Skip to content

chore(framework): require review on next + sync release-flow docs#382

Merged
blafourcade merged 2 commits into
nextfrom
chore/next-required-review
Jul 1, 2026
Merged

chore(framework): require review on next + sync release-flow docs#382
blafourcade merged 2 commits into
nextfrom
chore/next-required-review

Conversation

@blafourcade

Copy link
Copy Markdown
Contributor

Codifies the review requirement on next: next.json → 1 approval + GOVERNANCE.md updated (was "no required review"). The live ruleset already enforces 1; this resyncs the source file and doc with it, per the MAINTAINERS 'keep file and live ruleset in sync' rule.

Release bot (App, always-bypass) and admin team keep their bypass, so automation and lead-maintainer self-merge are unaffected.

🤖 Generated with Claude Code

blafourcade and others added 2 commits July 1, 2026 21:33
Codify the review requirement on the `next` integration branch: bump
`.github/rulesets/next.json` to one required approval and update GOVERNANCE.md,
which previously documented "no required review". The live ruleset already
enforces this; this brings the source file and the governance doc back in sync
with it. Trades a little batch velocity for a review gate on non-bypass PRs; the
release bot and the admin team keep their existing bypass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Three doc/reality gaps found while auditing the promote/back-merge flow:

- MAINTAINERS said the Release PR merges with "no admin needed"; CI actually
  auto-merges it `--squash --admin` (a plain merge is refused even for the
  bypass App). Corrected to match ci.yml.
- Documented that head branches are not auto-deleted
  (`delete_branch_on_merge: false`), so `next` survives the promote and the
  back-merge never hits a missing branch.
- Added the recovery step when `next` is somehow missing: recreate it from
  `main` before resyncing.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@blafourcade blafourcade changed the title chore(framework): require one review on next chore(framework): require review on next + sync release-flow docs Jul 1, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b28de6b414

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

"type": "pull_request",
"parameters": {
"required_approving_review_count": 0,
"required_approving_review_count": 1,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve Dependabot's unreviewed auto-merge path

With Dependabot updates targeting next (.github/dependabot.yml lines 8 and 21), this new required approval blocks the non-major dependency flow in .github/workflows/dependabot-auto-merge.yml lines 28-30: that job only runs gh pr merge --auto --squash, and GitHub documents that auto-merge completes only when all required reviews and checks are met (https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request). Since the maintainer guide says patch/minor Dependabot PRs auto-merge once checks pass, these PRs will now sit waiting for a human approval unless the workflow is changed to do an explicit bypass merge after checks or the review requirement is exempted for that bot path.

Useful? React with 👍 / 👎.

@blafourcade blafourcade merged commit a521887 into next Jul 1, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant