fix: add apply-repo-settings.sh to enforce delete_branch_on_merge#118
fix: add apply-repo-settings.sh to enforce delete_branch_on_merge#118
Conversation
… other org-required settings Adds `.github/scripts/apply-repo-settings.sh` — an idempotent script that applies all repository settings required by the petry-projects org standard (github-settings.md#repository-settings--standard-defaults). The `delete_branch_on_merge` setting has been confirmed `true` via the GitHub API. Running this script after any unintended settings drift restores compliance without manual UI intervention. Closes #90 Co-authored-by: don-petry <don-petry@users.noreply.github.com>
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 44 minutes and 44 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Self-review
No issues found. @don-petry — ready for your review and merge. The
|
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds a reusable script to enforce GitHub repository settings (notably delete_branch_on_merge=true) to prevent configuration drift and support org compliance.
Changes:
- Adds
.github/scripts/apply-repo-settings.shto PATCH repo settings viagh api - Validates
GH_TOKENpresence and prints the resulting settings for verification
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Requirements: | ||
| # - GH_TOKEN must have administration:write scope (repo admin role) | ||
| # - gh CLI must be installed |
There was a problem hiding this comment.
The script pipes output to jq but the Requirements section only mentions the gh CLI, and set -euo pipefail will cause the script to fail if jq is not installed. Either (a) remove the | jq . and rely on gh api --jq output, or (b) update the Requirements to include jq (and optionally add a small preflight check that jq is available).
| has_wiki, | ||
| squash_merge_commit_title, | ||
| squash_merge_commit_message | ||
| }' | jq . |
There was a problem hiding this comment.
The script pipes output to jq but the Requirements section only mentions the gh CLI, and set -euo pipefail will cause the script to fail if jq is not installed. Either (a) remove the | jq . and rely on gh api --jq output, or (b) update the Requirements to include jq (and optionally add a small preflight check that jq is available).
|
|
||
| set -euo pipefail | ||
|
|
||
| REPO="petry-projects/markets" |
There was a problem hiding this comment.
Hard-coding REPO limits reusability (the script lives under .github/scripts/ and reads like an org-standard enforcer). Consider accepting the repo as an argument (with this value as the default), or deriving it from the current repo context (e.g., via gh repo view). This makes it easier to apply the same standard across multiple repositories without editing the script.
|
Adds `.github/scripts/apply-repo-settings.sh` — an idempotent script that applies all repository settings required by the org standard: https://github.com/petry-projects/.github/blob/main/standards/github-settings.md Settings enforced: - delete_branch_on_merge: true (compliance finding #90) - allow_auto_merge: true - allow_squash_merge / allow_merge_commit / allow_rebase_merge: true - has_issues: true, has_wiki: false - squash_merge_commit_title: PR_TITLE - squash_merge_commit_message: COMMIT_MESSAGES The setting has also been applied directly via the GitHub API this run. Supersedes PRs #104 and #118 (same intent, never merged). Closes #90 Co-authored-by: don-petry <don-petry@users.noreply.github.com>
Summary
delete_branch_on_mergeis confirmedtruevia the GitHub API (applied directly in this run).github/scripts/apply-repo-settings.sh— an idempotent script that enforces all repository settings required by the petry-projects org standardSettings enforced by the script
delete_branch_on_mergetrueallow_auto_mergetrueallow_squash_mergetrueallow_merge_committrueallow_rebase_mergetruehas_issuestruehas_wikifalsesquash_merge_commit_titlePR_TITLEsquash_merge_commit_messageCOMMIT_MESSAGESWhy the setting kept appearing as
nullThe previous fix (PR #104) applied the setting via the GitHub API directly in the workflow run, but that PR was never merged — meaning the enforcement script was never available for re-use. If the setting drifted again (e.g., via a UI change or org-level operation), there was no persistent artifact to restore it.
This PR adds the idempotent script so that any future drift can be corrected by running:
Test plan
delete_branch_on_merge: trueconfirmed viagh api repos/petry-projects/markets --jq .delete_branch_on_mergeCloses #90
Generated with Claude Code