Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/rulesets/next.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
{
"type": "pull_request",
"parameters": {
"required_approving_review_count": 0,
"required_approving_review_count": 1,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve Dependabot's unreviewed auto-merge path

With Dependabot updates targeting next (.github/dependabot.yml lines 8 and 21), this new required approval blocks the non-major dependency flow in .github/workflows/dependabot-auto-merge.yml lines 28-30: that job only runs gh pr merge --auto --squash, and GitHub documents that auto-merge completes only when all required reviews and checks are met (https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request). Since the maintainer guide says patch/minor Dependabot PRs auto-merge once checks pass, these PRs will now sit waiting for a human approval unless the workflow is changed to do an explicit bypass merge after checks or the review requirement is exempted for that bot path.

Useful? React with 👍 / 👎.

"dismiss_stale_reviews_on_push": false,
"require_code_owner_review": false,
"require_last_push_approval": false,
Expand Down
6 changes: 3 additions & 3 deletions GOVERNANCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,9 +84,9 @@ a PR with ≥1 Habilité (CODEOWNERS) approval, passing checks (`lefthook
form: [`.github/rulesets/main.json`](.github/rulesets/main.json) (enforced once
the repo is public / on a paid plan).

`next` is the integration branch: PRs and passing checks, no direct push or
deletion, but no required review so the week's work batches quickly. The release
bot bypasses to push the automated back-merge. Machine-readable form:
`next` is the integration branch: PRs with ≥1 review and passing checks, no
direct push or deletion. The release bot bypasses to push the automated
back-merge, and the `admin` team may merge without a second review. Machine-readable form:
[`.github/rulesets/next.json`](.github/rulesets/next.json). The release flow is in
[`RELEASE.md`](RELEASE.md).

Expand Down
8 changes: 5 additions & 3 deletions docs/MAINTAINERS.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ Dependabot labels its PRs `dependencies` only (ecosystem sub-labels were dropped

release-please opens/updates a `chore: release main` PR on each push to `main`.

1. Review the version bumps + changelog in the release PR (it is authored by the **aidd-bot** App, so its checks run normally).
2. Merge it: `gh pr merge <n> --squash`. No admin needed - the App is a ruleset bypass actor, so its PRs merge once checks pass.
1. (Optional) Review the version bumps + changelog. The PR is authored by the **aidd-bot** App, so its checks run normally.
2. CI **auto-merges** it with the App token (`--squash --admin`); no human step is needed. `--admin` is required because a plain `gh pr merge` is refused even for the bypass App.
3. CI tags each bumped package, creates the GitHub Releases, and attaches the bundles:
- `aidd-framework-marketplace-X.Y.Z.zip` (`.claude-plugin/` + `plugins/`)
- `<plugin>-vX.Y.Z.zip`
Expand All @@ -109,7 +109,9 @@ Two bypass actors (both `pull_request` mode, so neither can push directly to `ma

The App: ID in secret `AIDD_BOT_APP_ID`, key in `AIDD_BOT_PRIVATE_KEY`. If the App is broken/uninstalled, release and Dependabot PRs stop merging - fix the App rather than re-adding an admin bypass.

To change protection, edit `.github/rulesets/main.json`, then apply it live:
Head branches are **not** auto-deleted on merge (`delete_branch_on_merge: false`): the promote PR merges `next` into `main` without deleting `next`, so the back-merge that realigns `next` afterwards never hits a missing branch. Do not re-enable the setting.

To change protection, edit `.github/rulesets/main.json` (or `next.json`), then apply it live:
```bash
gh api -X PUT repos/ai-driven-dev/framework/rulesets/<id> --input .github/rulesets/main.json
```
Expand Down
3 changes: 2 additions & 1 deletion docs/RELEASE.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,5 @@ ruleset). After each release it either realigns `next` onto `main` (when `next`
holds no unreleased work, the normal case) or keeps a merge (when it does), so
the rebase-promote hash drift never accumulates. If it ever cannot push, it
opens an issue labelled `back-merge-failed`; resync by opening a `main -> next`
PR.
PR. If `next` is missing entirely (it must not be — head branches are not
auto-deleted), recreate it from `main` first: `git push origin main:next`.