fix: add apply-repo-settings.sh to enforce delete_branch_on_merge#127
fix: add apply-repo-settings.sh to enforce delete_branch_on_merge#127
Conversation
Adds `.github/scripts/apply-repo-settings.sh` — an idempotent script that applies all repository settings required by the org standard: https://github.com/petry-projects/.github/blob/main/standards/github-settings.md Settings enforced: - delete_branch_on_merge: true (compliance finding #90) - allow_auto_merge: true - allow_squash_merge / allow_merge_commit / allow_rebase_merge: true - has_issues: true, has_wiki: false - squash_merge_commit_title: PR_TITLE - squash_merge_commit_message: COMMIT_MESSAGES The setting has also been applied directly via the GitHub API this run. Supersedes PRs #104 and #118 (same intent, never merged). Closes #90 Co-authored-by: don-petry <don-petry@users.noreply.github.com>
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 45 minutes and 10 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Adds `has_discussions` to the settings enforced by the script, matching the full set checked by the org compliance audit (has_discussions is an error-level check alongside delete_branch_on_merge). Co-authored-by: don-petry <don-petry@users.noreply.github.com>
Self-reviewScript quality:
Note: Previous PRs #104 and #118 had the same intent but were never merged. This PR supersedes both. @don-petry — ready for review. CI is running. The |
There was a problem hiding this comment.
Pull request overview
Adds a repo-local GitHub admin script to re-apply organization-standard repository settings (notably delete_branch_on_merge=true) to address compliance drift for petry-projects/markets.
Changes:
- Introduces
.github/scripts/apply-repo-settings.shto PATCH required repository settings viagh api. - Prints current settings and the post-update settings response for visibility after applying changes.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # The script is safe to run multiple times (idempotent). It applies settings | ||
| # using the GitHub REST API and prints each current vs. expected value. |
There was a problem hiding this comment.
The header comment says the script "prints each current vs. expected value", but the implementation only prints the current settings JSON and then the PATCH response JSON. Either adjust the comment to match the behavior, or add logic to render a per-setting current→expected comparison so the output matches the stated intent.
| # The script is safe to run multiple times (idempotent). It applies settings | |
| # using the GitHub REST API and prints each current vs. expected value. | |
| # The script is safe to run multiple times (idempotent). It fetches and prints | |
| # the current relevant settings, applies the required settings using the | |
| # GitHub REST API, and prints the resulting settings response. |
| # Requirements: | ||
| # - GH_TOKEN must have administration:write scope (repo admin role) | ||
| # - gh CLI must be installed | ||
| # |
There was a problem hiding this comment.
The script relies on jq for pretty-printing output (| jq .), but jq isn’t listed under Requirements. Either add jq to the Requirements section and/or add a clear preflight check (e.g., command -v jq) so the script fails with a helpful message when jq is missing.
|
Summary
.github/scripts/apply-repo-settings.sh— an idempotent script that enforces all repository settings required by the org standarddelete_branch_on_mergehas been re-applied totruevia the GitHub API this run (confirmed)Settings enforced
delete_branch_on_mergetrueallow_auto_mergetrueallow_squash_mergetrueallow_merge_committrueallow_rebase_mergetruehas_issuestruehas_wikifalsesquash_merge_commit_titlePR_TITLEsquash_merge_commit_messageCOMMIT_MESSAGESRationale
The compliance audit has flagged
delete_branch_on_merge: nullon this repository multiple times. Setting it via the GitHub API during each Claude run works temporarily, but merging this script intomainprovides a durable, runnable reference that can be used to re-apply compliant settings whenever drift occurs (e.g., via CI or manual invocation withGH_TOKEN=<admin-token> bash .github/scripts/apply-repo-settings.sh).Closes #90
Generated with Claude Code