Skip to content

ci: remove stray codeql.yml workflow#137

Closed
don-petry wants to merge 31 commits into
mainfrom
claude/issue-110-20260418-1847
Closed

ci: remove stray codeql.yml workflow#137
don-petry wants to merge 31 commits into
mainfrom
claude/issue-110-20260418-1847

Conversation

@don-petry

Copy link
Copy Markdown
Contributor

Summary

  • Deletes .github/workflows/codeql.yml which runs a duplicate CodeQL analysis alongside the org-managed GitHub-managed CodeQL default setup
  • The workflow only scanned the actions ecosystem with no custom query packs, special build modes, or path filters — no exception applies
  • Brings the repo into compliance with ci-standards.md#2

Closes #110

Generated with Claude Code

Copilot AI review requested due to automatic review settings April 18, 2026 18:48
@coderabbitai

coderabbitai Bot commented Apr 18, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@don-petry, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 58 minutes and 25 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a6a9bd89-bdab-4296-9694-c57c0db5198d

📥 Commits

Reviewing files that changed from the base of the PR and between 61aa4ee and c3e5e0c.

📒 Files selected for processing (1)
  • .gitignore
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/issue-110-20260418-1847

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@don-petry

Copy link
Copy Markdown
Contributor Author

@don-petry — you're the CODEOWNERS owner for /.github/. This PR deletes the stray codeql.yml workflow to resolve the compliance finding in #110. Please review and merge when ready.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Removes the repository-local CodeQL workflow so the repo relies solely on the org-managed GitHub CodeQL default setup, eliminating duplicate scanning and aligning with the documented CI standard (closes #110).

Changes:

  • Deleted .github/workflows/codeql.yml that ran a duplicate CodeQL analysis.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions

Copy link
Copy Markdown
Contributor

Auto-rebase failed — merge conflict — this branch has conflicts with main that must be resolved manually.

Please resolve the conflicts and push:

git fetch origin
git merge origin/main
# resolve conflicts, then:
git add .
git commit
git push

Org standard now uses GitHub-managed CodeQL default setup. The per-repo
codeql.yml causes duplicate analysis and is classified as drift per
ci-standards.md#2.

The file only scans the `actions` ecosystem with no custom query packs,
special build modes, or path filters — no documented exception applies.

Closes #110

Co-authored-by: don-petry <don-petry@users.noreply.github.com>
@don-petry don-petry force-pushed the claude/issue-110-20260418-1847 branch from 1cbbd1f to ad592b8 Compare May 13, 2026 17:06
@don-petry don-petry requested a review from a team as a code owner May 13, 2026 17:06
@sonarqubecloud

Copy link
Copy Markdown

@donpetry-bot

Copy link
Copy Markdown
Contributor

Review — fix requested (cycle 1/3)

The automated review identified the following issues. Please address each one:

Findings to fix

Automated review — NEEDS HUMAN REVIEW

Risk: MEDIUM
Reviewed commit: db73c634e01a8a24ff988bbd3ab02eea73fd6860
Cascade: triage → deep (triage: haiku 4.5 → deep: sonnet 4.6 + duck: o4-mini → audit: opus 4.7)

Summary

This PR deletes .github/workflows/codeql.yml for org-standards compliance (ci-standards.md#2), but the file has already been removed from main — the PR is a complete no-op with zero net diff. All CI checks pass (CodeQL, SonarQube, CodeRabbit), and there are no conflicts, but mergeStateStatus is BLOCKED because the required org-leads team review has not been completed. A human must decide whether to close this PR as 'already done' or merge it as a ceremony.

Findings

  • MAJOR: PR is a complete no-op: .github/workflows/codeql.yml is already absent from main (HTTP 404), and the PR branch tree SHA matches main exactly (11583d374dd0082699bcd22b5043610483845c52). Three automated merge-from-main commits (2026-05-13, 2026-05-15, 2026-05-16) incorporated the file's prior removal from main, leaving zero net diff. Merging this PR changes nothing on main.
  • MAJOR: reviewDecision=REVIEW_REQUIRED: the petry-projects/org-leads team has been requested but has not approved. mergeStateStatus=BLOCKED. GitHub branch protection requires this review before merge. Only a human reviewer or org-leads approval can unblock.
  • MINOR: An auto-rebase-conflict bot comment from 2026-04-21 referenced unresolvable merge conflicts. These were subsequently resolved via three automated merge-from-main commits; mergeable=MERGEABLE confirms no current conflicts.
  • INFO: All CI checks pass: CodeQL (actions, go, javascript-typescript) SUCCESS, SonarQube Cloud Quality Gate passed (0 new issues, 0 security hotspots), CodeRabbit SUCCESS.
  • INFO: PR intent is correct and aligns with ci-standards.md#2 (GitHub-managed CodeQL default setup). Issue Compliance: stray-codeql-workflow #110 is properly linked. Compliance is effectively achieved regardless of PR merge status since the file is already gone from main.

Reviewed by the PR-review cascade (triage: haiku 4.5 → deep: sonnet 4.6 + duck: o4-mini → audit: opus 4.7). Reply if you need a human review.

Additional tasks

  1. Resolve all unresolved review thread comments from other reviewers
  2. Ensure all CI checks pass after your changes
  3. Rebase on the target branch if behind
  4. Do NOT modify files unrelated to the findings above

The review cascade will automatically re-review after new commits are pushed.

@don-petry

Copy link
Copy Markdown
Contributor Author

@dev-lead - please fix this PR

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-bot-comment (applied)

Changes committed and pushed.

@sonarqubecloud

sonarqubecloud Bot commented Jun 1, 2026

Copy link
Copy Markdown

@don-petry

Copy link
Copy Markdown
Contributor Author

Closing due to merge conflict that cannot be auto-rebased. Re-implementing from fresh main via dev-lead.

@don-petry don-petry closed this Jun 2, 2026
auto-merge was automatically disabled June 2, 2026 12:25

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Compliance: stray-codeql-workflow

3 participants