docs: safe admin merge procedure — disable auto-merge first#84
Closed
docs: safe admin merge procedure — disable auto-merge first#84
Conversation
Document the race condition where disabling enforce_admins allows auto-merge PRs to merge without required approvals (issue #83). Updated the admin merge workaround with steps to disable/re-enable auto-merge on other PRs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the solo-repo “admin merge workaround” documentation to avoid a race condition where temporarily disabling enforce_admins can allow other auto-merge-enabled PRs to merge without required approvals.
Changes:
- Adds a step to disable auto-merge on other open PRs before disabling
enforce_admins. - Documents a safer step-by-step sequence (disable auto-merge → disable
enforce_admins→ admin merge → re-enableenforce_admins→ restore auto-merge). - Adds an explicit warning describing the observed failure mode (refs issue #83 / PR #69).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+365
to
+382
| # 1. FIRST: Disable auto-merge on all other open PRs (CRITICAL — race condition, see #83) | ||
| for pr in $(gh pr list --state open --json number,autoMergeRequest --jq '.[] | select(.autoMergeRequest != null) | .number'); do | ||
| gh pr merge --disable-auto "$pr" | ||
| done | ||
|
|
||
| # 2. Temporarily disable enforce_admins | ||
| gh api repos/OWNER/REPO/branches/main/protection/enforce_admins -X DELETE | ||
|
|
||
| # Admin merge | ||
| # 3. Admin merge | ||
| gh pr merge <PR> --merge --admin --delete-branch | ||
|
|
||
| # Re-enable | ||
| # 4. Re-enable enforce_admins | ||
| gh api repos/OWNER/REPO/branches/main/protection/enforce_admins -X POST | ||
|
|
||
| # 5. Re-enable auto-merge on those PRs | ||
| for pr in <saved list>; do | ||
| gh pr merge --enable-auto --merge "$pr" | ||
| done |
Comment on lines
+370
to
377
| # 2. Temporarily disable enforce_admins | ||
| gh api repos/OWNER/REPO/branches/main/protection/enforce_admins -X DELETE | ||
|
|
||
| # Admin merge | ||
| # 3. Admin merge | ||
| gh pr merge <PR> --merge --admin --delete-branch | ||
|
|
||
| # Re-enable | ||
| # 4. Re-enable enforce_admins | ||
| gh api repos/OWNER/REPO/branches/main/protection/enforce_admins -X POST |
Owner
Author
|
Rolling this into a larger pipeline improvements PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Documents the race condition discovered in issue #83 where disabling enforce_admins allows auto-merge PRs to merge without required approvals.
Updated the admin merge workaround in
docs/agentic-workflows.mdwith the safe procedure:Refs #83