feat: implement issue #260 — Compliance: check-suite-auto-trigger-347564#277
feat: implement issue #260 — Compliance: check-suite-auto-trigger-347564#277don-petry wants to merge 4 commits into
Conversation
|
Warning Review limit reached
More reviews will be available in 59 minutes and 55 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Implements remediation for issue #260 by adding automation to re-apply organization-standard GitHub repository settings that disable problematic check-suite auto-triggers which can permanently block auto-merge.
Changes:
- Add a scheduled + on-push GitHub Actions workflow to run
scripts/apply-repo-settings.shagainst this repo. - Update
.gitignoreto ignore.dev-lead/(though it introduces additional duplicate entries).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.gitignore |
Adds another .dev-lead/ ignore entry (currently duplicative). |
.github/workflows/apply-repo-settings.yml |
New workflow to periodically apply standard repo settings to prevent check-suite auto-trigger drift. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Dev-Lead — fix-bot-comment (applied)Changes committed and pushed. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9488ccd911
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - name: Apply check-suite preferences | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_ADMIN_PAT }} | ||
| run: bash scripts/apply-repo-settings.sh broodly |
There was a problem hiding this comment.
Fix check-suite preferences endpoint before scheduling
This scheduled/manual job will fail whenever it invokes the existing script because scripts/apply-repo-settings.sh patches repos/$ORG/$REPO/check-suite/preferences, while GitHub documents the request as PATCH /repos/{owner}/{repo}/check-suites/preferences (plural check-suites). Since this new workflow is the automatic path for applying the compliance setting, each push/schedule/dispatch run reaches that bad API path before applying the repository preference; update the script endpoint before wiring it into the workflow.
Useful? React with 👍 / 👎.
| # Required secret: GH_ADMIN_PAT — fine-grained PAT with the repository | ||
| # "Administration" permission (read and write) set at the repo or org level. |
There was a problem hiding this comment.
Require Checks write on the admin token
If GH_ADMIN_PAT is provisioned exactly as documented here, this workflow still cannot update check-suite preferences: GitHub's docs for Update repository preferences for check suites require a fine-grained token with Checks repository permission set to write (in addition to repository admin access), not just the Administration permission. Please include Checks: read and write in the required secret setup so the scheduled/manual run does not fail with a permissions error.
Useful? React with 👍 / 👎.
|
|
Closing due to merge conflict that cannot be auto-rebased. Re-implementing from fresh main via dev-lead. |
Pull request was closed



Closes #260
Implemented by dev-lead agent. Please review.