T8782: add central Mergify baseline for vyos org

[andamasov]

Summary

• Adds .mergify.yml to vyos/mergify as the central baseline for the vyos org.
• Contains commands_restrictions (9 keys: backport, copy, dequeue, queue, rebase, refresh, requeue, squash, update) restricted to @vyos/maintainers and vyosbot.
• Contains the Label conflicting pull requests rule.
• Sets defaults.actions.backport.ignore_conflicts: false so backport cherry-picks that conflict now fail loudly (error comment on source PR, no destination PR created) instead of committing literal <<<<<<< / ======= / >>>>>>> markers. See in-file comment for the 2026-05-12 incident in vyos/vyos-documentation (#1994 → #1998/#1999 → conf.py markers merged → RTD SyntaxError) that drove this default.
• Adds two pull_request_rules that flag PRs whose title or commit-message headlines do not match the T<digits>: <text> (optionally scope: T<digits>: <text>) format. These replace the reusable workflow at vyos/.github/.github/workflows/check-pr-message.yml; coverage is dormant in any repo until it adopts extends: mergify.
• Per-repo .mergify.yml files reference this via extends: mergify.

Context

Part of T8782 (Mergify central-config rollout). This is subtask T8785 — the vyos-org central baseline PR (1 of 25).

Spec: Mergify Configuration Rollout — Spec v9
IS ticket: IS-432

Note on the repo name: this repo was renamed mergify-config → mergify on 2026-05-09. Any references in the PR description above that earlier read mergify-config have been corrected; the file content uses the current name.

Verification (§7 Tier 1 Checkpoint A)

After merge, open a trivial test PR (whitespace-only README change, ready-for-review) and verify:

• mergify/summary conclusion: "success"
• output.summary contains Label conflicting pull requests

🤖 Generated by robots

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 54c01292-b0c6-4110-9b99-15f3bcedabe1

📥 Commits

Reviewing files that changed from the base of the PR and between 31b3fc6 and d636ec0.

📒 Files selected for processing (1)

• .mergify.yml

📜 Recent review details

🧰 Additional context used

🔍 Remote MCP Context7

Additional relevant facts for review

• Backport ignore_conflicts default: Mergify's BackportActionModel default for ignore_conflicts is true; setting it to false (as this PR does) will cause Mergify to create backport PRs that contain conflicts requiring manual resolution rather than skipping/conflicting silently.

• Backport action behavior and options: the backport action supports parameters including ignore_conflicts, label_conflicts, merge_conflict_style, report_mode, bot_account, branches, title, body, etc. (relevant for validating the PR's backport defaults and any labeling behavior).

• Command restrictions defaults: by default, commands like backport, copy, dequeue, requeue require the sender to have at least write permission; rebase, refresh, squash, and update allow execution if the sender has write permission or is the PR author. Restricting commands to @vyos/maintainers and vyosbot therefore tightens access compared to Mergify defaults.

• commands_restrictions examples: Mergify supports restricting commands by sender (team/user), sender-permission, and branch conditions; the PR's pattern (restricting to a team + bot) is directly supported.

• Configuration inheritance (extends): the extends mechanism loads the extended (remote) configuration first, then the local repository configuration; per-repo .mergify.yml files that use extends: mergify-config will inherit the central baseline and may override or add repository-specific rules. This confirms the PR's intended rollout approach is supported and that local files can override the baseline.

Sources/tools used:

• Resolved library: Mergify (/websites/mergify).
• Mergify docs: configuration schema (BackportActionModel), backport action docs, commands restrictions page, and configuration sharing/extends documentation.

🔇 Additional comments (5)

.mergify.yml (5)

1-17: LGTM!

---

18-35: LGTM!

---

37-47: LGTM!

---

97-110: LGTM!

---

70-96: Regex patterns and Mergify syntax are correct.

The title pattern ^(([a-zA-Z0-9\-_.]+:\s)?)T\d+:\s+[^\s]+.* and commit message negative lookahead ^(?!(([a-zA-Z0-9\-_.]+:\s)?)T\d+:\s+[^\s]+).* both function as intended. Test cases confirm valid titles and commit messages are accepted, while malformed entries (missing text after colon, only whitespace, no T-ID prefix) are properly rejected. The commits[*].commit_message syntax correctly references all commit messages in Mergify conditions, and the toggle action properly applies labels to non-conforming PRs.

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Added a centralized pull-request configuration to standardize workflow behavior.
  • Documented inheritance and YAML-anchor locality for repository configs.
  • Prevented conflicting backports from committing conflict markers.
  • Enforced PR title and commit-message formats for closed PRs.
  • Restricted backport and related commands to authorized maintainers and the bot.

Walkthrough

Adds a repository-level .mergify.yml that documents inheritance/anchor locality (lines 1–17), sets backport conflict handling to fail/comment (lines 18–35), labels closed PRs with conflicts (lines 37–47), enforces PR/commit title format (lines 48–96), and restricts select commands via a YAML anchor (lines 97–110).

Changes

Mergify Configuration

Layer / File(s)	Summary
Header and backport defaults /.mergify.yml (lines 1–35)	Adds schema and header comments (lines 1–17). Sets defaults.actions.backport.ignore_conflicts: false so backports fail or comment on conflicts instead of committing conflict markers (lines 18–35).
Conflict detection and labeling /.mergify.yml (lines 37–47)	Adds a pull_request_rules entry that toggles the conflicts label when the conflict condition is present on closed PRs (lines 37–47).
PR title and commit-first-line validation /.mergify.yml (lines 48–96)	Adds rules toggling invalid-title for closed+unmerged PRs and invalid-commit-title for closed+merged PRs when titles or commit first-lines do not match the T<digits>: [scope:] ... pattern (lines 48–96).
Commands restrictions via YAML anchor /.mergify.yml (lines 97–110)	Defines commands_restrictions with backport: &allowed and reuses *allowed to restrict backport, copy, dequeue, queue, rebase, refresh, requeue, squash, and update to @vyos/maintainers or vyosbot (lines 97–110).

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'T8782: add central Mergify baseline for vyos org' directly matches the PR's main objective: adding a central .mergify.yml configuration file for the vyos organization.
Description check	✅ Passed	The description comprehensively documents all changes: commands_restrictions, label rules, backport conflict handling, PR message format enforcement, and provides context (T8782/T8785, spec links, verification steps).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch t8782-central-baseline

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch t8782-central-baseline

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[andamasov]

@copilot review

[Copilot]

@copilot review

Code Review — .mergify.yml

The configuration looks correct. Here's a summary:

commands_restrictions (lines 29–42)

• All 9 commands (backport, copy, dequeue, queue, rebase, refresh, requeue, squash, update) are present and restricted correctly.
• The or: [sender=@vyos/maintainers, sender=vyosbot] condition parses correctly (verified via yaml.safe_load) — the indentation is valid YAML.
• The &allowed / *allowed anchor pattern cleanly avoids repetition.

pull_request_rules (lines 18–27)

• Label conflicting pull requests uses conflict + -closed conditions with label: toggle, which correctly adds the label when a conflict exists and removes it once resolved. ✓

General

• The yaml-language-server schema hint aids editor tooling. ✓
• The inheritance-semantics comments accurately reflect Mergify docs. ✓
• No issues found.