Skip to content

fix(dev-lead): pin to @dev-lead/stable channel + agent_ref (#557)#264

Merged
don-petry merged 1 commit into
mainfrom
chore/pin-dev-lead-stable
Jun 10, 2026
Merged

fix(dev-lead): pin to @dev-lead/stable channel + agent_ref (#557)#264
don-petry merged 1 commit into
mainfrom
chore/pin-dev-lead-stable

Conversation

@don-petry

Copy link
Copy Markdown
Contributor

Convert this repo's dev-lead.yml from dev-lead-reusable.yml@main@dev-lead/stable + agent_ref: dev-lead/stable, so dev-lead runs the pinned known-good channel and promotion is a central tag move (no caller churn). dev-lead/stable is at v1.2.0 (= main, incl. #488 fixes) — no behavior change today, just version pinning. Part of #557 (dev-lead consumer fan-out), mirroring #536.

🤖 Generated with Claude Code

Convert dev-lead caller from dev-lead-reusable.yml@main to @dev-lead/stable
and thread agent_ref: dev-lead/stable so dev-lead's scripts run at the pinned
version too. Promotion is now a central tag move; this caller is never edited
on release. Mirrors the pr-review consumer fan-out (#536).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 10, 2026 21:30
@don-petry don-petry requested a review from a team as a code owner June 10, 2026 21:30
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@don-petry, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 40 minutes and 31 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 72ac6686-9218-442b-a9b6-2ff581d3a2bf

📥 Commits

Reviewing files that changed from the base of the PR and between a32864d and 3a07da3.

📒 Files selected for processing (1)
  • .github/workflows/dev-lead.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/pin-dev-lead-stable

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@sonarqubecloud

Copy link
Copy Markdown

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry don-petry enabled auto-merge (squash) June 10, 2026 21:31
@don-petry don-petry disabled auto-merge June 10, 2026 21:31
@don-petry don-petry disabled auto-merge June 10, 2026 21:31

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins the repository’s Dev-Lead workflow caller to the dev-lead/stable channel and explicitly passes agent_ref so Dev-Lead runs a centrally promoted, known-good version without requiring caller updates across repos.

Changes:

  • Update the reusable workflow ref from a pinned main SHA to @dev-lead/stable.
  • Pass agent_ref: dev-lead/stable to ensure the agent’s internal scripts align with the same channel.

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning
Issues addressed: 0
Files changed: none
Skipped (informational): 0
CI status: all checks passing or skipped — zero Tier 1 blockers.
Review threads: none open from this bot.
```
No action required. The PR has a clean CI state and no bot findings to address.

@don-petry don-petry enabled auto-merge (squash) June 10, 2026 21:32
@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning
Issues addressed: 0
Files changed: none
Skipped (informational): 0
```
**Assessment:** PR #264 has a clean slate — all CI checks pass or are appropriately skipped, zero open review threads, no reviews requesting changes, and the bot comment contains no actionable findings. The `mergeStateStatus: BLOCKED` is likely due to a pending required reviewer (e.g. CODEOWNERS approval), not a code issue. No code changes are warranted.

