Skip to content

chore: promote next to main#384

Merged
blafourcade merged 3 commits into
mainfrom
next
Jul 1, 2026
Merged

chore: promote next to main#384
blafourcade merged 3 commits into
mainfrom
next

Conversation

@aidd-bot

@aidd-bot aidd-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Automated promotion of next to main. Merged by rebase to preserve conventional commits for release-please. Do not squash.

blafourcade and others added 3 commits July 1, 2026 22:05
Codify the review requirement on the `next` integration branch: bump
`.github/rulesets/next.json` to one required approval and update GOVERNANCE.md,
which previously documented "no required review". The live ruleset already
enforces this; this brings the source file and the governance doc back in sync
with it. Trades a little batch velocity for a review gate on non-bypass PRs; the
release bot and the admin team keep their existing bypass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Three doc/reality gaps found while auditing the promote/back-merge flow:

- MAINTAINERS said the Release PR merges with "no admin needed"; CI actually
  auto-merges it `--squash --admin` (a plain merge is refused even for the
  bypass App). Corrected to match ci.yml.
- Documented that head branches are not auto-deleted
  (`delete_branch_on_merge: false`), so `next` survives the promote and the
  back-merge never hits a missing branch.
- Added the recovery step when `next` is somehow missing: recreate it from
  `main` before resyncing.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The per-tool release archives were built with a pinned `@ai-driven-dev/cli@4.6.1`,
a full major behind the published 5.0.2. Verified across all 9 matrix cells:
5.0.2 builds every target, and the only output change is a fix.

In marketplace mode (claude/cursor/copilot), 4.6.1 collapsed aidd-dev's
`plugin.json` `agents` from the source's explicit file list
(`./agents/executor.md`, `./agents/checker.md`) down to a bare `./agents`
directory; 5.0.2 preserves the explicit files, matching the source. The flat
targets and codex are byte-identical between the two versions.

v5 refuses to build when `--out` is absent; the step already `mkdir -p`s it, so
the bump is safe.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@aidd-bot aidd-bot Bot enabled auto-merge (rebase) July 1, 2026 20:27
@blafourcade blafourcade merged commit 1398467 into main Jul 1, 2026
11 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 364cf2d4d9

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread docs/MAINTAINERS.md
To change protection, edit `.github/rulesets/main.json`, then apply it live:
Head branches are **not** auto-deleted on merge (`delete_branch_on_merge: false`): the promote PR merges `next` into `main` without deleting `next`, so the back-merge that realigns `next` afterwards never hits a missing branch. Do not re-enable the setting.

To change protection, edit `.github/rulesets/main.json` (or `next.json`), then apply it live:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the matching ruleset file when applying next protection

When the change is to next.json, this new parenthetical tells maintainers to use the same apply block, but the block still uploads .github/rulesets/main.json. If they substitute the next ruleset id while following this guidance, GitHub receives the main ruleset payload, including the refs/heads/main condition, for the next ruleset and next is left without the intended protection; please split the commands or make the file/id placeholders match.

Useful? React with 👍 / 👎.

"type": "pull_request",
"parameters": {
"required_approving_review_count": 0,
"required_approving_review_count": 1,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve Dependabot auto-merge when requiring reviews

For non-major Dependabot PRs targeting next, .github/workflows/dependabot-auto-merge.yml only runs gh pr merge --auto --squash; the upstream gh pr merge manual says --auto merges only after necessary requirements are met, while --admin is the flag for merging despite unmet requirements. With this line adding a required approval and no workflow step that approves the PR, those patch/minor dependency PRs will now wait for a human review instead of auto-merging once checks pass, so either keep Dependabot exempt/approved or use an explicit bypass path for that workflow.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant