Skip to content

feat: implement issue #280 — [Fleet Monitor] petry-projects/broodly — pr-review-mention.yml#281

Closed
don-petry wants to merge 3 commits into
mainfrom
dev-lead/issue-280-20260527-1010
Closed

feat: implement issue #280 — [Fleet Monitor] petry-projects/broodly — pr-review-mention.yml#281
don-petry wants to merge 3 commits into
mainfrom
dev-lead/issue-280-20260527-1010

Conversation

@don-petry

@don-petry don-petry commented May 27, 2026

Copy link
Copy Markdown
Contributor

Closes #280

Implemented by dev-lead agent. Please review.

Summary by CodeRabbit

  • Chores
    • Enhanced CI/CD workflow security by restricting execution permissions for trusted contributors only.
    • Updated project configuration to exclude additional development-related directories.

Review Change Stack

Copilot AI review requested due to automatic review settings May 27, 2026 10:16
@don-petry don-petry requested a review from a team as a code owner May 27, 2026 10:16
@coderabbitai

coderabbitai Bot commented May 27, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@don-petry, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 55 minutes and 19 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 98557f6f-349c-47a3-b1e6-9b97a4887a17

📥 Commits

Reviewing files that changed from the base of the PR and between 3ba6b34 and d723069.

📒 Files selected for processing (2)
  • .github/workflows/pr-review-mention.yml
  • .gitignore
📝 Walkthrough

Walkthrough

This PR adds a security guard to the PR review mention workflow that prevents untrusted actors from triggering automation, and extends gitignore to exclude a development lead directory from version control.

Changes

Infrastructure Configuration Updates

Layer / File(s) Summary
PR review workflow access control
.github/workflows/pr-review-mention.yml
Job conditional restricts the pr-review-mention workflow to pull_request events and requires the commenter to be an OWNER, MEMBER, or COLLABORATOR to prevent unintended dispatches from external actors.
Development lead directory exclusion
.gitignore
Added .dev-lead/ pattern to ignore files and directories matching that path in version control.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~7 minutes

Possibly related issues

  • #280: The workflow guard added in this PR directly addresses the failing pr-review-mention.yml workflow flagged by the Fleet Monitor alert (11.3% failure rate), implementing access control to restrict execution to trusted actors only.
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning The .gitignore change (.dev-lead/ entry) appears unrelated to fixing the pr-review-mention workflow failure rate issue; it may be an out-of-scope addition. Remove the .gitignore change or clarify its necessity for issue #280 resolution; focus the PR on the workflow fix only.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main changes: adding an if-guard to the pr-review-mention.yml workflow to fix the failure rate issue reported in #280.
Linked Issues check ✅ Passed The PR implements a security guard for the pr-review-mention workflow to prevent unintended dispatches, directly addressing the 11.3% failure rate reported in issue #280.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dev-lead/issue-280-20260527-1010

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a duplicate entry for .dev-lead/ to the .gitignore file. The review feedback correctly points out that this directory is already ignored multiple times and suggests cleaning up these redundant entries.

Comment thread .gitignore Outdated
.dev-lead/
.dev-lead/
.dev-lead/
.dev-lead/

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

The .dev-lead/ directory is already ignored in this file multiple times. Adding another duplicate entry is redundant. Consider cleaning up the duplicate entries in this file.

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-reviews (applied)

Changes committed and pushed.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to reduce the failure rate of the pr-review-mention.yml workflow (Issue #280) by adding a job-level trust guard to avoid approval-gated runs when the triggering actor is untrusted.

Changes:

  • Added a job-level if: guard to only invoke the pr-review-mention reusable workflow for trusted actors on comment-based triggers.
  • Added an additional .dev-lead/ entry to .gitignore (duplicating an already-repeated ignore rule).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/pr-review-mention.yml Adds a trust-gating if: condition before calling the reusable workflow with secrets: inherit.
.gitignore Adds another .dev-lead/ ignore entry (increasing duplication).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/pr-review-mention.yml Outdated
# trigger GitHub's approval gate on `secrets: inherit`, producing action_required
# failures instead of clean skips. Mirrors the trust check inside the reusable.
if: |
github.event_name == 'pull_request' ||

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.gitignore (1)

65-70: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove duplicate .dev-lead/ entries.

The pattern .dev-lead/ appears 6 times consecutively. Gitignore only requires each pattern to be listed once.

🧹 Proposed fix to remove duplicates
-.dev-lead/
-.dev-lead/
-.dev-lead/
-.dev-lead/
-.dev-lead/
 .dev-lead/
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.gitignore around lines 65 - 70, The .gitignore contains six duplicate
entries of the pattern ".dev-lead/"; open the .gitignore file and remove the
extra lines so the pattern ".dev-lead/" appears only once, leaving a single
entry to ignore that directory (no other changes needed).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.gitignore:
- Around line 65-70: The .gitignore contains six duplicate entries of the
pattern ".dev-lead/"; open the .gitignore file and remove the extra lines so the
pattern ".dev-lead/" appears only once, leaving a single entry to ignore that
directory (no other changes needed).

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b6a18ea2-c01f-4448-8c7c-0c45473cff0d

📥 Commits

Reviewing files that changed from the base of the PR and between f054b7a and 3ba6b34.

📒 Files selected for processing (2)
  • .github/workflows/pr-review-mention.yml
  • .gitignore

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-reviews (applied)

Changes committed and pushed.

@sonarqubecloud

Copy link
Copy Markdown

@don-petry

Copy link
Copy Markdown
Contributor Author

Auto-rebase failed — merge conflict — this branch has conflicts with main that must be resolved.

dev-lead will attempt to resolve this automatically. If it cannot, a follow-up comment will explain what needs manual attention.

To resolve manually instead:

git fetch origin
git merge origin/main
# resolve conflicts, then:
git add .
git commit
git push

@don-petry

Copy link
Copy Markdown
Contributor Author

Auto-rebase failed — merge conflict — this branch has conflicts with main that must be resolved.

dev-lead will attempt to resolve this automatically. If it cannot, a follow-up comment will explain what needs manual attention.

To resolve manually instead:

git fetch origin
git merge origin/main
# resolve conflicts, then:
git add .
git commit
git push

@don-petry

Copy link
Copy Markdown
Contributor Author

Closing due to merge conflict that cannot be auto-rebased. Re-implementing from fresh main via dev-lead.

@don-petry don-petry closed this Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Fleet Monitor] petry-projects/broodly — pr-review-mention.yml

3 participants