feat: implement issue #249 — Compliance: non-stub-auto-rebase.yml#269
feat: implement issue #249 — Compliance: non-stub-auto-rebase.yml#269don-petry wants to merge 4 commits into
Conversation
|
Warning Review limit reached
More reviews will be available in 59 minutes and 38 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
| .dev-lead/ | ||
| .dev-lead/ | ||
| .dev-lead/ | ||
| .dev-lead/ |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: de650de583
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| contents: write # update-branch via GITHUB_TOKEN (may touch .github/workflows/) | ||
| pull-requests: write # post comments on PRs | ||
| uses: petry-projects/.github/.github/workflows/auto-rebase-reusable.yml@376a4fcb1117444595e3e702fa450873d0e54310 # v2 | ||
| uses: petry-projects/.github/.github/workflows/auto-rebase-reusable.yml@v1 |
There was a problem hiding this comment.
Pin reusable workflow to immutable commit SHA
Replace the @v1 ref with a commit SHA here, because this workflow previously pinned to an exact reusable version and the file’s own contract (lines 9–10) says upgrades should bump the SHA. Using a moving tag makes behavior non-deterministic across runs and can silently change auto-rebase logic (or reintroduce old behavior versus the prior # v2 pin) without any change in this repository, which is a reliability and maintainability regression for CI.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Implements compliance remediation for issue #249 by updating the repo’s thin-caller auto-rebase workflow to pin the org reusable workflow to @v1 (org standard).
Changes:
- Pin
.github/workflows/auto-rebase.ymlreusable workflow reference topetry-projects/.github/...@v1. - Add an additional
.dev-lead/ignore entry in.gitignore(currently creating further duplication).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/auto-rebase.yml |
Updates the reusable workflow reference to @v1 for compliance. |
.gitignore |
Adds another .dev-lead/ ignore line (but the file already contains multiple duplicates). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| contents: write # update-branch via GITHUB_TOKEN (may touch .github/workflows/) | ||
| pull-requests: write # post comments on PRs | ||
| uses: petry-projects/.github/.github/workflows/auto-rebase-reusable.yml@376a4fcb1117444595e3e702fa450873d0e54310 # v2 | ||
| uses: petry-projects/.github/.github/workflows/auto-rebase-reusable.yml@v1 | ||
| secrets: inherit |
CI Failure: SonarCloud Code AnalysisStep: SonarCloud Code Analysis (Quality Gate) The PR changes Suggested fix: Revert the action reference back to the pinned SHA ( |
Dev-Lead — fix-bot-comment (applied)Changes committed and pushed. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f5ccb1d7a1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| contents: write # update-branch via GITHUB_TOKEN (may touch .github/workflows/) | ||
| pull-requests: write # post comments on PRs | ||
| uses: petry-projects/.github/.github/workflows/auto-rebase-reusable.yml@376a4fcb1117444595e3e702fa450873d0e54310 # v2 | ||
| uses: petry-projects/.github/.github/workflows/auto-rebase-reusable.yml@d3d768dabb7f28cc63283cdfe48630da53700e50 # v1 |
There was a problem hiding this comment.
Keep auto-rebase on the v2 reusable workflow
This is separate from the earlier pinning comment: the fresh evidence is that the ref is now SHA-pinned but its inline label is still # v1, while the parent commit called the # v2 SHA. On every push to main or manual dispatch, this caller now runs the older reusable workflow, undoing the repo's prior Dependabot major bump of auto-rebase from v1 to v2 and leaving any v2 fixes/behavior inactive for this workflow.
Useful? React with 👍 / 👎.
|
|
Closing due to merge conflict that cannot be auto-rebased. Re-implementing from fresh main via dev-lead. |
Pull request was closed



Closes #249
Implemented by dev-lead agent. Please review.