@don-petry don-petry disabled auto-merge June 10, 2026 21:32
@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning
Issues addressed: 0
Files changed: none
Skipped (informational): 0
```
**Assessment:** Zero Tier 1 blockers. All CI checks pass or are intentionally skipped. The single review comment from `copilot-pull-request-reviewer[bot]` is state `COMMENTED` (not `CHANGES_REQUESTED`) and describes the PR correctly. No threads to resolve and no fixes needed.

@don-petry don-petry enabled auto-merge (squash) June 10, 2026 21:32

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 3a07da3c97f1ddbed6d51c581b6f59cdfecf0ec2
Review mode: triage-approved (single reviewer)

Summary

Tiny GitHub Actions workflow change in .github/workflows/dev-lead.yml (+3/-1): switches the reusable-workflow ref from a pinned SHA on main to the org-managed @dev-lead/stable channel and passes agent_ref: dev-lead/stable so the agent's internal scripts align with the same channel. This is a pin-to-channel promotion pattern (mirrors PR #536, part of #557 dev-lead consumer fan-out). The PR body notes dev-lead/stable is currently at v1.2.0 (= main, including #488 fixes) so there is no behavior change today — purely a versioning/promotion strategy change. Reusable workflow lives in the same petry-projects org, so channel-based pinning is the intended internal-promotion mechanism rather than a supply-chain regression.

Linked issue analysis

No closing issue is linked. The PR body references #557 (dev-lead consumer fan-out tracker) and notes parity with #536. The change matches the stated intent: convert this caller to the @dev-lead/stable channel + agent_ref.

Findings

  • No security, correctness, or maintainability issues identified in the 4 changed lines.
  • The ref moves from a SHA pin to a moving tag (@dev-lead/stable). For external actions this would be a supply-chain concern, but the called workflow lives in the same petry-projects org and the channel-tag move is the intended central promotion mechanism described in the PR body. This is consistent with the rollout pattern in #536.
  • agent_ref matches the workflow ref so the agent's internal scripts stay aligned with the same channel — good consistency.
  • secrets: inherit and per-job permissions: block are preserved unchanged.

CI status

All required checks green. 11 SUCCESS (AgentShield, CodeQL, SonarCloud x2, Secret scan/gitleaks, dev-lead/dispatch, pr-auto-review, dependency-audit detection, CI ecosystem detect, CodeRabbit status), 11 appropriately SKIPPED (no-op ecosystems: backend/frontend CI, npm/pnpm/pip/cargo/govulncheck audits, dependabot-automerge, pr-review-mention duplicates, dev-lead/ci-relay). mergeStateStatus: BLOCKED is due to pending org-leads team review, not a CI failure.


Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

@don-petry don-petry merged commit ded989e into main Jun 10, 2026
24 checks passed
@don-petry don-petry deleted the chore/pin-dev-lead-stable branch June 10, 2026 21:34

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 3a07da3c97f1ddbed6d51c581b6f59cdfecf0ec2
Review mode: triage-approved (single reviewer)

Summary

Tiny GitHub Actions caller change in .github/workflows/dev-lead.yml (+3/-1): swaps the reusable-workflow ref from a SHA pin on main to the org-managed @dev-lead/stable channel and threads agent_ref: dev-lead/stable so dev-lead's internal scripts run on the same channel. Promotion is now a central tag move; the caller is no longer edited per release. Mirrors PR #536 (pr-review consumer fan-out) and is part of #557. PR body notes dev-lead/stable is currently at v1.2.0 (= main, incl. #488 fixes) — zero behavior change today, purely a versioning/promotion strategy. Triage-approved confirmed.

Linked issue analysis

No closing issue is linked. The PR body references #557 (dev-lead consumer fan-out tracker) and #536 (parity pattern). The diff exactly matches the stated intent.

Findings

  • No security, correctness, or maintainability issues in the 4 changed lines.
  • Ref moves from a SHA pin to a moving tag (@dev-lead/stable). For external actions this would be a supply-chain concern, but the called workflow lives in the same petry-projects org and the channel-tag move is the intended central-promotion mechanism. Consistent with #536 rollout.
  • agent_ref matches the workflow ref so the agent's internal scripts stay aligned — good consistency.
  • secrets: inherit and per-job permissions: block are preserved unchanged.
  • Existing donpetry-bot approval at the same SHA already validated this analysis; this run confirms it.

CI status

All required checks green. SUCCESS: AgentShield, CodeQL (actions), SonarCloud (x2), Secret scan/gitleaks, dev-lead/dispatch, pr-auto-review, dependency-audit detection, CI ecosystem detect, CodeRabbit status. SKIPPED (no-op ecosystems / duplicate dispatchers): backend/frontend CI, npm/pnpm/pip/cargo/govulncheck audits, dependabot-automerge, pr-review-mention duplicates, dev-lead/ci-relay. mergeStateStatus: BLOCKED reflects a pending org-leads team review, not a CI failure. reviewDecision: APPROVED.


Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

don-petry added a commit that referenced this pull request Jun 11, 2026
PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to
petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable
that does NOT exist (the dev-lead reusable lives in .github-private). Every
markets dev-lead run has failed at startup (jobs:[], unresolvable reusable)
since #265 merged at 09:22Z.

Restore the correct pin set by #264 and required by the ratified standard
(petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
don-petry added a commit that referenced this pull request Jun 11, 2026
…266)

PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to
petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable
that does NOT exist (the dev-lead reusable lives in .github-private). Every
markets dev-lead run has failed at startup (jobs:[], unresolvable reusable)
since #265 merged at 09:22Z.

Restore the correct pin set by #264 and required by the ratified standard
(petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
don-petry added a commit that referenced this pull request Jun 19, 2026
Convert dev-lead caller from dev-lead-reusable.yml@main to @dev-lead/stable
and thread agent_ref: dev-lead/stable so dev-lead's scripts run at the pinned
version too. Promotion is now a central tag move; this caller is never edited
on release. Mirrors the pr-review consumer fan-out (#536).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
don-petry added a commit that referenced this pull request Jun 19, 2026
…266)

PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to
petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable
that does NOT exist (the dev-lead reusable lives in .github-private). Every
markets dev-lead run has failed at startup (jobs:[], unresolvable reusable)
since #265 merged at 09:22Z.

Restore the correct pin set by #264 and required by the ratified standard
(petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants