generated BOOTSTRAP.md stack list, and adds bats coverage including fail-loud regression guards plus a network-free gh stub. No seeder logic change. Confirms the triage low-risk assessment.

Linked issue analysis

PR references story #966 and epic #964 (no formal closing reference; closingIssuesReferences is empty, which is expected here). The change substantively addresses the described defect: the seeder could not populate repo-template because the Dependabot fetch path and default stack pointed at paths that never existed. The new flat-path fetch and the 'frontend' default match the real standards/ layout, and the added tests assert exactly this. Companion canonical files land in petry-projects/.github#564 (noted merge-order dependency); this PR is independently green via fixtures.

Findings

No blocking issues. (1) Security: shell-only change; DEPENDABOT_STACK is an operator-supplied env var used to build a standards path, not untrusted external input — no injection or traversal concern. No auth/secret/crypto/migration surface. (2) Correctness: path fix and default-stack change are coherent with the doc and test updates; error message now includes the standards repo for better diagnostics. (3) Tests: adds fail-loud guards (missing inline workflow standard or missing dependabot stack file must exit non-zero) and a gh stub returning empty so fail-loud tests don't pass/fail on live repo state — good defense against the original false-green. Secret-scan MCP tool (run_secret_scanning) not available in this environment; relied on the gitleaks CI check, which passed.

CI status

All required checks green: shellcheck/ShellCheck, bats/unit-tests, CodeQL (actions+python), SonarCloud (Quality Gate passed, 0 new issues), Secret scan (gitleaks), agent-shield, Agent Security Scan, validate-agent-profiles, template-drift, holdout-guard, CodeRabbit. Skipped checks are audit/relay jobs not applicable to this diff. mergeStateStatus is BLOCKED only on REVIEW_REQUIRED (pending this approval), mergeable=MERGEABLE.


Reviewed automatically by the PR-review agent (single-reviewer mode: fable 5). Reply if you need a human review.

@don-petry don-petry merged commit c04541e into main Jun 30, 2026
31 of 33 checks passed
@don-petry don-petry deleted the fix/seed-repo-template-paths-966 branch June 30, 2026 22:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants