Skip to content

feat(ci): bot-review auto-approve + auto-merge when clean#83

Merged
SymbolStar merged 1 commit into
mainfrom
feat/auto-approve-merge-when-clean
Jun 11, 2026
Merged

feat(ci): bot-review auto-approve + auto-merge when clean#83
SymbolStar merged 1 commit into
mainfrom
feat/auto-approve-merge-when-clean

Conversation

@SymbolStar

Copy link
Copy Markdown
Owner

What

Promote bot-review.yml from Phase 1 (comment-only) → Phase 2 (auto-approve + auto-merge) for PRs that pass all red-line gates.

Gates (ALL must hold)

  • ✅ PR author is internal SymbolStar org member (fork PRs never auto-merge)
  • ✅ Zero red-line ❌ findings (A-7.5, SSE order, forge restart race)
  • ✅ Zero 'needs human review' path hits (server.py, migrations/, bin/forge, .github/workflows/, *.plist, forge_xiaof.py)
  • ✅ No no-auto-merge label, no [no-auto-merge] in title

Escape hatches

  • Add label no-auto-merge on PR
  • Put [no-auto-merge] in PR title
  • Touch any 'needs human' path (auto-blocked)

Repo settings Scott needs to flip (one-time)

  1. Settings → General → Pull Requests → Allow auto-merge
  2. Settings → Branches → Add rule for main:
    • Require status checks before merging → select ci job(s)
    • Required reviews: 1 (the bot's approval counts)
  3. Optional: create label no-auto-merge (color: red)

Without #1/#2 the workflow still works but falls back to direct squash merge (warns in logs).

Phase 2 promotion: bot-review now approves and enables auto-merge on PRs
that pass all gates. Escape hatches: 'no-auto-merge' label or
'[no-auto-merge]' in title.

Gates (ALL must hold):
- PR author is internal SymbolStar org member (fork PRs never auto-merge)
- zero red-line findings (A-7.5, SSE order, forge restart race)
- zero 'needs human review' path hits (server.py, migrations/,
  bin/forge, .github/workflows/, *.plist, forge_xiaof.py)
- no 'no-auto-merge' label, no '[no-auto-merge]' in title

Uses squash merge. Falls back to direct squash if 'Allow auto-merge' is
not enabled at repo level (warns in logs). Pairs with branch protection
on main to wait for required CI.
@github-actions

github-actions Bot commented Jun 11, 2026

Copy link
Copy Markdown

🤖 bot-review (comment-only · phase 1)

Diff: 1 file changed, 96 insertions(+), 11 deletions(-) @ 7c1a0bd

Red-line checks:

  • ✅ A-7.5: no new 'forbidden' code in xiaof

Needs human review — these paths are not eligible for future auto-approve:

  • .github/workflows/bot-review.yml (CI workflow — review for token/permission scope)

Phase 2: auto-approve + auto-merge fire only when red-lines are clean, author is internal, and no needs-human path is touched. Block with no-auto-merge label or [no-auto-merge] in title.

@SymbolStar SymbolStar force-pushed the feat/auto-approve-merge-when-clean branch from 1effe20 to 7c1a0bd Compare June 11, 2026 14:49
@SymbolStar SymbolStar merged commit 574c20e into main Jun 11, 2026
6 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant