fix(dev-lead): set git identity before commit in commit_and_push

[don-petry]

Summary

• Sets git config user.email and git config user.name before git commit in commit_and_push()
• Fixes the git commit failed — check git identity configuration on the runner error that blocks the dev-lead from committing to any repo other than .github-private

Root cause

actions/checkout sets local git identity only for the repo it checks out (.github-private). When the script clones a target repo (TalkTerm, broodly, etc.) into a separate workspace directory, that identity doesn't carry over and git commit fails.

Impact

Without this fix, the human, fix-reviews, and fix-bot-comment intents all fail at the commit step for every repo except .github-private itself. All 5 rollout PRs (TalkTerm #203, broodly #241, markets #204, ContentTwin #181, bmad-bgreat-suite #199) were affected.

Fixes #368

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Fixed Git author identity configuration in automated workflows to prevent missing author information in commits across repository checkouts.

• Documentation

  • Improved documentation for Git identity setup procedures.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

The PR ensures Git author identity is configured for bot commits across multiple repositories by integrating explicit setup_git_identity() calls into the PR fix workflow and improving the helper function's documentation and syntax.

Changes

Git identity setup for multirepository commits

Layer / File(s)	Summary
Git identity helper integration and documentation scripts/dev-lead-fix-reviews.sh, scripts/lib/git-identity.sh	setup_git_identity() is now called after non-dry-run PR checkout and again before commits in commit_and_push() to ensure git user identity is configured for separately cloned repositories. Helper function adds documentation describing GitHub-hosted runner limitations and modernizes the conditional test from single-bracket to double-bracket syntax.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• petry-projects/.github-private#282: Both PRs modify scripts/dev-lead-fix-reviews.sh around commit_and_push() behavior and git commit handling.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: setting git identity before commit in the commit_and_push function, which is the core fix for the git identity configuration error.
Linked Issues check	✅ Passed	The PR directly addresses all coding requirements from issue #368: setting git config user.name and user.email before git commit in commit_and_push(), ensuring commits succeed in cloned target repos across all affected repositories.
Out of Scope Changes check	✅ Passed	All changes are scoped to the stated objectives: modifications to dev-lead-fix-reviews.sh and git-identity.sh to set git identity before commits, with documentation improvements to git-identity.sh explaining the fix's purpose.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/dev-lead-git-identity

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[donpetry-bot]

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: fa5048efe1db84789e6589948f0df54d90fca33c
Review mode: triage-approved (single reviewer)

Summary

A 4-line fix to scripts/dev-lead-fix-reviews.sh that sets local git identity (github-actions[bot]) before git commit in commit_and_push(). This addresses a real failure where the dev-lead script could only commit successfully to .github-private because actions/checkout only configures git identity for the repo it checks out — target repos cloned into a separate workspace had no identity, causing git commit to fail. The fix is minimal, targeted, and matches the remediation prescribed in the linked issue.

Linked issue analysis

Fixes #368 substantively. Issue #368 documents the exact failure mode (git commit failed — check git identity configuration on the runner), identifies the root cause (actions/checkout's local-only identity setup), enumerates affected repos (TalkTerm, broodly, markets, ContentTwin, bmad-bgreat-suite), and prescribes a fix that calls git config user.email / git config user.name before git commit. The PR implements that fix exactly, using the canonical github-actions[bot] noreply email (41898282+github-actions[bot]@users.noreply.github.com).

Findings

• Scope: Identity is set via git config (local repo scope), not --global, so no cross-job leakage. Appropriately placed inside the uncommitted-changes branch of commit_and_push(), immediately before the commit.
• Credentials/secrets: None introduced. The bot email is a public noreply address; no tokens, keys, or secrets touched.
• Comment: The inline comment explains why (the actions/checkout quirk) — non-obvious context that's worth keeping.
• Risk surface: Shell script only, no workflow / permissions / dependency changes.
• Idempotency: git config is safe to call repeatedly; overwriting any pre-existing local identity to the bot identity is the intended behavior in this CI context.

CI status

All required checks green: SonarCloud (quality gate passed, 0 new issues), CodeQL (Analyze actions + main), ShellCheck (both Lint workflow + CI), bats, agent-shield, Agent Security Scan, gitleaks secret scan, unit-tests, validate-agent-profiles, gh-aw-compile, Compile agentic workflows. CodeRabbit was rate-limited (not a failure). Skipped checks are conditional (dependabot, mention trigger, ecosystem-specific audits) and expected to skip for this change.

---

Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

[gemini-code-assist]

Code Review

This pull request updates the scripts/dev-lead-fix-reviews.sh script to explicitly set the Git user identity before committing changes, which prevents failures in GitHub Actions environments where the global Git config is not pre-configured for separate repositories. The reviewer suggested moving these configuration steps to an earlier point in the script's execution to ensure that any Git operations performed by the AI engine prior to the commit_and_push function also have a valid identity.

[gemini-code-assist]

Setting the git identity here ensures that the script's own git commit (line 229) succeeds. However, since the AI engine is granted Bash tool access during the build_and_run phase, it might attempt to perform its own commits. The logic at lines 188-196 specifically handles cases where the engine has already committed changes. If the engine attempts a commit before this function is called, it will still fail due to missing identity.

Consider moving these git config commands to an earlier point in the script (e.g., immediately after the gh pr checkout at line 31) to provide a consistent environment for both the engine and the script.

[Copilot]

Pull request overview

Fixes a git commit failure in commit_and_push() that blocked the dev-lead human, fix-reviews, and fix-bot-comment intents on every target repo other than .github-private. The reusable workflow checks out two separate working trees, so actions/checkout's local git identity on .github-private doesn't apply when committing into the caller repo's tree. Setting user.email/user.name locally just before git commit restores the missing identity.

Changes:

• Add git config user.email / git config user.name calls in commit_and_push() before git commit
• Use github-actions[bot] identity for the local config

[don-petry]

Dev-Lead — human-pr (applied)

Changes committed and pushed.

[don-petry]

No description provided.

[don-petry]

No description provided.

[donpetry-bot]

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: f6f66fb347df9859dec4e2dd18d79d9aeae2248d
Review mode: triage-approved (single reviewer)

Summary

Confirmation review of a refined 16-line fix to scripts/dev-lead-fix-reviews.sh that sets local git identity before git commit in commit_and_push(). Since the prior review (commit fa5048e), the inline hardcoded github-actions[bot] identity has been extracted into a setup_git_identity() helper that uses BOT_USER (default donpetry-bot) and looks up the actual numeric user ID via gh api users/${bot} to construct the proper <id>+<bot>@users.noreply.github.com noreply address (with a sensible fallback if the lookup fails). The helper is also now invoked immediately after gh pr checkout, which addresses the suggestion in the earlier Gemini comment about moving identity setup earlier so that any pre-commit_and_push git operations also have an identity. The merge of main into the branch is noise — it pulls in PR #367's CI Failure Analyst reusable workflow, which is not part of this PR's net contribution.

Linked issue analysis

Fixes #368 substantively. Issue #368 describes the exact failure (git commit failed — check git identity configuration on the runner) on every non-.github-private target repo (TalkTerm, broodly, markets, ContentTwin, bmad-bgreat-suite), traces it to actions/checkout only setting local git identity for the repo it checks out, and prescribes a git config user.email/user.name fix before commit. The current implementation does that — and improves on the prescription by (a) centralizing the logic in one helper, (b) parameterizing the bot identity, and (c) running it both early (post-checkout) and defensively before commit.

Findings

• Scope: git config is used at local (repo) scope — no --global leakage to other steps or workflow runs.
• Identity correctness: gh api "users/${bot}" resolves the actual numeric ID for donpetry-bot, producing the canonical <id>+donpetry-bot@users.noreply.github.com format GitHub recognizes for verified bot commits. Fallback to donpetry-bot@users.noreply.github.com is a valid noreply form if the API lookup fails (e.g., token scope issue).
• Idempotency: git config is safe to call repeatedly; calling setup_git_identity twice (post-checkout and pre-commit) is intentional defensive layering — the second call costs one extra gh api round-trip but guarantees correctness even if intermediate logic overwrote config.
• Credentials/secrets: None introduced. No tokens, keys, or .env files touched. The bot email is a public noreply address.
• Comments: The inline comment explains why (actions/checkout local-only quirk) — non-obvious context worth keeping.
• Prior reviewer feedback resolved: Gemini's suggestion to move identity setup earlier in the script is now implemented via the post-gh pr checkout call. Copilot's overview did not flag any concerns. CodeRabbit was rate-limited (not a failure).
• Risk surface: Shell-only change. No workflow, permissions, or dependency modifications.

CI status

All required checks green at f6f66fb: SonarCloud (quality gate passed, 0 new issues), CodeQL (Analyze actions + main), ShellCheck (both Lint workflow + CI), bats, agent-shield, Agent Security Scan, gitleaks secret scan, unit-tests, validate-agent-profiles, gh-aw-compile, Compile agentic workflows, PR Review Agent. CodeRabbit status check reports SUCCESS despite being rate-limited from posting a review. Skipped checks (dependabot, ecosystem-specific audits) are conditional and expected to skip for a shell-only change. mergeStateStatus: BLOCKED reflects pending review approval, not a CI failure.

---

Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/dev-lead-fix-reviews.sh`:
- Around line 17-27: Add a one-line “why” comment above the setup_git_identity()
function explaining why we set a bot-specific git identity for CI/automation
commits, and replace the POSIX test in the function (if [ -n "$bot_id" ]) with
the Bash conditional if [[ -n $bot_id ]] to follow the repo’s Bash style; update
any related conditional uses to use [[ ... ]] and remove unnecessary quoting
inside [[ ]] as appropriate, keeping the logic that sets git.user.email to
either "${bot_id}+${bot}`@users.noreply.github.com`" when bot_id is present or
"${bot}`@users.noreply.github.com`" otherwise, and leave git.user.name set to
"$bot".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 61ae229a-aed5-46f6-9d20-3770e97451ce

📥 Commits

Reviewing files that changed from the base of the PR and between 52b84f5 and 2964b86.

📒 Files selected for processing (1)

• scripts/dev-lead-fix-reviews.sh

[don-petry]

Dev-Lead — rate-limited (intent: fix-bot-comment)

PR: #369
Please re-trigger manually (re-mention @dev-lead) when the rate limit clears — the original request cannot be reconstructed automatically.

[don-petry]

Dev-Lead — rate-limited (intent: on-mention)

PR: #369
Please re-trigger manually (re-mention @dev-lead) when the rate limit clears — the original request cannot be reconstructed automatically.

[don-petry]

Note

@don-petry I received your request but all AI engines are currently rate-limited. Please re-mention @dev-lead when the rate limit clears (estimated: unknown) — I cannot reconstruct the original instruction automatically.

[donpetry-bot]

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 0238093ffdefaaf6c15a7b29f1e77ed7860cd367
Review mode: triage-approved (single reviewer)

Summary

Confirmation review of a 16-line fix to scripts/dev-lead-fix-reviews.sh adding setup_git_identity() (invoked after gh pr checkout and again inside commit_and_push() before git commit) to resolve the missing git identity in target repos cloned outside .github-private. Since the prior pr-review-agent approval at f6f66fb, only merge commits with main were added — no further substantive change to this PR's contribution. The triage tier's low-risk assessment is correct.

Linked issue analysis

Fixes #368 substantively. Issue #368 describes the exact failure (git commit failed — check git identity configuration on the runner) on every non-.github-private target repo (TalkTerm, broodly, markets, ContentTwin, bmad-bgreat-suite), traces it to actions/checkout only configuring local git identity for the repo it checks out, and prescribes a git config user.email/user.name fix before commit. The implementation does that, parameterizes the bot identity via BOT_USER (default donpetry-bot), resolves the numeric user ID via gh api users/${bot} to produce the canonical <id>+<bot>@users.noreply.github.com noreply form, and falls back to <bot>@users.noreply.github.com if the lookup fails.

Findings

• Scope: git config is used at local (repo) scope — no --global leakage to other steps. The PR's own diff (+16/-0) is contained to one file.
• Idempotency: git config is safe to call repeatedly; calling setup_git_identity both post-checkout and pre-commit is intentional defensive layering.
• Credentials/secrets: None introduced. Only the public bot noreply address; no tokens, keys, or .env files touched.
• Comments: The inline comment inside commit_and_push() explains why (the actions/checkout local-only quirk) — non-obvious context worth keeping.
• Prior reviewer feedback: Gemini's earlier suggestion to set identity earlier in the script is implemented via the post-gh pr checkout call. Copilot raised no concerns.
• CodeRabbit nits (CHANGES_REQUESTED at 2964b86): Style-only suggestions — add an additional one-line why comment above setup_git_identity() itself, and switch the POSIX [ -n "$bot_id" ] to Bash [[ -n $bot_id ]] for repo-style consistency. Non-blocking; feel free to fold into a follow-up if desired.
• Risk surface: Shell-only change, no workflow/permissions/dependency modifications.

CI status

All required checks green at 0238093: SonarCloud (quality gate passed, 0 new issues), CodeQL (Analyze actions + main), ShellCheck (both Lint workflow + CI), bats, agent-shield, Agent Security Scan, gitleaks secret scan, unit-tests, validate-agent-profiles, gh-aw-compile, Compile agentic workflows, PR Review Agent. CodeRabbit status check is SUCCESS. Skipped checks (dependabot, ecosystem-specific audits) are conditional and expected to skip for a shell-only change. mergeStateStatus: BLOCKED and reviewDecision: CHANGES_REQUESTED reflect the CodeRabbit style-nit review, not a CI failure or substantive blocker.

---

Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

Superseded by automated re-review at 0238093.

[donpetry-bot]

Automated review — human attention needed

This PR has been through 3 automated review cycles (cap: 3) without converging on an approval-and-merge state. Further automated review has been paused to avoid infinite loops.

Please take a look manually, or close this PR if it's no longer needed. Once a human review resolves the situation, remove the needs-human-review label and the cascade can be re-engaged on the next push.

Posted by the donpetry-bot PR-review cascade.

[don-petry]

@coderabbitai resolve

[don-petry]

Dev-Lead — review-changes (applied)

Changes committed and pushed.

[coderabbitai]

✅ Actions performed

Comments resolved and changes approved.

[don-petry]

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning

Issues addressed: 0
Files changed: (none)
Skipped (informational): 1
```

[don-petry]

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning

Issues addressed: 0
- Quality Gate passed: no new issues, no accepted issues, no security hotspots reported
Files changed: (none)
Skipped (informational): 1 (Quality Gate status summary)
```

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[don-petry]

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

[don-petry]

Dev-Lead — fix-bot-comment (no-changes)

Agent reasoning

Issues addressed: 0
Files changed: none
Skipped (informational): 0
Notes: Quality Gate passed — 0 new issues, 0 security hotspots, 0 duplication issues.
       No open review threads from sonarqubecloud[bot] on PR #369.
       No action required.
```