ci(Mergify): add outdated PR protection

[unclesp1d3r]

This change has been made by @unclesp1d3r from the Mergify merge protections editor.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

Summary by CodeRabbit

• Chores
  • Enhanced merge protection to enforce CI status checks before merging, ensuring code quality and test requirements are met
  • Added safeguard to prevent merging pull requests that are significantly outdated relative to the target branch

Walkthrough

Adds a new Mergify configuration with two merge-protection rules (complex CI success conditions and a "no stale PRs" guard limiting commits-behind to 10) and removes the composite CI status check from the centralized GitHub Actions workflow; individual CI jobs remain unchanged.

Changes

Cohort / File(s)	Summary
Mergify configuration /.mergify.yml	Adds merge_protections: a "CI must pass" rule with nested success_conditions covering multiple CI job names (including handling skipped checks) and a "Do not merge outdated PRs" rule enforcing #commits-behind <= 10 on main.
CI workflow update .github/workflows/ci.yml	Removes the composite ci-pass status-check job that aggregated quality, test, test-cross-platform, and coverage; individual CI jobs remain but no single aggregated gate exists.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub (PR)
    participant Actions as GitHub Actions
    participant Mergify as Mergify
    participant Repo as Repository (main)

    rect rgba(100,149,237,0.5)
    Dev->>GH: Open PR / push commits
    GH->>Actions: Trigger CI jobs (quality, test, test-cross-platform, coverage)
    Actions->>GH: Report individual job statuses
    end

    rect rgba(60,179,113,0.5)
    Note right of GH: Old flow (removed)
    GH->>GH: Aggregate `ci-pass` composite status (was)
    GH->>Repo: Block merge if composite failed (was)
    end

    rect rgba(255,165,0,0.5)
    Note right of Mergify: New flow
    GH->>Mergify: PR opened / status updates
    Mergify->>GH: Evaluate complex success_conditions across statuses
    Mergify->>GH: Check `#commits-behind <= 10`
    Mergify-->>GH: Approve merge if conditions satisfied
    GH->>Repo: Merge PR (when Mergify allows)
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through CI and config cheer,
Rules set tidy, the path is clear.
Ten commits back — no stale surprise,
Checks combined by clever eyes.
A carrot for merges, bright and dear. 🥕

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding outdated PR protection via Mergify configuration.
Description check	✅ Passed	The description is related to the changeset as it identifies the tool (Mergify merge protections editor) used to make the changes, though minimal detail is provided.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch mergify/unclesp1d3r/I193758485da3f1c2dca761f40258f37fb8115310

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 📃 Configuration Change Requirements

Wonderful, this rule succeeded.

Mergify configuration change

• check-success = Configuration changed

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 27e2ec7.

🟢 All jobs passed!

But CI Insights is watching 👀

[Copilot]

Pull request overview

This PR adds a Mergify configuration to establish merge protections for the repository. Mergify is a GitHub automation tool that can enforce merge policies beyond what GitHub's branch protection rules provide. The configuration prevents merging pull requests that have fallen too far behind the main branch.

Changes:

• Adds .mergify.yml configuration file with a single merge protection rule

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

.github/workflows/ci.yml:152

• Removing the ci-pass/CI aggregation job changes the branch-protection surface area: PRs that only touch non-Rust files will now have quality/test/coverage/test-cross-platform skipped with no single always-running status check to satisfy a required-check rule. If branch protection still requires the CI check (as the deleted comment indicates), merges will be blocked; either keep an always-running aggregator job (and make it the required check) or update the repo’s required status checks accordingly.

              with:
                  token: ${{ secrets.QLTY_COVERAGE_TOKEN }}
                  files: lcov.info