ci: Add branch policy enforcement and PR template#102
Open
DanielKellerM wants to merge 6 commits into
Open
Conversation
DanielKellerM
force-pushed
the
feat/branch-policy
branch
from
83a5d13 to
071b1a2
Compare
There was a problem hiding this comment.
Pull request overview
This PR introduces branch-policy automation for GitHub PRs and adds a new documentation site + verification assets, including a new rw_obi backend job suite and build-matrix wiring.
Changes:
- Add GitHub workflows to (a) auto-retarget non-maintainer PRs from
mastertodevel, and (b) open/update a rollingdevel -> masterpromotion PR whenverified-internalis applied. - Add/expand contributor-facing process docs (PR template + CONTRIBUTING branch policy).
- Add
rw_obibackend support wiring (idma.mk,jobs/jobs.json, new job suite) and introduce an Astro/Starlight docs site with architecture/guides content and diagrams.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/retarget-to-devel.yml |
Auto-retarget external PRs from master to devel and comment with policy. |
.github/workflows/promote-to-master.yml |
Label-driven rolling promotion PR from devel to master. |
.github/pull_request_template.md |
PR template describing the branch policy + contributor checklist. |
CONTRIBUTING.md |
Documents the new branch policy and fast-track process. |
idma.mk |
Adds rw_obi to the generated backend ID list. |
jobs/jobs.json |
Registers rw_obi variant and its job suite + params. |
jobs/backend_rw_obi/* |
Adds the rw_obi job files suite (simple/small/medium/large/huge/etc). |
doc/.gitignore |
Ignores Astro build artifacts and local diagram outputs. |
doc/site/package.json |
Adds Astro/Starlight docs site dependencies and scripts. |
doc/site/astro.config.mjs |
Starlight sidebar + site configuration. |
doc/site/tsconfig.json |
Strict TS config for the docs site. |
doc/site/src/content.config.ts |
Defines the docs content collection schema. |
doc/site/src/content/docs/** |
New documentation content (overview, architecture, guides). |
doc/site/public/fig/*.svg |
Adds diagrams referenced by the docs pages. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
DanielKellerM
force-pushed
the
feat/branch-policy
branch
2 times, most recently
from
ca9905a to
c7360e2
Compare
Add devel as the staging branch for all external contributions: - retarget-to-devel.yml auto-retargets external PRs from master to devel via author_association check (OWNER/MEMBER/COLLABORATOR may still target master directly for promotion PRs). - promote-to-master.yml opens or extends a rolling devel->master PR when a maintainer applies the verified-internal label to a merged devel PR. - pull_request_template.md surfaces the policy in every new PR. - CONTRIBUTING.md documents the policy with rationale. Maintainers need to create the verified-internal label once (any color, description optional) before promote-to-master.yml fires.
DanielKellerM
force-pushed
the
feat/branch-policy
branch
from
c7360e2 to
e22981b
Compare
- retarget-to-devel: also fire on `edited` so a PR re-targeted to master post-open is still caught. - promote-to-master: swallow the 422 from `pulls.create` when two concurrent gitlab-ci runs race to open the promotion PR. - CONTRIBUTING: use ASCII `->` for greppability.
- promote-to-master: trigger on the parent `ci` workflow_run, not `gitlab-ci` (which is workflow_call-only and never produces its own workflow_run event). `ci` aggregates lint+build+gitlab-ci, so its success is a strictly stronger gate. - promote-to-master: narrow the 422 swallow to only the 'pull request already exists' validation error; rethrow other 422s (missing base, invalid head, no commits between, ...). - promote-to-master: add concurrency group to serialise rapid runs. - retarget-to-devel: add concurrency group keyed on PR number with cancel-in-progress, so rapid edited events don't spawn duplicate jobs. - retarget-to-devel: build the CONTRIBUTING.md link from `context.serverUrl` instead of a relative path, so it renders correctly in PR comments regardless of GitHub's markdown context.
- retarget-to-devel: embed a `<!-- retarget-to-devel -->` HTML marker in the comment body and check for it via paginated listComments before posting. Rapid `edited` events that cancel and re-fire the job no longer post duplicate comments. - retarget-to-devel: wrap createComment in try/catch with core.warning so a transient comment failure (after the retarget already succeeded) does not fail the workflow.
- promote-to-master: downgrade `contents: write` to `contents: read`. The script only calls `repos.compareCommits` (read) and PR APIs already covered by `pull-requests: write`. - CONTRIBUTING: fix pre-existing `pulp_platform` (underscore) to `pulp-platform` (hyphen) — the actual GitHub org slug.
DanielKellerM
force-pushed
the
feat/branch-policy
branch
from
3fbf7cf to
5076e8c
Compare
Matches the single-colon rule enforced by util/lint-commits.py in CI. Now gitlint (run locally via pre-commit) catches the same failure mode that broke this PR's commit-msg lint.
This was referenced May 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a staging-branch workflow so that all external contributions land on
develfirst, are verified by the existinggitlab-cipipeline (which already includes the proprietarynonfree/child pipeline running on the internal GitLab mirror), and only then get promoted tomasterautomatically.What's included
.github/workflows/retarget-to-devel.ymlauthor_association ∉ {OWNER, MEMBER, COLLABORATOR}) that aim atmaster, redirecting them todevelwith a polite comment. Maintainers can still PRmasterdirectly..github/workflows/promote-to-master.ymlciworkflow_run completions. On success+push+devel, opens (or refreshes) a single rollingdevel → masterpromotion PR..github/pull_request_template.mdCONTRIBUTING.md.gitlintutil/lint-commits.py).Tested end-to-end on a sandbox (
DanielKellerM/iDMA-policy-sandbox). Found that the promote workflow fails with:unless the repo setting is enabled at:
Settings → Actions → General → Workflow permissions → ☑ "Allow GitHub Actions to create and approve pull requests"
The retarget workflow does not need this (it uses
pulls.update, which is covered by the existingpull-requests: writetoken scope). Only the promote workflow'spulls.createis gated by this org/repo setting.How promotion works end-to-end
develif it pointed atmaster.ciruns (lint, build, analyze, gitlab-ci, etc.);gitlab-ciincludes thenonfree/child pipeline.devel.develre-triggersci.cicompletes green,promote-to-master.ymlfires and opens/refreshes the rollingdevel → masterPR.Caveat — fork PRs
gitlab-ci.ymlskips on fork PRs (no secrets). To verify a fork PR, push its branch as an internal branch first (e.g.git push origin pr-NNN:pr-NNN-internal) sogitlab-ciruns.Validation done before this PR
actionlint-style static review (workflow YAML, permission scopes, expression syntax)act -ngating tests across 11 scenarios (7 retarget + 4 promote — all match expected)actions/github-scriptbodies with mocked Octokit (10/10 pass) — covers dedup marker, comment-failure tolerance, 422 narrow-swallow, idempotent update vs. createDanielKellerM/iDMA-policy-sandbox): realci → promote-to-masterchain produces correctdevel → masterPR with correct body, head, base.Test plan after merge
pulp-platform/iDMA(one-time, see above)master; verify auto-retarget todevelwith explanatory commentdevel; verify the rollingdevel → masterpromotion PR is opened by the bot aftercigoes greendevel; verify the same promotion PR is refreshed (body updated), not duplicatedNotes
masterremains the default branch.masterdirectly when needed.