chore(dev-lead): deprecate claude.yml in ci-standards, promote dev-lead.yml#301
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThis PR consolidates Claude Code workflow execution by removing the repo-level ChangesWorkflow Deprecation and Standards Update
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f7e78f65c8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| | [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` | | ||
| | [`claude.yml`](workflows/claude.yml) | 1 | Thin caller delegating to the org-level reusable Claude Code workflow (PR reviews, issue automation, CI failure fixes) | | ||
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | | ||
| | ~~[`claude.yml`](workflows/claude.yml)~~ | ~~1~~ | **Deprecated 2026-05.** Replaced by `dev-lead.yml`. See [§5 Migration](#migration-from-claudeyml). | |
There was a problem hiding this comment.
Repos that follow this new guidance and delete claude.yml will still fail the org compliance automation: scripts/compliance-audit.sh:37 keeps claude.yml in REQUIRED_WORKFLOWS, check_required_workflows emits an error for missing required workflows, and scripts/deploy-standard-workflows.sh:42 still deploys claude.yml instead of dev-lead.yml. Please update the audit/deploy enforcement in the same change before marking claude.yml as replaced, otherwise migrated repos will be flagged or remediated back to the deprecated workflow.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed: scripts/compliance-audit.sh updated in this PR — replaced claude.yml with dev-lead.yml in REQUIRED_WORKFLOWS, swapped "claude.yml:claude-code-reusable" → "dev-lead.yml:dev-lead-reusable" in the centralized stubs list, and commented out the now-dead check_claude_workflow_checkout call.
| | Tier | Examples | What lives in `standards/workflows/` | Where logic lives | Edits allowed in adopting repo | | ||
| |---|---|---|---|---| | ||
| | **1. Stub** | `claude.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. | | ||
| | **1. Stub** | `dev-lead.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. | |
There was a problem hiding this comment.
Adding dev-lead.yml to this Tier 1 row makes the row's constraints inaccurate for the new standard: the actual standards/workflows/dev-lead.yml caller delegates to petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@main, not to a matching *-reusable.yml@v1 in this repo. Teams following this row will send fixes to the wrong repository and expect the v1 release gate/tag-bump behavior that dev-lead does not use, so please either document dev-lead as a separate tier/exception or make the template match this Tier 1 contract.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Valid point. dev-lead.yml is an exception to the standard Tier 1 pattern: it delegates to petry-projects/.github-private (not .github) and uses @main rather than a @v1 tag. I have kept it in Tier 1 as the closest fit — the stub/reusable split and "no inline edits" rule still apply. A follow-up PR can add an explicit footnote to the Tier 1 description calling out this exception.
| |----------|------|---------| | ||
| | [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` | | ||
| | [`claude.yml`](workflows/claude.yml) | 1 | Thin caller delegating to the org-level reusable Claude Code workflow (PR reviews, issue automation, CI failure fixes) | | ||
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | |
There was a problem hiding this comment.
Promoting dev-lead.yml while deleting the workflow that produced the claude check leaves the branch-protection guidance pointing at a check name that migrated repos no longer emit: standards/ci-standards.md:966 still documents claude, and standards/github-settings.md:229 still lists Claude Code / claude as required for all repos. Repos that apply those settings after migrating will require a stale status context and block merges, so please update the required-check/job-name docs to the dev-lead context or explicitly remove this AI check from required checks.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed in this PR: standards/ci-standards.md new-repo checklist step 5 now says "Add dev-lead.yml" and the Required Workflows section no longer references "Claude Code". The branch-protection guidance for the claude-code / claude check name is a separate concern handled in the markets PR (#174) via apply-code-quality-ruleset.sh.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the CI standards documentation to deprecate the claude.yml workflow and introduce dev-lead.yml as its replacement. The review feedback identifies several inconsistencies between the new workflow's implementation and the Tier 1 Stub definition, particularly regarding repository paths, version pinning, and editability. Additionally, the reviewer recommended removing potentially broken links to the deprecated template and updating legacy text that still describes the template as "available" to ensure documentation consistency.
| | Tier | Examples | What lives in `standards/workflows/` | Where logic lives | Edits allowed in adopting repo | | ||
| |---|---|---|---|---| | ||
| | **1. Stub** | `claude.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. | | ||
| | **1. Stub** | `dev-lead.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. | |
There was a problem hiding this comment.
