feat: implement issue #216 — Compliance: non-stub-dev-lead.yml#265
Conversation
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
|
Warning Review limit reached
More reviews will be available in 54 minutes and 2 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe dev-lead workflow is simplified to call the canonical reusable workflow from ChangesDev-Lead Workflow Reference Update
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Possibly related issues
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Dev-Lead — waiting on PR blockers (intent: review-changes)PR: #265 |
|
Note @don-petry I reviewed this PR and no code changes were needed, but it still has blocking checks or reviews (failing or cancelled checks, or changes-requested reviews), so I cannot mark it done yet. I'll re-check automatically. |
There was a problem hiding this comment.
Pull request overview
Updates the repository’s Dev-Lead GitHub Actions workflow toward the “thin caller stub” model required by the CI centralization standards (Issue #216).
Changes:
- Adjusts the concurrency documentation comment for the dev-lead workflow.
- Switches the
jobs.dev-lead.usesreference and removes the previously passedagent_refinput. - Keeps job-level permissions explicitly defined while inheriting secrets.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/dev-lead.yml:
- Line 46: The reusable workflow reference currently uses the unstable ref
"petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@main";
update that `uses:` entry to a pinned/stable ref (match the pattern used
elsewhere in the repo such as a release tag, branch alias like
`@pr-review/stable`, or a specific commit SHA) so the call to
dev-lead-reusable.yml is deterministic and not tracking `@main`.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 19ae02cb-f2a9-4d38-9b12-d3a1d0583c45
📒 Files selected for processing (1)
.github/workflows/dev-lead.yml
Dev-Lead — fix-reviews (applied)Changes committed and pushed. |
|
Dev-Lead — fix-bot-comment (no-changes)Agent reasoning |
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: 7cf1c11426333673b25576f241df6e116804ece5
Review mode: triage-approved (single reviewer)
Summary
Replaces the local inline dev-lead.yml workflow with the canonical thin caller stub that delegates to petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 and drops the agent_ref input. Minor comment cleanup alongside. Matches the documented remediation for compliance issue #216.
Linked issue analysis
Closes #216 (Compliance: non-stub-dev-lead.yml). The audit finding asked for exactly this change: re-sync dev-lead.yml from standards/workflows/dev-lead.yml so it becomes a thin caller stub delegating to the canonical petry-projects/.github reusable workflow at @v1. The diff matches that remediation 1:1.
Findings
No new findings.
- Diff scope is minimal (1 file, +4/-6) and confined to a workflow stub that this repo's standards explicitly allow modifying only to swap the caller target.
- New
uses:reference (petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1) is the documented org-standard reusable-workflow reference; tag pinning matches sibling caller stubs and is the standard pattern for same-org reusable workflows (the repo's SHA-pinning rule applies to third-party actions). - CodeRabbit raised one earlier comment (against an older SHA
9ed1a682) about pinning an unstable@mainref; the current HEAD already pins@v1, so the finding is resolved. CodeRabbit's final review on7cf1c11is empty. - Dev-lead bot left a
fix-bot-comment status=no-changesnote confirming no further changes were warranted.
CI status
All checks green or appropriately skipped on 7cf1c11: CodeQL (actions), SonarCloud, AgentShield, Detect ecosystems, gitleaks, dependency-audit, PR Auto-Review ready-check. Skipped jobs are language-specific ecosystems not present in this change. mergeStateStatus: BLOCKED is only due to REVIEW_REQUIRED; this approval clears that gate.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: 7cf1c11426333673b25576f241df6e116804ece5
Review mode: triage-approved (single reviewer)
Summary
Confirms the triage-tier approval. This PR swaps the inline dev-lead.yml workflow for the canonical thin caller stub delegating to petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 and drops the now-unused agent_ref input — exactly the remediation called out by compliance issue #216. Diff is 1 file, +4/-6.
Linked issue analysis
Closes #216 (Compliance: non-stub-dev-lead.yml). The audit finding requested re-syncing dev-lead.yml from standards/workflows/dev-lead.yml so it becomes a thin caller stub delegating to the canonical petry-projects/.github reusable workflow at @v1. The diff matches the prescribed remediation 1:1.
Findings
No new findings on top of the prior automated approval.
- Change is confined to a workflow caller stub; same-org reusable workflows are pinned by tag (
@v1), matching the documented pattern (the SHA-pinning rule applies to third-party actions). - CodeRabbit's earlier flag about an unstable
@mainref was against an older SHA (9ed1a682); the current HEAD (7cf1c11) pins@v1, so the finding is resolved. CodeRabbit's review on the current SHA is empty. - Dev-lead agent's
fix-bot-comment status=no-changesnote confirms no further code changes were warranted. - Permissions block (
contents: write,pull-requests: write,issues: write,actions: read,checks: read,statuses: read) is unchanged in scope — only a trailing comment was trimmed.
CI status
All required checks succeeded on 7cf1c11: CodeQL (actions), SonarCloud / SonarCloud Code Analysis, AgentShield, CI/Detect ecosystems, CI/Secret scan (gitleaks), dependency-audit/Detect ecosystems, PR Auto-Review ready-check, PR Review Agent. Language-specific dependency audits (npm/pnpm/pip/cargo/govulncheck) and Backend/Frontend CI are appropriately SKIPPED — this PR touches only a workflow YAML.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable that does NOT exist (the dev-lead reusable lives in .github-private). Every markets dev-lead run has failed at startup (jobs:[], unresolvable reusable) since #265 merged at 09:22Z. Restore the correct pin set by #264 and required by the ratified standard (petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…266) PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable that does NOT exist (the dev-lead reusable lives in .github-private). Every markets dev-lead run has failed at startup (jobs:[], unresolvable reusable) since #265 merged at 09:22Z. Restore the correct pin set by #264 and required by the ratified standard (petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* feat: implement issue #216 — Compliance: non-stub-dev-lead.yml * fix(reviews): address review comments [skip ci-relay] --------- Co-authored-by: donpetry-bot <281750570+donpetry-bot@users.noreply.github.com>
…266) PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable that does NOT exist (the dev-lead reusable lives in .github-private). Every markets dev-lead run has failed at startup (jobs:[], unresolvable reusable) since #265 merged at 09:22Z. Restore the correct pin set by #264 and required by the ratified standard (petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>



Closes #216
Implemented by dev-lead agent. Please review.
Summary by CodeRabbit