Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/rulesets/next.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
{
"type": "pull_request",
"parameters": {
"required_approving_review_count": 0,
"required_approving_review_count": 1,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve Dependabot auto-merge when requiring reviews

For non-major Dependabot PRs targeting next, .github/workflows/dependabot-auto-merge.yml only runs gh pr merge --auto --squash; the upstream gh pr merge manual says --auto merges only after necessary requirements are met, while --admin is the flag for merging despite unmet requirements. With this line adding a required approval and no workflow step that approves the PR, those patch/minor dependency PRs will now wait for a human review instead of auto-merging once checks pass, so either keep Dependabot exempt/approved or use an explicit bypass path for that workflow.

Useful? React with 👍 / 👎.

"dismiss_stale_reviews_on_push": false,
"require_code_owner_review": false,
"require_last_push_approval": false,
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ jobs:
# path contains the other. Stage under RUNNER_TEMP, not the repo tree.
OUT="${RUNNER_TEMP}/dist/${{ matrix.tool }}/${{ matrix.mode }}"
mkdir -p "$OUT"
npx --yes @ai-driven-dev/cli@4.6.1 framework build \
npx --yes @ai-driven-dev/cli@5.0.2 framework build \
--source . --target ${{ matrix.tool }} --out "$OUT" ${{ matrix.flag }}
STAGE="$(mktemp -d)/${NAME}"
mkdir -p "$STAGE"
Expand Down
6 changes: 3 additions & 3 deletions GOVERNANCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,9 +84,9 @@ a PR with ≥1 Habilité (CODEOWNERS) approval, passing checks (`lefthook
form: [`.github/rulesets/main.json`](.github/rulesets/main.json) (enforced once
the repo is public / on a paid plan).

`next` is the integration branch: PRs and passing checks, no direct push or
deletion, but no required review so the week's work batches quickly. The release
bot bypasses to push the automated back-merge. Machine-readable form:
`next` is the integration branch: PRs with ≥1 review and passing checks, no
direct push or deletion. The release bot bypasses to push the automated
back-merge, and the `admin` team may merge without a second review. Machine-readable form:
[`.github/rulesets/next.json`](.github/rulesets/next.json). The release flow is in
[`RELEASE.md`](RELEASE.md).

Expand Down
8 changes: 5 additions & 3 deletions docs/MAINTAINERS.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ Dependabot labels its PRs `dependencies` only (ecosystem sub-labels were dropped

release-please opens/updates a `chore: release main` PR on each push to `main`.

1. Review the version bumps + changelog in the release PR (it is authored by the **aidd-bot** App, so its checks run normally).
2. Merge it: `gh pr merge <n> --squash`. No admin needed - the App is a ruleset bypass actor, so its PRs merge once checks pass.
1. (Optional) Review the version bumps + changelog. The PR is authored by the **aidd-bot** App, so its checks run normally.
2. CI **auto-merges** it with the App token (`--squash --admin`); no human step is needed. `--admin` is required because a plain `gh pr merge` is refused even for the bypass App.
3. CI tags each bumped package, creates the GitHub Releases, and attaches the bundles:
- `aidd-framework-marketplace-X.Y.Z.zip` (`.claude-plugin/` + `plugins/`)
- `<plugin>-vX.Y.Z.zip`
Expand All @@ -109,7 +109,9 @@ Two bypass actors (both `pull_request` mode, so neither can push directly to `ma

The App: ID in secret `AIDD_BOT_APP_ID`, key in `AIDD_BOT_PRIVATE_KEY`. If the App is broken/uninstalled, release and Dependabot PRs stop merging - fix the App rather than re-adding an admin bypass.

To change protection, edit `.github/rulesets/main.json`, then apply it live:
Head branches are **not** auto-deleted on merge (`delete_branch_on_merge: false`): the promote PR merges `next` into `main` without deleting `next`, so the back-merge that realigns `next` afterwards never hits a missing branch. Do not re-enable the setting.

To change protection, edit `.github/rulesets/main.json` (or `next.json`), then apply it live:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the matching ruleset file when applying next protection

When the change is to next.json, this new parenthetical tells maintainers to use the same apply block, but the block still uploads .github/rulesets/main.json. If they substitute the next ruleset id while following this guidance, GitHub receives the main ruleset payload, including the refs/heads/main condition, for the next ruleset and next is left without the intended protection; please split the commands or make the file/id placeholders match.

Useful? React with 👍 / 👎.

```bash
gh api -X PUT repos/ai-driven-dev/framework/rulesets/<id> --input .github/rulesets/main.json
```
Expand Down
3 changes: 2 additions & 1 deletion docs/RELEASE.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,5 @@ ruleset). After each release it either realigns `next` onto `main` (when `next`
holds no unreleased work, the normal case) or keeps a merge (when it does), so
the rebase-promote hash drift never accumulates. If it ever cannot push, it
opens an issue labelled `back-merge-failed`; resync by opening a `main -> next`
PR.
PR. If `next` is missing entirely (it must not be — head branches are not
auto-deleted), recreate it from `main` first: `git push origin main:next`.
Loading