Skip to content

chore: strip incident-history narration from fleet-synced templates#29

Merged
ANcpLua merged 2 commits into
mainfrom
chore/template-comment-truth
Jul 3, 2026
Merged

chore: strip incident-history narration from fleet-synced templates#29
ANcpLua merged 2 commits into
mainfrom
chore/template-comment-truth

Conversation

@ANcpLua

@ANcpLua ANcpLua commented Jul 3, 2026

Copy link
Copy Markdown
Owner

Comment-truth sweep of the templates this repo syncs fleet-wide, plus the repo's own workflows/scripts/README.

Deleted (history/narration that would propagate into every fleet repo):

  • templates/auto-merge.yml + .github/workflows/auto-merge.yml (kept byte-identical so the sweep's canonical check still passes): AUTOMERGE_APP_ID deletion story, renovate-config archive date, dead-alternative defenses ("no PR-heal cron", "no custom App").
  • templates/nuget-publish.yml: "Why this is canonical" essay (QYL missing-workflow incident), "AL's Dummy trick" migration note.
  • templates/branch-protection.json: PR#174 incident narration in _why_each_key → one present-tense constraint (field is stripped before PUT by the sync script, so no behavior change).
  • enforce-repo-settings.yml: PR#170 premature-merge incident in the auto-merge sync comment; justification padding in the nuget sync comment.
  • scripts/sync-branch-protection.sh, sync-nuget-secret.sh, remove-retired-review-automation.sh: PR#174 story, legacy NUGET_API_KEY comparison, retirement date.
  • README.md: removed-cron-lanes changelog (codex-review/pr-heal) and "no third-party App / no destructive workflow" dead-pattern defense.

Kept (verified against the actual sync workflow): sync-source "do not hand-edit" pointers, Renovate platformAutomerge note (preset really sets it), allow_auto_merge prereq (sweep really flips it), CANONICAL-DEPARTURE opt-out (script really honors it), heal-not-seed branch-protection semantics, gh-404-stdout workaround comments.

All edited YAML/JSON validated (yaml.safe_load / json.load), shell scripts pass bash -n. Changes propagate fleet-wide on the next enforce sweep.

🤖 Generated with Claude Code

…nd docs

Template headers and repo docs carried past-incident stories (PR#170
owner-clause bug, PR#174 lockout, AUTOMERGE_APP_ID deletion, removed
codex-review/pr-heal cron lanes, legacy NUGET_API_KEY). These propagate
fleet-wide on every enforce sweep and keep dead failure modes alive.
Kept only present-tense operational invariants: sync-source pointers,
prereqs, opt-out markers, and live constraints.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 3, 2026 03:44
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)
Validation error: Unrecognized key: "tools"
⚙️ Configuration instructions
  • Please see the configuration documentation for more information.
  • You can also validate your configuration using the online YAML validator.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 846e236c-f8aa-4093-87f6-0e29ef7763d3

📥 Commits

Reviewing files that changed from the base of the PR and between 07523a1 and ba41650.

📒 Files selected for processing (1)
  • templates/branch-protection.json
📜 Recent review details
🧰 Additional context used
📓 Path-based instructions (1)
templates/**

⚙️ CodeRabbit configuration file

Treat templates as fleet source of truth. Verify downstream sync behavior and avoid template-workflow drift.

Files:

  • templates/branch-protection.json
🔇 Additional comments (1)
templates/branch-protection.json (1)

4-4: LGTM!


📝 Walkthrough

Summary by CodeRabbit

  • Documentation
    • Updated guidance on native auto-merge, including trusted automation branch handling and branch-protection posture.
    • Refreshed the README “Auto-Merge Posture” section for a shorter, clearer overview.
    • Simplified/modernized explanatory notes for sync and maintenance automation, including trusted token publishing and enforced branch-protection rationale.
    • Clarified allowed “departure” reasons for package publishing documentation.

No workflow behavior was changed; this is documentation-only.

Walkthrough

This PR rewrites comments and README text in workflow, script, and template files to reflect current auto-merge, NuGet trusted publishing, branch-protection, and retired-automation documentation. No executable workflow, script, or template logic changed.

Changes

Automation documentation refresh

Layer / File(s) Summary
Auto-merge comments
.github/workflows/auto-merge.yml, templates/auto-merge.yml, .github/workflows/enforce-repo-settings.yml, README.md
Auto-merge workflow and README text were updated to describe native GitHub auto-merge, trusted automation branch prefixes, Renovate handling, and the canonical template sync path.
NuGet comments
.github/workflows/enforce-repo-settings.yml, scripts/sync-nuget-secret.sh, templates/nuget-publish.yml
NuGet sync and template comments were rewritten to describe OIDC trusted publishing and the canonical departure reasons.
Branch protection comments
scripts/sync-branch-protection.sh, templates/branch-protection.json, scripts/remove-retired-review-automation.sh
Branch-protection and retired-automation comments were updated to restate key ownership, forced required_conversation_resolution: false, and the retired automation scope.

Estimated code review effort: 1 (Trivial) | ~5 minutes

🚥 Pre-merge checks | ✅ 7
✅ Passed checks (7 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the PR’s main change: removing incident-history narration from fleet-synced templates and related files.
Description check ✅ Passed The description is clearly related to the diff and explains the comment cleanup across templates, workflows, scripts, and the README.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
No Retired Reviewers ✅ Passed HEAD only changes templates/branch-protection.json wording; no Codacy, triage-bot, reviewer-triage, or bot-review workflow was added/restored.
Automation Is Event Scoped ✅ Passed Only comments changed; auto-merge stays event-driven and the only cron sweeps are weekly settings/drift jobs, not PR review/repair polling.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/template-comment-truth
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch chore/template-comment-truth
  • 🛠️ repair automation
  • 🛠️ cleanup stale review automation

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes incident-history narration and other non-essential background commentary from fleet-synced templates and this repo’s own workflows/scripts/README, aiming to keep only present-tense, operationally relevant guidance that will propagate cleanly across the fleet.

Changes:

  • Simplifies/updates header comments across synced workflow templates and enforcement scripts to remove historical narration while keeping operational constraints.
  • Trims README documentation to remove removed-cron history and “dead-pattern defense” explanations, keeping current posture.
  • Updates enforcement-workflow inline comments to be shorter and focused on current behavior.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
templates/nuget-publish.yml Trims opt-out rationale commentary while keeping canonical / departure guidance.
templates/branch-protection.json Rewords _why_each_key explanations to remove incident narration (note: one line needs accuracy tweak).
templates/auto-merge.yml Replaces historical narration with concise present-tense description of intent/prereqs.
scripts/sync-nuget-secret.sh Simplifies trusted-publishing secret commentary.
scripts/sync-branch-protection.sh Replaces incident narrative with concise rationale for forced keys.
scripts/remove-retired-review-automation.sh Shortens “retired automation” explanation while preserving key constraints.
README.md Removes changelog-style narration and keeps current auto-merge/cleanup posture.
.github/workflows/enforce-repo-settings.yml Condenses explanatory comments around NuGet + auto-merge syncing behavior.
.github/workflows/auto-merge.yml Keeps workflow byte-identical to template while updating header commentary.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread templates/branch-protection.json Outdated
"_comment": "Canonical branch-protection overrides applied to every fleet repo's default branch by scripts/sync-branch-protection.sh (called from .github/workflows/enforce-repo-settings.yml). Only keys present here are FORCED; everything else (CI checks, review requirements, restrictions) is preserved per-repo. To extend: add a key here, the sync engine picks it up on the next run.",
"_why_each_key": {
"required_conversation_resolution": "PR #174 on ANcpLua/ANcpLua.Analyzers (2026-05-25) was blocked by orphaned bot review threads after a reviewer integration was removed. With conv_resolution=true, any removed bot reviewer can lock the fleet out of merging until each thread is manually resolved. Forcing this to false moves the gate to sturdier mechanisms (CI checks + required reviews when present) that do not depend on per-thread state managed by a reviewer that may no longer exist.",
"required_conversation_resolution": "Forced false: orphaned review threads from a removed bot reviewer can block merging with no way to resolve them; the merge gate stays with CI checks and required reviews instead of per-thread state.",
Comment thread templates/branch-protection.json Outdated
@ANcpLua

ANcpLua commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

…m dash

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@ANcpLua

ANcpLua commented Jul 3, 2026

Copy link
Copy Markdown
Owner Author

Both review points accepted and fixed: reworded the absolute 'no way to resolve' claim (threads are manually resolvable — the real issue is the unexpected per-thread gate) and switched \u2014 to a literal em dash for repo consistency.

@ANcpLua ANcpLua merged commit 28dd707 into main Jul 3, 2026
3 checks passed
@ANcpLua ANcpLua deleted the chore/template-comment-truth branch July 3, 2026 05:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants