fix(ci): enable allow_auto_merge and convert dependabot-automerge to thin-caller stub#223
Conversation
…allow_auto_merge - Replace inline dependabot-automerge.yml with the standard thin-caller stub that delegates to dependabot-automerge-reusable.yml@v1. The inline version was missing skip-commit-verification: true (added in the reusable) and duplicated eligibility logic already maintained centrally. - The allow_auto_merge repository setting has been enabled via API to satisfy the compliance audit requirement (was null, now true). The setting is required for gh pr merge --auto calls in the automerge workflow to succeed. Closes #107 Co-authored-by: Don Petry <don-petry@users.noreply.github.com>
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Self-ReviewThe changes look correct. One item needs human attention: SonarCloud Security HotspotsSonarCloud flagged 2 security hotspots related to the These hotspots appear because this file uses the verbatim org standard template from The Action needed: Please acknowledge/dismiss these hotspots as "Safe" in the SonarCloud dashboard after reviewing. @petry-projects/org-leads — please review and merge when ready. |
Summary
allow_auto_mergerepository setting via GitHub API (null→true), resolving the weekly compliance audit finding.github/workflows/dependabot-automerge.ymlfrom an inline workflow to the standard thin-caller stub that delegates todependabot-automerge-reusable.yml@v1Why both changes
The compliance audit (
scripts/compliance-audit.sh) checksallow_auto_mergevia the GitHub API and was seeingnull. The setting has now been applied directly.The inline
dependabot-automerge.ymlwas pre-centralization code that:skip-commit-verification: true(present in the reusable since a later update)dependabot-automerge-reusable.ymlThe thin-caller stub is the org standard per
standards/workflows/dependabot-automerge.ymland delegates all logic to the reusable.Test plan
allow_auto_mergeverifiedtrueviagh api repos/petry-projects/.github --jq '.allow_auto_merge'dependabot-automerge-reusable.yml@v1which has full eligibility logic,skip-commit-verification: true, and app secrets checknull)Closes #107
Generated with Claude Code