Skip to content

feat: implement issue #216 — Compliance: non-stub-dev-lead.yml#265

Merged
don-petry merged 2 commits into
mainfrom
dev-lead/issue-216-20260611-0911
Jun 11, 2026
Merged

feat: implement issue #216 — Compliance: non-stub-dev-lead.yml#265
don-petry merged 2 commits into
mainfrom
dev-lead/issue-216-20260611-0911

Conversation

@don-petry

@don-petry don-petry commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Closes #216

Implemented by dev-lead agent. Please review.

Summary by CodeRabbit

  • Chores
    • Updated internal development workflow configuration to improve stability and clarity of concurrent job handling.

@don-petry don-petry requested a review from a team as a code owner June 11, 2026 09:13
Copilot AI review requested due to automatic review settings June 11, 2026 09:13
@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@don-petry, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 54 minutes and 2 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 08f93082-a435-421e-9135-98fc724d84d1

📥 Commits

Reviewing files that changed from the base of the PR and between 9ed1a68 and 7cf1c11.

📒 Files selected for processing (1)
  • .github/workflows/dev-lead.yml
📝 Walkthrough

Walkthrough

The dev-lead workflow is simplified to call the canonical reusable workflow from @main instead of a versioned reference, removing the custom agent_ref input. A local comment clarifies that concurrency lane handling is centralized in the reusable workflow.

Changes

Dev-Lead Workflow Reference Update

Layer / File(s) Summary
Dev-Lead workflow reference and concurrency handling
.github/workflows/dev-lead.yml
The reusable workflow reference is updated from @dev-lead/stable to @main, the agent_ref: dev-lead/stable input is removed, and a comment is clarified to note that concurrency and issue pickup lane handling is now centralized in the reusable workflow.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related issues

  • Addresses compliance finding from issue #216: dev-lead.yml is now a thin caller stub pinned to the canonical reusable workflow reference (@main), replacing the previous versioned reference pattern.

Suggested labels

needs-human-review

Suggested reviewers

  • donpetry-bot
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the implementation of issue #216, which requires converting the dev-lead.yml workflow from an inline copy to a thin caller stub for compliance.
Linked Issues check ✅ Passed The PR implements the core requirement from issue #216: converting the inline dev-lead.yml workflow to a thin caller stub that delegates to the reusable workflow, achieving compliance with centralized CI workflow standards.
Out of Scope Changes check ✅ Passed The changes are narrowly scoped to the dev-lead.yml workflow file only, directly addressing the compliance requirement without introducing unrelated modifications.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dev-lead/issue-216-20260611-0911

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — waiting on PR blockers (intent: review-changes)

PR: #265
No changes were committed, but the PR still has blocking checks or reviews (failing or cancelled checks, or changes-requested reviews). The retry cron will re-attempt automatically. Next attempt after: 2026-06-11T09:44:30Z

@don-petry

Copy link
Copy Markdown
Contributor Author

Note

@don-petry I reviewed this PR and no code changes were needed, but it still has blocking checks or reviews (failing or cancelled checks, or changes-requested reviews), so I cannot mark it done yet. I'll re-check automatically.
Next attempt after: 2026-06-11T09:44:30Z

@don-petry don-petry enabled auto-merge (squash) June 11, 2026 09:14

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s Dev-Lead GitHub Actions workflow toward the “thin caller stub” model required by the CI centralization standards (Issue #216).

Changes:

  • Adjusts the concurrency documentation comment for the dev-lead workflow.
  • Switches the jobs.dev-lead.uses reference and removes the previously passed agent_ref input.
  • Keeps job-level permissions explicitly defined while inheriting secrets.

Comment thread .github/workflows/dev-lead.yml Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/dev-lead.yml:
- Line 46: The reusable workflow reference currently uses the unstable ref
"petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@main";
update that `uses:` entry to a pinned/stable ref (match the pattern used
elsewhere in the repo such as a release tag, branch alias like
`@pr-review/stable`, or a specific commit SHA) so the call to
dev-lead-reusable.yml is deterministic and not tracking `@main`.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 19ae02cb-f2a9-4d38-9b12-d3a1d0583c45

📥 Commits

Reviewing files that changed from the base of the PR and between d22f036 and 9ed1a68.

📒 Files selected for processing (1)
  • .github/workflows/dev-lead.yml

Comment thread .github/workflows/dev-lead.yml Outdated
@don-petry don-petry disabled auto-merge June 11, 2026 09:17
@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-reviews (applied)

Changes committed and pushed.

@don-petry don-petry enabled auto-merge (squash) June 11, 2026 09:19
@sonarqubecloud

