Skip to content

feat(refs): fleet operational hygiene patterns#55

Merged
CybotTM merged 1 commit into
mainfrom
feat/fleet-operational-hygiene
Apr 21, 2026
Merged

feat(refs): fleet operational hygiene patterns#55
CybotTM merged 1 commit into
mainfrom
feat/fleet-operational-hygiene

Conversation

@CybotTM

@CybotTM CybotTM commented Apr 21, 2026

Copy link
Copy Markdown
Member

Summary

Move four recurring fleet-ops practices from per-user CLAUDE.md into the shared skill.

auto-merge-guide.md

  • CI Annotations — Always Check Before Declaring Clean. reviewdog-based linters (actionlint, shellcheck, yamllint, CodeQL deprecation) can exit 0 while posting warning annotations invisible in gh pr checks. Document the explicit annotations query + fail_level: error reviewdog input to make warnings fail the job.
  • CI Re-runs Replay the Same Commit. gh run rerun replays the ORIGINAL sha, not HEAD; push → wait for auto-run OR find + rerun the LATEST run-id.

multi-repo-operations.md

  • Pre-Flight Per-Repo Checks. Three pre-iteration guards: (1) default-branch detection (not every repo is main), (2) archived-repo skip (writes return cryptic permission errors), (3) Contents API vs branch protection (-X PUT returns 409 when PRs/signing required — half-a-fleet updates leave you in split-brain).

actionlint-guide.md

  • yamllint empty-lines rejects trailing blanks on workflow files. Generators using echo "$CONTENT" > file.yml add the blank; use printf '%s\n'. Includes the tail -c 2 | xxd -p verification.

merge-strategy.md

  • Rulesets cannot block merge on pending review. required_approving_review_count and required_review_thread_resolution are not equivalent to "wait for Copilot to finish". Document the non-equivalence and the custom-status-check workaround.

Test plan

  • SKILL.md 499 words (under 500 cap).

Move four recurring fleet-operations practices out of per-user
CLAUDE.md files into the shared skill:

auto-merge-guide.md:

- 'CI Annotations — Always Check Before Declaring a PR Clean'
  reviewdog-based linters (actionlint, shellcheck, yamllint,
  CodeQL deprecation notices) can exit 0 while posting warning
  annotations that don't appear in 'gh pr checks' or the PR
  summary. Document the explicit annotations query
  ('gh api repos/.../check-runs/ID/annotations') and the
  'fail_level: error' reviewdog input that converts warnings into
  real failures.

- 'CI Re-runs Replay the Same Commit'
  'gh run rerun' replays the ORIGINAL commit SHA, not HEAD. If you
  push a fix then re-run a failed earlier workflow, the rerun still
  fails. Explain the right sequence (push → wait for auto-run, or
  find + rerun the LATEST run-id).

multi-repo-operations.md:

- 'Pre-Flight Per-Repo Checks'
  Three pre-iteration guards that silently break fleet loops:
  (1) not every repo uses 'main' — always gh api repos/X --jq
      .default_branch; (2) archived repos reject writes with
  cryptic permission errors — skip them or unarchive/re-archive;
  (3) Contents API 'gh api -X PUT' returns HTTP 409 on any repo
  requiring PRs / merge queue / signed commits, so half-a-fleet
  gets updated when mixed. Default to one-commit PRs even for
  tiny edits.

actionlint-guide.md:

- Sidebar note under Troubleshooting about yamllint's empty-lines
  rule rejecting trailing blank lines — generators using
  'echo "$CONTENT" > file.yml' add the blank. Prefer
  'printf %s\\n'. Includes the 'xxd -p' check for verification.

merge-strategy.md:

- 'Rulesets cannot block merge on a pending review'
  Neither branch protection nor rulesets support blocking merge
  while Copilot (or any requested reviewer) hasn't finished
  reviewing. Document the required_approving_review_count vs
  required_review_thread_resolution non-equivalence and the
  custom-status-check workaround.

Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
Copilot AI review requested due to automatic review settings April 21, 2026 06:16
@CybotTM CybotTM merged commit 887c594 into main Apr 21, 2026
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@CybotTM CybotTM deleted the feat/fleet-operational-hygiene branch April 21, 2026 06:16
@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds shared “fleet operational hygiene” guidance to the github-project skill reference docs, consolidating recurring operational pitfalls and safer default patterns for multi-repo automation.

Changes:

  • Documented per-repo pre-flight checks for fleet loops (default branch, archived repos, Contents API vs protections).
  • Added guidance on CI annotation visibility + making reviewdog warnings fail, and on Actions reruns replaying the original SHA.
  • Documented limitations of rulesets/branch protection around pending reviews + a custom status-check workaround; added yamllint trailing-blank-line pitfall and generator fix.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
skills/github-project/references/multi-repo-operations.md Adds “Pre-Flight Per-Repo Checks” section to prevent common fleet-loop failures.
skills/github-project/references/merge-strategy.md Adds ruleset/branch-protection limitation note and a suggested status-check workaround.
skills/github-project/references/auto-merge-guide.md Adds CI annotations visibility checks and correct guidance for rerunning the latest Actions run.
skills/github-project/references/actionlint-guide.md Adds yamllint trailing-blank-line failure mode and generator recommendation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread skills/github-project/references/merge-strategy.md
CybotTM added a commit that referenced this pull request Apr 21, 2026
fix(refs): address Copilot review followups from #53/#54/#55
@CybotTM CybotTM mentioned this pull request May 15, 2026
CybotTM added a commit that referenced this pull request May 15, 2026
## Release v2.14.0

Minor release. `.claude-plugin/plugin.json` and
`skills/github-project/SKILL.md` frontmatter `metadata.version` were
already synced to `2.14.0` on `main` via
[#74](#74) —
this PR is the empty release marker that closes the v2.13.1 → v2.14.0
window and triggers the signed-tag release.

### Highlights since v2.13.1

- **`agentic-workflows` reference** documenting `gh-aw` and `awf`
workflow-as-prompt tooling for autonomous GitHub Actions — new patterns
for running AI agents on PRs/issues without bespoke wiring
([#75](#75)).
- **AI reviewer pushback patterns** — handling Copilot/Sourcery review
comments that disagree with the codebase intent, including when to defer
and when to push back
([#66](#66),
[#74](#74)).
- **PR-merge / branch-protection / CodeQL gotchas** documented, plus
auto-detection of allowed merge strategy in the `--delete-branch`
snippet so the recipe doesn't break on repos with merge-commit-only
policies
([#69](#69),
[#71](#71),
[#72](#72)).
- **GraphQL `Repository.mergeQueue`** for queue detection — replaces a
brittle REST probe
([#70](#70)).
- **Assessment checkpoints overhaul**: new GH-34/GH-35/GH-36,
follow_uses delegation for CodeQL/Scorecard, org_provides for
community-health files, broader licence/Dependabot/workflow targets,
plus reusable-workflow-pitfalls reference. Multiple false-positive
findings demoted to `info` to reduce assessment noise
([#56](#56),
[#57](#57),
[#58](#58),
[#59](#59),
[#60](#60),
[#61](#61),
[#62](#62),
[#63](#63),
[#64](#64),
[#65](#65),
[#73](#73)).
- **npm distribution** — the skill now also ships via
`@netresearch/agent-skill-coordinator`
([#54](#54),
[#55](#55)).
- **Release pipeline hardening** — dropped the deprecated `with: bump:`
block + `workflow_dispatch.bump` input so releases happen exclusively
via locally-signed tags, plus SLSA-provenance permissions on the caller
([#52](#52),
[#53](#53)).

### Release plan

After merge: tag main with a signed annotated tag, push, the
`skill-repo-skill` reusable workflow publishes archives + SHA256SUMS
with cosign + SLSA attestation, then narrative notes get applied via `gh
release edit ... --notes-file`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants