Approve stale lead maintainer PRs by MikeMcQuaid · Pull Request #22818 · Homebrew/brew

MikeMcQuaid · 2026-06-19T20:10:16Z

Add a scheduled workflow to approve stale lead maintainer PRs when all
approval requirements are met.

Require the PR to be:

not from a fork
not a draft
authored by a Homebrew lead maintainer who has approved another Homebrew/brew PR in the last 7 days
reviewed by Copilot
unreviewed by humans for 48 hours
fully green across CI
unchanged in sensitive paths
evaluated during a weekday approval window

This will:

Reduce review latency for trusted lead maintainer PRs that already satisfy explicit safety checks.
Keep approval behaviour auditable by documenting every requirement in the generated review body, workflow summary and temporary branch report.

Have you followed our Contributing guidelines?
Have you checked for other open Pull Requests for the same change?
Have you explained what your changes do? Performance claims (e.g. "this is faster") must include Hyperfine benchmarks.
Have you explained why you'd like these changes included, not just what they do?
For bug fixes, have you given step-by-step brew commands to reproduce the bug?
Have you written new tests (excluding integration tests)? Here's an example.
Have you successfully run brew lgtm (style, typechecking and tests) locally?

AI was used to generate or assist with generating this PR.

OpenAI Codex 5.5 high with local review and much tweaking.

Copilot

Pull request overview

Adds a scheduled GitHub Actions workflow plus supporting Ruby script and documentation updates to automatically approve certain stale PRs authored by Homebrew lead maintainers in Homebrew/brew, when a defined set of safety requirements are met (non-fork PR, recent maintainer approval activity, Copilot review, no human review for 24h, and fully green CI).

Changes:

Add a scheduled/dispatchable workflow to evaluate and (when eligible) approve stale lead maintainer PRs, plus a “report” mode for auditing.
Add a Ruby automation script that gathers PR facts (reviews, CI status, changed files) and posts an approval/reports with a documented rationale.
Document the new exception/behavior in relevant security and maintainer docs.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
`docs/Supply-Chain-Security.md`	Documents the new narrow automatic-approval exception in the supply-chain model.
`docs/Maintainer-Guidelines.md`	Notes the existence/constraints of the stale lead maintainer auto-approval workflow.
`docs/Homebrew-brew-Maintainer-Guide.md`	Describes when and how stale lead maintainer PRs may be auto-approved.
`.github/workflows/approve-stale-lead-maintainer-prs.yml`	Introduces scheduled + manual workflow to approve/report on eligible PRs.
`.github/scripts/approve_stale_lead_maintainer_prs.rb`	Implements eligibility checks and posts approval/report bodies via GitHub API.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 9 comments.

woodruffw

This makes sense to me, although my 0.02c would be for:

A 48h weekday window instead (24h seems like it might be a little too short, particularly if a PR would have one specific maintainer as its reviewer).
Additional restrictions on auto-approvals if the PR's diff touches CI/CD or other sensitive files. I think those kinds of changes ideally always involve explicit two person operation 🙂

bevanjkay · 2026-06-21T05:07:45Z

A 48h weekday window

I'm also in favour of setting this to 48h for the initial implementation.

bevanjkay · 2026-06-22T07:46:45Z

The cooldown time didn't work correctly here - #22848 (review)
It only looks for no reviews in 48 hours from what I can tell, not that it has sat for 48 hours.

MikeMcQuaid · 2026-06-22T07:49:54Z

@bevanjkay yup thanks on it

Copilot

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

- Add scheduled approval for trusted stale lead maintainer PRs - Move approval checks into a `utils/github` Ruby script - Short-circuit API reads once approval is impossible - Require stale PRs to be open 48 hours without review - Permit recent approval evidence from fork PRs - Refuse to auto-approve sensitive paths - Use event type for branch push reports - Document the supply-chain guardrails and maintainer behaviour

MikeMcQuaid requested a review from Copilot June 19, 2026 20:10

Copilot started reviewing on behalf of MikeMcQuaid June 19, 2026 20:10 View session

Copilot AI reviewed Jun 19, 2026

View reviewed changes

MikeMcQuaid force-pushed the approve-stale-lead-maintainer-prs branch from 05917dc to b213e7f Compare June 19, 2026 20:36

MikeMcQuaid requested a review from Copilot June 19, 2026 20:37

Copilot started reviewing on behalf of MikeMcQuaid June 19, 2026 20:38 View session

Copilot AI reviewed Jun 19, 2026

View reviewed changes

MikeMcQuaid force-pushed the approve-stale-lead-maintainer-prs branch 3 times, most recently from bf518ae to 1edd0eb Compare June 19, 2026 21:12

MikeMcQuaid marked this pull request as ready for review June 20, 2026 09:14

MikeMcQuaid force-pushed the approve-stale-lead-maintainer-prs branch from 1edd0eb to a348fae Compare June 20, 2026 19:30

woodruffw reviewed Jun 21, 2026

View reviewed changes

MikeMcQuaid force-pushed the approve-stale-lead-maintainer-prs branch from a348fae to 5d96ae1 Compare June 21, 2026 12:49

bevanjkay approved these changes Jun 21, 2026

View reviewed changes

MikeMcQuaid requested review from p-linnane and woodruffw June 21, 2026 14:09

p-linnane approved these changes Jun 21, 2026

View reviewed changes

krehel approved these changes Jun 21, 2026

View reviewed changes

MikeMcQuaid force-pushed the approve-stale-lead-maintainer-prs branch from 5d96ae1 to 0bf15e7 Compare June 22, 2026 07:37

MikeMcQuaid force-pushed the approve-stale-lead-maintainer-prs branch from 0bf15e7 to 8af15a7 Compare June 22, 2026 08:02

MikeMcQuaid requested a review from Copilot June 22, 2026 08:08

Copilot started reviewing on behalf of MikeMcQuaid June 22, 2026 08:08 View session

Copilot AI reviewed Jun 22, 2026

View reviewed changes

Comment thread .github/workflows/approve-stale-lead-maintainer-prs.yml Outdated

Comment thread .github/workflows/approve-stale-lead-maintainer-prs.yml

Comment thread .github/scripts/approve_stale_lead_maintainer_prs.rb

Comment thread .github/scripts/approve_stale_lead_maintainer_prs.rb

MikeMcQuaid force-pushed the approve-stale-lead-maintainer-prs branch from 8af15a7 to 2412d42 Compare June 22, 2026 08:20

Uh oh!

Conversation

MikeMcQuaid commented Jun 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

woodruffw left a comment

Choose a reason for hiding this comment

Uh oh!

bevanjkay commented Jun 21, 2026

Uh oh!

bevanjkay commented Jun 22, 2026

Uh oh!

MikeMcQuaid commented Jun 22, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

MikeMcQuaid commented Jun 19, 2026 •

edited

Loading