Copy link
Copy Markdown

@don-petry don-petry disabled auto-merge June 11, 2026 09:20
@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning
Issues addressed: 0
Files changed: none
Skipped (informational): 0
Notes:
- Quality Gate passed with 0 new issues and 0 security hotspots
- All CI checks completed successfully (no failures, timeouts, or cancellations)
- No CHANGES_REQUESTED reviews
- No open review threads from the bot to resolve
- Changed files contain no SonarCloud hotspot patterns
```
The PR is clean — no Tier 1 blockers and no actionable findings from the bot. No code changes or thread resolutions are needed.

@don-petry don-petry enabled auto-merge (squash) June 11, 2026 09:21

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 7cf1c11426333673b25576f241df6e116804ece5
Review mode: triage-approved (single reviewer)

Summary

Replaces the local inline dev-lead.yml workflow with the canonical thin caller stub that delegates to petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 and drops the agent_ref input. Minor comment cleanup alongside. Matches the documented remediation for compliance issue #216.

Linked issue analysis

Closes #216 (Compliance: non-stub-dev-lead.yml). The audit finding asked for exactly this change: re-sync dev-lead.yml from standards/workflows/dev-lead.yml so it becomes a thin caller stub delegating to the canonical petry-projects/.github reusable workflow at @v1. The diff matches that remediation 1:1.

Findings

No new findings.

  • Diff scope is minimal (1 file, +4/-6) and confined to a workflow stub that this repo's standards explicitly allow modifying only to swap the caller target.
  • New uses: reference (petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1) is the documented org-standard reusable-workflow reference; tag pinning matches sibling caller stubs and is the standard pattern for same-org reusable workflows (the repo's SHA-pinning rule applies to third-party actions).
  • CodeRabbit raised one earlier comment (against an older SHA 9ed1a682) about pinning an unstable @main ref; the current HEAD already pins @v1, so the finding is resolved. CodeRabbit's final review on 7cf1c11 is empty.
  • Dev-lead bot left a fix-bot-comment status=no-changes note confirming no further changes were warranted.

CI status

All checks green or appropriately skipped on 7cf1c11: CodeQL (actions), SonarCloud, AgentShield, Detect ecosystems, gitleaks, dependency-audit, PR Auto-Review ready-check. Skipped jobs are language-specific ecosystems not present in this change. mergeStateStatus: BLOCKED is only due to REVIEW_REQUIRED; this approval clears that gate.


Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

@don-petry don-petry merged commit 55ba4c2 into main Jun 11, 2026
23 checks passed
@don-petry don-petry deleted the dev-lead/issue-216-20260611-0911 branch June 11, 2026 09:22

@donpetry-bot donpetry-bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 7cf1c11426333673b25576f241df6e116804ece5
Review mode: triage-approved (single reviewer)

Summary

Confirms the triage-tier approval. This PR swaps the inline dev-lead.yml workflow for the canonical thin caller stub delegating to petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 and drops the now-unused agent_ref input — exactly the remediation called out by compliance issue #216. Diff is 1 file, +4/-6.

Linked issue analysis

Closes #216 (Compliance: non-stub-dev-lead.yml). The audit finding requested re-syncing dev-lead.yml from standards/workflows/dev-lead.yml so it becomes a thin caller stub delegating to the canonical petry-projects/.github reusable workflow at @v1. The diff matches the prescribed remediation 1:1.

Findings

No new findings on top of the prior automated approval.

  • Change is confined to a workflow caller stub; same-org reusable workflows are pinned by tag (@v1), matching the documented pattern (the SHA-pinning rule applies to third-party actions).
  • CodeRabbit's earlier flag about an unstable @main ref was against an older SHA (9ed1a682); the current HEAD (7cf1c11) pins @v1, so the finding is resolved. CodeRabbit's review on the current SHA is empty.
  • Dev-lead agent's fix-bot-comment status=no-changes note confirms no further code changes were warranted.
  • Permissions block (contents: write, pull-requests: write, issues: write, actions: read, checks: read, statuses: read) is unchanged in scope — only a trailing comment was trimmed.

CI status

All required checks succeeded on 7cf1c11: CodeQL (actions), SonarCloud / SonarCloud Code Analysis, AgentShield, CI/Detect ecosystems, CI/Secret scan (gitleaks), dependency-audit/Detect ecosystems, PR Auto-Review ready-check, PR Review Agent. Language-specific dependency audits (npm/pnpm/pip/cargo/govulncheck) and Backend/Frontend CI are appropriately SKIPPED — this PR touches only a workflow YAML.


Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

don-petry added a commit that referenced this pull request Jun 11, 2026
PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to
petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable
that does NOT exist (the dev-lead reusable lives in .github-private). Every
markets dev-lead run has failed at startup (jobs:[], unresolvable reusable)
since #265 merged at 09:22Z.

Restore the correct pin set by #264 and required by the ratified standard
(petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
don-petry added a commit that referenced this pull request Jun 11, 2026
…266)

PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to
petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable
that does NOT exist (the dev-lead reusable lives in .github-private). Every
markets dev-lead run has failed at startup (jobs:[], unresolvable reusable)
since #265 merged at 09:22Z.

Restore the correct pin set by #264 and required by the ratified standard
(petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
don-petry added a commit that referenced this pull request Jun 19, 2026
* feat: implement issue #216 — Compliance: non-stub-dev-lead.yml

* fix(reviews): address review comments [skip ci-relay]

---------

Co-authored-by: donpetry-bot <281750570+donpetry-bot@users.noreply.github.com>
don-petry added a commit that referenced this pull request Jun 19, 2026
…266)

PR #265 (Compliance: non-stub-dev-lead.yml, issue #216) repointed this stub to
petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 — a reusable
that does NOT exist (the dev-lead reusable lives in .github-private). Every
markets dev-lead run has failed at startup (jobs:[], unresolvable reusable)
since #265 merged at 09:22Z.

Restore the correct pin set by #264 and required by the ratified standard
(petry-projects/.github#440): .github-private/...@dev-lead/stable + agent_ref.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Compliance: non-stub-dev-lead.yml

3 participants