chore(ci): branch-protection parity with mailrag (#78)#81
Open
fmasi wants to merge 1 commit into
Open
Conversation
Bring repo governance in line with the mailrag setup and fix the #78 "Main guard" lockout (ruleset required CodeQL/code_quality/Copilot checks that never ran, forcing an admin bypass stopgap). - Add .github/dependabot.yml (Swift SPM + SHA-pinned GitHub Actions, weekly). - Add .github/workflows/claude-code-review.yml (auto PR review, SHA-pinned; skips cleanly when CLAUDE_CODE_OAUTH_TOKEN is absent). - Remove setup-branch-protection.yml: it set *classic* branch protection, which conflicts with the "Main guard" ruleset we standardize on. Protection is now managed via the ruleset (edited out-of-band) gating on the working `test` status check + CodeQL (default setup enabled), dropping the unsatisfiable code_quality/copilot_code_review rules. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Brings repo governance in line with
fmasi/mailragand resolves the #78 "Main guard" lockout.Background (#78)
The
mainruleset requiredcode_scanning(CodeQL),code_quality, andcopilot_code_review— none of which were wired up, so all merges tomainwere blocked and an admin-bypass stopgap was added. Meanwhile the workingtestcheck (Swift suite on macOS) was never made a required gate.Changes in this PR (files)
.github/dependabot.yml— Swift SPM + SHA-pinned GitHub Actions, weekly..github/workflows/claude-code-review.yml— auto PR review (SHA-pinned action); skips cleanly whenCLAUDE_CODE_OAUTH_TOKENis absent..github/workflows/setup-branch-protection.yml— it configured classic branch protection (also requiringtest), which conflicts with the ruleset. Standardising on the ruleset as the single source of truth.Companion changes applied out-of-band (GitHub settings, not in this diff)
code_scanningactually runs.teststatus check, keep CodeQL, dropcode_quality+copilot_code_review(can't run here), keep deletion/force-push protection and the PR requirement, keep the admin bypass.After merge,
mainis gated on greentest+ CodeQL via a real, satisfiable ruleset — no more admin-bypass lockout.🤖 Generated with Claude Code