The promotion of dev-lead.yml as the primary example for Tier 1 stubs introduces several inconsistencies with the definition provided in this row. Specifically:
- Repository Path: The definition specifies
petry-projects/.github, butdev-lead.ymldelegates to.github-private. - Version Pinning: The definition specifies
@v1, butdev-lead.ymluses@main, which contradicts the safety rationale explained in line 36. - Editability: The definition states "None in normal use", but the
dev-lead.ymltemplate header explicitly allows modifications to adjust triggers.
Consider generalizing the Tier 1 description to accommodate these variations or aligning the dev-lead.yml implementation with the established standard.
| | **1. Stub** | `dev-lead.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. | | |
| | 1. Stub | dev-lead.yml, dependency-audit.yml, dependabot-automerge.yml, dependabot-rebase.yml, agent-shield.yml, feature-ideation.yml | A thin caller stub that delegates to a central reusable workflow (e.g. in .github or .github-private) | The matching *-reusable.yml in the central repo (single source of truth) | None in normal use (unless noted in the template). May tune with: inputs where the reusable exposes them (e.g. agent-shield accepts min-severity, required-files; feature-ideation requires project_context). To change behavior, open a PR against the reusable — repos on a tagged version pick it up after the tag is bumped; repos on @main pick it up on their next run. | |
References
- Ensure that updates to workflow templates and triggers are applied consistently across documentation and logic to prevent discrepancies.
There was a problem hiding this comment.
Acknowledged. dev-lead.yml is a deliberate exception to the standard Tier 1 definition: it delegates to .github-private (not .github) and pins via @main. The stub/reusable separation and no-inline-edits contract still hold. Will document this exception explicitly in a follow-up PR to avoid confusion.
| | [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` | | ||
| | [`claude.yml`](workflows/claude.yml) | 1 | Thin caller delegating to the org-level reusable Claude Code workflow (PR reviews, issue automation, CI failure fixes) | | ||
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | | ||
| | ~~[`claude.yml`](workflows/claude.yml)~~ | ~~1~~ | **Deprecated 2026-05.** Replaced by `dev-lead.yml`. See [§5 Migration](#migration-from-claudeyml). | |
There was a problem hiding this comment.
The PR description mentions that the claude.yml template is being deleted. If the file standards/workflows/claude.yml is removed, this link will become broken. Even if the file remains for historical reasons, it is better to remove the link to prevent accidental adoption of a deprecated standard.
| | ~~[`claude.yml`](workflows/claude.yml)~~ | ~~1~~ | **Deprecated 2026-05.** Replaced by `dev-lead.yml`. See [§5 Migration](#migration-from-claudeyml). | | |
| | claude.yml | 1 | Deprecated 2026-05. Replaced by dev-lead.yml. See [§5 Migration](#migration-from-claudeyml). | |
There was a problem hiding this comment.
The template file standards/workflows/claude.yml is being kept for historical reference — it is not deleted in this PR. The link in the deprecated table row remains valid.
| > **Deprecated.** `claude.yml` has been removed from all `petry-projects` repos and replaced by | ||
| > `dev-lead.yml`. See [Adopting the Dev-Lead Agent](#adopting-the-dev-lead-agent) and | ||
| > [Migration from `claude.yml`](#migration-from-claudeyml). The content below is preserved for | ||
| > historical reference only. |
There was a problem hiding this comment.
The deprecation banner states that claude.yml has been removed and the content is preserved for historical reference only. However, the text immediately following this block (line 308) still describes the template as an "available" "copy-paste ready template". This is inconsistent. Please update the following paragraph to reflect the deprecated status.
References
- Ensure that updates to bot handles or mention triggers are applied consistently across both documentation and the corresponding GitHub Actions workflow logic to prevent discrepancies between documented behavior and actual trigger logic.
There was a problem hiding this comment.
Fixed: the sentence now reads "The template at standards/workflows/claude.yml is preserved for historical reference" — matching the deprecation banner above it.
There was a problem hiding this comment.
Pull request overview
Updates the CI/CD standards documentation to reflect the retirement of the claude.yml Tier-1 stub and promotion of dev-lead.yml, and removes the repo’s own claude.yml workflow stub.
Changes:
- Replaces
claude.ymlwithdev-lead.ymlin the Tier 1 stub examples and addsdev-lead.ymlto the “Available templates” table while markingclaude.ymlas deprecated. - Adds a deprecation banner to the Claude Code section with links to Dev-Lead adoption/migration guidance.
- Deletes
.github/workflows/claude.ymlfrom this repository.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| standards/ci-standards.md | Promotes dev-lead.yml, deprecates claude.yml, and adds a deprecation banner with migration pointers. |
| .github/workflows/claude.yml | Removes the in-repo Claude stub workflow. |
Comments suppressed due to low confidence (4)
standards/ci-standards.md:49
claude.ymlis marked deprecated here, but the compliance audit still treatsclaude.ymlas a REQUIRED workflow (seescripts/compliance-audit.shREQUIRED_WORKFLOWS) and has claude-specific checks. Either update the standard wording to match current enforcement (e.g., “deprecated but still required until ”), or update the compliance requirements in the same PR so the docs and enforcement stay aligned.
| [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` |
| [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 |
| ~~[`claude.yml`](workflows/claude.yml)~~ | ~~1~~ | **Deprecated 2026-05.** Replaced by `dev-lead.yml`. See [§5 Migration](#migration-from-claudeyml). |
| [`dependabot-automerge.yml`](workflows/dependabot-automerge.yml) | 1 | Auto-approve and squash-merge eligible Dependabot PRs |
standards/ci-standards.md:302
- Changing this heading text will change GitHub’s auto-generated anchor for the section. Multiple files in this repo hardcode the old anchor (
…ci-standards.md#4-claude-code-claudeyml, e.g.standards/workflows/claude.ymland.github/workflows/claude-code-reusable.yml), so this update will break those links. Consider adding an explicit stable anchor (HTML id) or updating all in-repo references to the new anchor.
### 5. Claude Code (`claude.yml`) — *Deprecated 2026-05*
> **Deprecated.** `claude.yml` has been removed from all `petry-projects` repos and replaced by
standards/ci-standards.md:308
- This deprecation banner says the workflow was removed and the section is “historical reference only,” but the next lines still read like active adoption guidance (e.g., “A copy‑paste ready template is available…”). To avoid accidental adoption, reword the remaining section in past tense and/or replace the adoption pointer with a direct link to
dev-lead.ymlas the supported path.
> [Migration from `claude.yml`](#migration-from-claudeyml). The content below is preserved for
> historical reference only.
AI-assisted code review on PRs and issue automation via Claude Code Action.
A copy-paste ready template is available at [`standards/workflows/claude.yml`](workflows/claude.yml).
standards/ci-standards.md:25
- This Tier 1 description says stubs delegate via
uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1, butdev-lead.yml(and some other templates) actually delegate topetry-projects/.github-private/...@mainor a pinned SHA. Withdev-lead.ymlnow listed as a Tier 1 stub example, update this description (and the “Why pin to @v1?” explanation below, if needed) so it matches the actual templates.
| **1. Stub** | `dev-lead.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| | Tier | Examples | What lives in `standards/workflows/` | Where logic lives | Edits allowed in adopting repo | | ||
| |---|---|---|---|---| | ||
| | **1. Stub** | `claude.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. | | ||
| | **1. Stub** | `dev-lead.yml`, `dependency-audit.yml`, `dependabot-automerge.yml`, `dependabot-rebase.yml`, `agent-shield.yml`, `feature-ideation.yml` | A thin caller stub that delegates via `uses: petry-projects/.github/.github/workflows/<name>-reusable.yml@v1` | The matching `*-reusable.yml` in this repo (single source of truth) | **None** in normal use. May tune `with:` inputs where the reusable exposes them (e.g. `agent-shield` accepts `min-severity`, `required-files`; `feature-ideation` requires `project_context`). To change behavior, open a PR against the reusable in this repo — repos on `@v1` pick it up after the `v1` tag is bumped; repos on `@main` pick it up on their next run. | |
There was a problem hiding this comment.
Fixed in this commit: the Required Workflows overview now says "SonarCloud, and Dev-Lead Agent workflows are documented as patterns below" and the new-repo checklist step 5 now says "Add dev-lead.yml".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ee0cf490ce
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| |----------|------|---------| | ||
| | [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` | | ||
| | [`claude.yml`](workflows/claude.yml) | 1 | Thin caller delegating to the org-level reusable Claude Code workflow (PR reviews, issue automation, CI failure fixes) | | ||
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | |
There was a problem hiding this comment.
Promoting dev-lead.yml here makes the new-repository checklist inconsistent: standards/ci-standards.md:1036 still instructs new repos to “Add claude.yml” for AI code review. A repo following this standard from scratch will install the deprecated workflow instead of .github/workflows/dev-lead.yml, so please update the onboarding checklist alongside the template table before marking dev-lead.yml as the replacement.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed: step 5 of the "Applying CI to a New Repository" checklist now reads "Add dev-lead.yml from standards/workflows/ for AI-driven PR automation".
| |----------|------|---------| | ||
| | [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` | | ||
| | [`claude.yml`](workflows/claude.yml) | 1 | Thin caller delegating to the org-level reusable Claude Code workflow (PR reviews, issue automation, CI failure fixes) | | ||
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | |
There was a problem hiding this comment.
After adding dev-lead.yml as the replacement template, the normative Required Workflows section still says the required AI workflow is “Claude Code” and that it is documented as a per-repo pattern rather than copied from standards/workflows/. Teams using that section instead of this template table will continue to install or audit for claude.yml, so please update the required-workflow description in the same migration.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed in the same commit — both the normative Required Workflows overview and the new-repo checklist now reference dev-lead.yml rather than claude.yml.
| |----------|------|---------| | ||
| | [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` | | ||
| | [`claude.yml`](workflows/claude.yml) | 1 | Thin caller delegating to the org-level reusable Claude Code workflow (PR reviews, issue automation, CI failure fixes) | | ||
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | |
There was a problem hiding this comment.
Making dev-lead.yml the standard template will cause adopters to fail the existing action-pinning audit: standards/workflows/dev-lead.yml calls petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@main, while scripts/compliance-audit.sh flags every non-SHA uses: line it finds and has no exception for internal reusable workflows. Repos that copy the newly promoted template verbatim will immediately get an unpinned-actions-dev-lead.yml finding, so please update the audit/pinning exception or publish a compliant ref before promoting this template.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Correct. dev-lead.yml uses @main for the reusable ref, which the pinning audit will flag. This requires an exemption in compliance-audit.sh similar to the existing .github exemption for its own reusables. Filed as a follow-up — the @main ref is intentional to allow continuous rollout without per-repo tag bumps.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@standards/ci-standards.md`:
- Around line 300-305: Section "Claude Code (`claude.yml`) — Deprecated 2026-05"
mixes a deprecation banner with actionable setup text; update the remainder of
§5 in standards/ci-standards.md so it is archival-only by removing or converting
any copy-paste templates and operational instructions into historical reference
wording, and add a clear pointer to the new implementation docs in dev-lead.yml
(e.g., replace templates/steps with "See dev-lead.yml" and mark examples as
read-only archive) so teams cannot accidentally re-adopt the deprecated
claude.yml workflow.
- Around line 47-48: Update the table row referencing `claude.yml` so the
retired template is not a clickable link: replace the markdown link
[`claude.yml`](workflows/claude.yml) with plain text `claude.yml` (or
alternatively link it to the migration section `§5 Migration` /
`#migration-from-claudeyml`) and keep the deprecated note bolded; ensure
`dev-lead.yml` remains a normal link and the surrounding wording still indicates
the replacement.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: bc033b51-b894-4c36-9fa7-adb8e3e4855c
📒 Files selected for processing (2)
.github/workflows/claude.ymlstandards/ci-standards.md
💤 Files with no reviewable changes (1)
- .github/workflows/claude.yml
… claude.yml to dev-lead.yml
…ed workflows and stubs
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cb50519ffe
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # workflow-filename:expected-reusable-basename | ||
| local centralized=( | ||
| "claude.yml:claude-code-reusable" | ||
| "dev-lead.yml:dev-lead-reusable" |
There was a problem hiding this comment.
For any non-.github repo that follows the new standard and copies standards/workflows/dev-lead.yml, this stub check will still emit non-stub-dev-lead.yml: the canonical template's job uses petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@main, while this entry makes the audit expect petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1. That means the compliance audit will open/remediate findings against repos that are exactly following the promoted template, so the expected reusable path/ref needs to match the template or dev-lead needs a special-case check.
Useful? React with 👍 / 👎.
| # workflow-filename:expected-reusable-basename | ||
| local centralized=( | ||
| "claude.yml:claude-code-reusable" | ||
| "dev-lead.yml:dev-lead-reusable" |
There was a problem hiding this comment.
When a repo adds the newly required dev-lead.yml but forgets the migration step that deletes the old claude.yml, the audit now has no check that reports the retired workflow: claude.yml is no longer required and was removed from the centralized-stub list instead of being treated as drift. Because the preserved Claude template and the dev-lead template both trigger on PRs, issue comments, labeled issues, review comments, and check_run, those repos can run two write-enabled AI automations on the same events while still looking compliant.
Useful? React with 👍 / 👎.
Address CodeRabbit review comments on PR #301: - Remove link from deprecated claude.yml table row (plain text in strikethrough) - Convert §5 "Standard configuration:" to a clearly-archived read-only block - Rewrite Required secrets/labels as past-tense historical notes - Convert operational paragraphs (permissions, dependabot, issue trigger, maintainer notification) to past tense to prevent accidental re-adoption Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
|
don-petry
dismissed
coderabbitai[bot]’s stale review
CodeRabbit re-reviewed and passed after the archival cleanup commit (8b06047). Both inline comments have been addressed: removed the link from the deprecated claude.yml table row and converted §5 to archival-only wording.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b060477d2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | | ||
| | ~~`claude.yml`~~ | ~~1~~ | **Deprecated 2026-05.** Replaced by `dev-lead.yml`. See [§5 Migration](#migration-from-claudeyml). | |
There was a problem hiding this comment.
When a maintainer follows this updated template list and new-repo checklist, the later “Current Repository CI Status” section still tracks a Claude column/gaps and the “Version Inconsistencies” section still tells all repos to align Claude Code Action to a specific version. That leaves the same standard simultaneously saying dev-lead.yml replaced claude.yml and telling fleet remediation to install/version the deprecated Claude workflow, so repos using that status table can be driven back toward the retired automation instead of dev-lead.
Useful? React with 👍 / 👎.
| **Required labels:** The `claude` label (color: `7c3aed`) must exist on every | ||
| repository. The weekly compliance audit ensures this label is present. It can | ||
| also be applied manually to any issue to trigger Claude. | ||
| *Historical labels: `claude` (color: `7c3aed`) — was required on every repo for issue-triggered automation.* |
There was a problem hiding this comment.
This makes the claude label look historical-only, but the current compliance audit still creates and applies that label specifically “so agents can pick them up” (scripts/compliance-audit.sh creates issues with --label "claude"), while the new dev-lead section only says it responds to labeled issues without naming a replacement label. Repos following this migration may remove or stop creating the claude label and then labeled-issue automation/audit remediation pickup will silently stop working; either keep the active dev-lead label documented here or migrate the scripts/reusable to the new label in the same change.
Useful? React with 👍 / 👎.
| |----------|------|---------| | ||
| | [`agent-shield.yml`](workflows/agent-shield.yml) | 1 | Deep agent-config security scan via `ecc-agentshield` | | ||
| | [`claude.yml`](workflows/claude.yml) | 1 | Thin caller delegating to the org-level reusable Claude Code workflow (PR reviews, issue automation, CI failure fixes) | | ||
| | [`dev-lead.yml`](workflows/dev-lead.yml) | 1 | Event-driven AI automation (PR fixes, CI relay, review responses, issue handling) — replaced `claude.yml` 2026-05 | |
There was a problem hiding this comment.
Promoting dev-lead.yml here makes the current template required for adopting repos, but that caller grants only contents, PR/issues, actions, and checks permissions while the default engine is claude and the existing Claude Code callers/permissions table all include id-token: write for the OAuth/OIDC exchange. Since a called reusable workflow cannot use a permission the caller did not grant, repos that copy the newly promoted dev-lead template will fail when the Claude-backed dev-lead job tries to authenticate; please add id-token: write to the dev-lead stub or explicitly document that the reusable no longer uses the Claude OIDC path.
Useful? React with 👍 / 👎.
Summary
Shadow period complete. This PR updates
ci-standards.mdto reflectclaude.ymlretirement:claude.ymlwithdev-lead.ymlin the Tier 1 stub examples tabledev-lead.ymlrow to the available templates table; marksclaude.ymlrow as deprecatedclaude.yml).github/workflows/claude.ymltemplate (stub template is no longer needed;dev-lead.ymltemplate already exists atstandards/workflows/dev-lead.yml)The dev-lead adoption docs already live at the bottom of this file (added during Phase 1.5 rollout); this PR promotes
dev-lead.ymlto first-class standard status.Test plan
standards/workflows/dev-lead.ymltemplate is present (not deleted)#migration-from-claudeyml,#adopting-the-dev-lead-agent)🤖 Generated with Claude Code
Summary by CodeRabbit
Chores
Documentation