OpenFrontIO

alois/OpenFrontIO

Fork 0

mirror of https://github.com/openfrontio/OpenFrontIO.git synced 2026-06-26 11:04:36 +00:00

Commit Graph

Author	SHA1	Message	Date
Evan	c63bfb6d94	Exempt Dependabot PRs from the PR gate (#4395 ) ## What Adds a trusted-bot exception to the PR gate so Dependabot's PRs are no longer auto-closed. ## Why The PR gate (`scripts/pr-gate/`, run by `.github/workflows/pr-gate.yml`) auto-closes PRs that don't fit the contribution workflow. Dependabot PRs were getting closed because the bot: - has no repo permission, - links no `approved` issue, and - opens dependency bumps that often exceed the 50-line small-fix cap. ## How - `config.ts` — new `TRUSTED_BOT_AUTHORS` constant (currently `["dependabot[bot]"]`), so the allowlist is easy to extend. - `rules.ts` — new `checkTrustedBot()` rule, wired into `evaluate()` right after the maintainer bypass and before the repo-access check. - `tests/PrGateRules.test.ts` — unit tests for the rule plus an `evaluate()`-level test proving a 5000-line Dependabot PR now passes instead of closing. - `README.md` — documented the new rule in the gate-logic ordering. The match is exact, so a lookalike login (e.g. `not-dependabot[bot]`) won't slip through. Add more bots (Renovate, etc.) to `TRUSTED_BOT_AUTHORS` as needed. ## Testing `npx vitest tests/PrGateRules.test.ts --run` → 39 passed. Lint + prettier clean. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-23 15:45:26 -07:00
Evan	b56e9438d1	github PR gate (#4070 ) ## Description: ## Summary Adds a GitHub Action that auto-closes PRs which don't follow the contribution workflow, so maintainer review time goes to legitimate contributions instead of off-roadmap or AI-generated submissions. Triggered on `pull_request_target: [opened, reopened]` and defaults to dry-run so it's safe to merge before flipping live. ## Gate logic (first match wins) 1. Maintainer bypass — PR carries `bypass-pr-check` label → pass. 2. Org/repo member — `author_association` is `OWNER` / `MEMBER` / `COLLABORATOR` → pass. 3. Approved work — PR body links an issue (`Closes/Fixes/Resolves #N`) that carries the `approved` label and the PR author is in the issue's assignees → pass. 4. Small fix — `additions + deletions ≤ 50` → pass + apply `small-fix` label. 5. Otherwise — apply `auto-closed-needs-issue` label, post rejection comment, close. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: evan	2026-05-29 18:28:52 -07:00

Author

SHA1

Message

Date

Evan

c63bfb6d94

Exempt Dependabot PRs from the PR gate (#4395 )

## What

Adds a trusted-bot exception to the PR gate so Dependabot's PRs are no
longer auto-closed.

## Why

The PR gate (`scripts/pr-gate/`, run by `.github/workflows/pr-gate.yml`)
auto-closes PRs that don't fit the contribution workflow. Dependabot PRs
were getting closed because the bot:

- has no repo permission,
- links no `approved` issue, and
- opens dependency bumps that often exceed the 50-line small-fix cap.

## How

- `config.ts` — new `TRUSTED_BOT_AUTHORS` constant (currently
`["dependabot[bot]"]`), so the allowlist is easy to extend.
- `rules.ts` — new `checkTrustedBot()` rule, wired into `evaluate()`
right after the maintainer bypass and before the repo-access check.
- `tests/PrGateRules.test.ts` — unit tests for the rule plus an
`evaluate()`-level test proving a 5000-line Dependabot PR now passes
instead of closing.
- `README.md` — documented the new rule in the gate-logic ordering.

The match is exact, so a lookalike login (e.g. `not-dependabot[bot]`)
won't slip through. Add more bots (Renovate, etc.) to
`TRUSTED_BOT_AUTHORS` as needed.

## Testing

`npx vitest tests/PrGateRules.test.ts --run` → 39 passed. Lint +
prettier clean.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-23 15:45:26 -07:00

Evan

b56e9438d1

github PR gate (#4070 )

## Description:

## Summary

Adds a GitHub Action that auto-closes PRs which don't follow the
contribution workflow, so maintainer review time goes to legitimate
contributions instead of off-roadmap or AI-generated submissions.

Triggered on `pull_request_target: [opened, reopened]` and **defaults to
dry-run** so it's safe to merge before flipping live.

## Gate logic (first match wins)

1. **Maintainer bypass** — PR carries `bypass-pr-check` label → pass.
2. **Org/repo member** — `author_association` is `OWNER` / `MEMBER` /
`COLLABORATOR` → pass.
3. **Approved work** — PR body links an issue (`Closes/Fixes/Resolves
#N`) that carries the `approved` label and the PR author is in the
issue's assignees → pass.
4. **Small fix** — `additions + deletions ≤ 50` → pass + apply
`small-fix` label.
5. **Otherwise** — apply `auto-closed-needs-issue` label, post rejection
comment, close.

## Please complete the following:

- [x] I have added screenshots for all UI updates
- [x] I process any text displayed to the user through translateText()
and I've added it to the en.json file
- [x] I have added relevant tests to the test directory
- [x] I confirm I have thoroughly tested these changes and take full
responsibility for any bugs introduced

## Please put your Discord username so you can be contacted if a bug or
regression is found:

evan

2026-05-29 18:28:52 -07:00

2 Commits