Skip to content

chore: re-sync initiative stubs to S7635 inline marker (post .github#567)#332

Merged
don-petry merged 1 commit into
mainfrom
chore/initiative-stubs-s7635-marker-resync
Jul 1, 2026
Merged

chore: re-sync initiative stubs to S7635 inline marker (post .github#567)#332
don-petry merged 1 commit into
mainfrom
chore/initiative-stubs-s7635-marker-resync

Conversation

@don-petry

Copy link
Copy Markdown
Contributor

Re-syncs the initiative-planner.yml and idea-triage.yml caller stubs to the updated canonical templates from petry-projects/.github#567 (merged), which moved SonarCloud S7635 suppression to an inline # NOSONAR(githubactions:S7635) marker on the secrets: inherit line.

Why

The ring1 enrollment merged on the transitional per-file S7635 multicriteria. Now that #567 added the inline marker to the templates, these stubs would show as Fleet Monitor stub-drift until they carry it too. This adds the marker so each stub is byte-exact to the template again (modulo the sanctioned @…/ring1 channel ref).

Change

  • secrets: inheritsecrets: inherit # NOSONAR(githubactions:S7635) first-party trusted reusable on both stubs.
  • Verified byte-identical to the merged template (ring1-adjusted).

The per-file S7635/S7637 multicriteria added at enrollment is now redundant (the inline markers cover both) but left in place for a minimal diff — belt-and-suspenders, matching the repo's other channel-pinned stubs.

Refs petry-projects/.github#567, petry-projects/.github-private#978, petry-projects/.github#515.

🤖 Generated with Claude Code

…riage stubs

Re-sync to the updated canonical templates (petry-projects/.github#567), which
moved S7635 suppression to an inline `# NOSONAR(githubactions:S7635)` marker on
the `secrets: inherit` line (travels with the verbatim stub). Prevents Fleet
Monitor stub-drift once #567 is on main. The per-file S7635 multicriteria added
at enrollment is now redundant (marker covers it) but left in place for a
minimal diff — belt-and-suspenders, same as the repo's other channel-pinned stubs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RsWQeSJjrno6qo2DvgB63H
Copilot AI review requested due to automatic review settings July 1, 2026 16:51
@don-petry don-petry requested a review from a team as a code owner July 1, 2026 16:52
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@don-petry, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 34 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1c2a5576-793f-4517-922f-b385dbc6c73e

📥 Commits

Reviewing files that changed from the base of the PR and between 7f7c73b and 39972c5.

📒 Files selected for processing (2)
  • .github/workflows/idea-triage.yml
  • .github/workflows/initiative-planner.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/initiative-stubs-s7635-marker-resync

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

@don-petry don-petry enabled auto-merge (squash) July 1, 2026 16:52
@donpetry-bot

Copy link
Copy Markdown
Contributor

Advisory bots were rate-limited; auto-approval is withheld until they recover. pr-review-sweep will re-review this PR after 2026-07-01T17:53:02Z.

@don-petry don-petry disabled auto-merge July 1, 2026 16:53
@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning
Issues addressed: 0
- No actionable issues found. Quality gate passed with zero violations.
Files changed: .github/workflows/idea-triage.yml, .github/workflows/initiative-planner.yml
Skipped: N/A
Status: PR ready — no fixes required
```
The PR is healthy with no issues requiring remediation. All CI checks pass and the SonarCloud quality gate passed. The 0.0% coverage on new code is expected since the changes consist only of adding comments to YAML workflow files.

@don-petry don-petry enabled auto-merge (squash) July 1, 2026 16:53

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR re-syncs the repository’s GitHub Actions caller stub workflows with the updated canonical templates by moving SonarCloud rule S7635 suppression onto an inline marker on the secrets: inherit line, eliminating stub-drift against the upstream templates (while keeping the channel-pinned @…/ring1 ref).

Changes:

  • Updated .github/workflows/initiative-planner.yml to add # NOSONAR(githubactions:S7635) inline on secrets: inherit.
  • Updated .github/workflows/idea-triage.yml to add # NOSONAR(githubactions:S7635) inline on secrets: inherit.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/initiative-planner.yml Adds inline NOSONAR(githubactions:S7635) marker to secrets: inherit to match upstream reusable-workflow caller stub template.
.github/workflows/idea-triage.yml Adds inline NOSONAR(githubactions:S7635) marker to secrets: inherit to match upstream reusable-workflow caller stub template.

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 39972c55809b9cc6c540d9527566decc15dbb690
Review mode: triage-approved (single reviewer)

Summary

Re-syncs two thin caller stubs (idea-triage.yml, initiative-planner.yml) to the merged canonical templates by adding an inline '# NOSONAR(githubactions:S7635) first-party trusted reusable' marker to the existing 'secrets: inherit' line on each. Net change is +2/-2 across 2 files; no logic, permissions, or workflow behavior changes. The 'secrets: inherit' and the ring1 channel refs are pre-existing; only suppression comments are added to eliminate Fleet Monitor stub-drift against templates from petry-projects/.github#567.

Linked issue analysis

No linked closing issues. PR references petry-projects/.github#567 (merged template change that moved S7635 suppression inline), #515, and .github-private#978 as context. The change is a documented follow-up to keep stubs byte-exact to their canonical templates — consistent with the stated intent.

Findings

No blocking findings. The added NOSONAR markers suppress SonarCloud S7635 on 'secrets: inherit', but the smell is pre-existing and the reusable workflows are first-party (petry-projects/.github, pinned to sanctioned ring1 channel refs). This aligns the stubs with the already-reviewed canonical templates rather than weakening a control. Advisory bots produced no substantive findings: SonarCloud Quality Gate passed (0 new issues); Codex/Gemini/CodeRabbit were unavailable (usage limits / unsupported file types / rate limit). Secret scanning MCP tool not available in this run; gitleaks CI check passed. The PR notes the older per-file S7635/S7637 multicriteria is now redundant but intentionally left for a minimal diff — acceptable.

CI status

All required checks green. SUCCESS: AgentShield, Secret scan (gitleaks), CodeQL, Analyze (actions), Analyze (python), SonarCloud (x2) + SonarCloud Code Analysis, CodeRabbit, review, pr-auto-review, dev-lead/dispatch, dependency-audit/detect, add-to-project. Remaining checks SKIPPED (not applicable). No failures. mergeStateStatus=BLOCKED only due to REVIEW_REQUIRED (awaiting this approval); mergeable=MERGEABLE.


Reviewed automatically by the PR-review agent (single-reviewer mode: fable 5). Reply if you need a human review.

@don-petry don-petry merged commit 4ff4176 into main Jul 1, 2026
25 checks passed
@don-petry don-petry deleted the chore/initiative-stubs-s7635-marker-resync branch July 1, 2026 16:55

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 39972c55809b9cc6c540d9527566decc15dbb690
Review mode: triage-approved (single reviewer)

Summary

Comment-only re-sync of two GitHub Actions caller stubs. Adds an inline # NOSONAR(githubactions:S7635) first-party trusted reusable marker to the existing secrets: inherit line in idea-triage.yml and initiative-planner.yml, restoring byte-exactness with the canonical upstream templates after petry-projects/.github#567 moved the S7635 suppression inline. No workflow behavior changes.

Linked issue analysis

No linked closing issue — this is a maintenance/template-sync PR referencing merged upstream work (petry-projects/.github#567, .github-private#978, .github#515). No issue to substantively address; scope is self-contained and matches the stated intent.

Findings

No issues found. The diff is limited to two identical single-line changes appending a NOSONAR suppression comment; secrets: inherit itself is unchanged and no new secrets, permissions, or logic are introduced. The change is consistent with the repo's other channel-pinned stubs and with AGENTS.md thin-caller-stub constraints. Secret-scanning MCP tool was not available in this environment; not applicable given the comment-only diff. Copilot review returned no comments; SonarCloud Quality Gate passed with 0 new issues.

CI status

All checks green — no failures. Notable successes: SonarCloud (Quality Gate passed), CodeQL, Analyze (actions/python), agent-shield/AgentShield, Secret scan (gitleaks), review/review. Remaining entries are SKIPPED (inapplicable ecosystems). reviewDecision is already APPROVED.


Reviewed automatically by the PR-review agent (single-reviewer mode: fable 5). Reply if you need a human review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants