Skip to content

Run apply-branch-protection across the fleet to drop CodeRabbit from required checks (incl. rulesets) #25

Description

@mabry1985

Why

CodeRabbit is being retired fleet-wide in favor of Quinn, but it's still wired as a required status check on repos — and not just in classic branch protection. On mythxengine it lived in a repository ruleset (rules[].type == required_status_checks, context: "CodeRabbit", integration_id: 347564). When CodeRabbit doesn't engage on a PR (e.g. automation-authored PRs), it never posts the CodeRabbit status, so the PR is permanently BLOCKED even with all real CI green and mergeable: MERGEABLE.

Hit live on mythxengine #544 (workspace-config conformance): all real checks passed, rollup SUCCESS, but the ruleset's required CodeRabbit context never reported. Had to manually drop CodeRabbit from both the classic protection AND the ruleset to merge.

What to do

  1. Verify apply-branch-protection handles rulesets, not only classic branch protection. The blocking enforcer on mythxengine was the ruleset (/repos/{o}/{r}/rulesets/{id}), not /branches/main/protection. If the tool only edits classic protection, it will silently miss the real gate. Add ruleset support: fetch the ruleset, strip bot-pattern contexts from the required_status_checks rule, PUT it back (full object: name/target/enforcement/conditions/rules/bypass_actors).
  2. Run it across every active repo in protoWorkstacean workspace/projects.yaml (the fleet registry) to drop CodeRabbit/*quinn*-bot contexts from required checks, keeping correctness checks (build/test/quality/security).
  3. Keep the existing default: bots gate via reviewDecision, not status checks (already the tool's documented philosophy).

Acceptance

  • apply-branch-protection --apply removes CodeRabbit from BOTH classic protection and rulesets on a repo that has it in a ruleset.
  • A PR that CodeRabbit never reviews is MERGEABLE/CLEAN (not BLOCKED) once real CI is green, on every active fleet repo.
  • Correctness checks remain required (not left empty).

Evidence

mythxengine ruleset 12468384 rule required_status_checks had ["Build & Quality", "Security Audit", "CodeRabbit"]; manually reduced to the first two. Classic protection on the same repo had contexts: ["CodeRabbit"] only — also reduced. Both layers needed editing.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions