feat: implement issue #970 — [Phase 3] Docs cutover + end-to-end new-repo validation#982
feat: implement issue #970 — [Phase 3] Docs cutover + end-to-end new-repo validation#982don-petry wants to merge 4 commits into
Conversation
…repo validation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning Review limit reached
More reviews will be available in 1 minute and 19 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (4)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Dev-Lead — review-changes (no-changes)No changes were needed for this PR. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds documentation and end-to-end DRY_RUN validation tests for the new-repo onboarding process. It also clarifies in the template documentation that framework subtrees are opt-in and GitHub App installations are manual. The reviewer feedback suggests using the optional chaining operator (?) in jq commands to prevent test crashes on malformed JSON, and refining a generic string assertion in the tests to avoid false positives.
|
Advisory bots were rate-limited; auto-approval is withheld until they recover. pr-review-sweep will re-review this PR after 2026-06-28T07:53:14Z. |
Dev-Lead — fix-bot-comment (no-changes)Agent reasoning |
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: ddb4b643b2ff52c89c3669c3b7058d0a27025b4b
Review mode: triage-approved (single reviewer)
Summary
Docs + tests PR closing #970 (Phase 3 of onboarding epic #964). Adds docs/bootstrap/new-repo-validation.md (a recorded end-to-end DRY_RUN walkthrough), two new BOOTSTRAP.md clarifications emitted by seed-repo-template.sh, and two bats tests asserting the intended-state surface and the resolved onboarding questions. No executable logic changes; the script edit is markdown inside a single-quoted heredoc.
Linked issue analysis
Closes #970. AC#2 (recorded e2e DRY_RUN over the full policy surface with no write calls) is met by the new doc + the executable bats test 'e2e DRY_RUN: covers the whole intended-state surface'. AC#3 (shellcheck/lint clean) is confirmed green in CI. AC#4 (resolve frameworks-opt-in and manual-app-install questions in BOOTSTRAP.md) is met by the new 'What this template does NOT do' section plus its bats assertion. AC#1 (cutover of standards/github-settings.md and standards/ci-standards.md) lives cross-repo in petry-projects/.github by design per the issue's Dev Notes; this PR specifies the cutover content to land via the standards sync, which is out of this repo's scope.
Findings
No security, correctness, or maintainability blockers. The only script touched (seed-repo-template.sh) adds markdown to a generated BOOTSTRAP.md inside a 'cat <<'"'"'EOF'"'"'' single-quoted heredoc — no shell expansion or injection surface. gitleaks CI check is green (MCP run_secret_scanning not exposed in this environment, so the CI gitleaks gate is the secret-scan signal). gemini-code-assist left two non-blocking nitpicks (use jq optional chaining; tighten one generic string assertion in tests) — test-robustness polish, not correctness, and the bats suite passes.
CI status
All substantive checks green: shellcheck, ShellCheck, Lint, bats, unit-tests, CodeQL (actions+python), SonarCloud, AgentShield, Agent Security Scan, gitleaks, holdout-guard, validate-agent-profiles, gh-aw-compile. Two entries show CANCELLED (dev-lead/dispatch, dev-lead/ci-relay) but each has a SUCCESS/SKIPPED duplicate — superseded orchestration jobs, not real failures. mergeStateStatus=BLOCKED reflects the pending org-leads review requirement, not a failed check.
Reviewed automatically by the PR-review agent (single-reviewer mode: fable 5). Reply if you need a human review.
|
@donpetry-bot this PR has been idle ~hours with unresolved gemini-code-assist threads blocking merge (required thread resolution), after fix-review attempts stalled under rate-limit/concurrency churn. All required CI is green. Please complete the fix-review pass: address the remaining review threads, resolve them, and provide the approving review so squash auto-merge can land. |
|
@don-petry I'm on it — starting a fresh review now. Results will appear in a few minutes. |
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: ddb4b643b2ff52c89c3669c3b7058d0a27025b4b
Review mode: triage-approved (single reviewer)
Summary
Docs + tests PR closing #970 (Phase 3 of onboarding epic #964). Adds docs/bootstrap/new-repo-validation.md (a recorded end-to-end DRY_RUN walkthrough), two clarifying paragraphs in the BOOTSTRAP.md generated by seed-repo-template.sh (frameworks opt-in; app installs manual), and two bats tests asserting the full intended-state surface and the resolved onboarding questions. No executable logic changes; the script edit is markdown inside a single-quoted heredoc. +211/-0 across 4 files.
Linked issue analysis
Closes #970. AC#2/#3 (recorded e2e DRY_RUN over the whole policy surface, no write calls, lint-clean) is met by the new doc plus the executable bats test 'e2e DRY_RUN: covers the whole intended-state surface with no write calls', and shellcheck/bats are green in CI. AC#4 (resolve frameworks-opt-in and manual-app-install questions) is met by the new 'What this template does NOT do' BOOTSTRAP.md section plus its dedicated bats assertion. AC#1 (cutover of standards/github-settings.md and standards/ci-standards.md) is cross-repo in petry-projects/.github by design per the issue Dev Notes; this PR specifies the cutover content to land via the standards sync, which is out of this repo's scope.
Findings
No security, correctness, or maintainability blockers. The only script touched (seed-repo-template.sh) appends markdown to the generated BOOTSTRAP.md inside a single-quoted heredoc — no shell expansion or injection surface. gemini-code-assist left two LOW, non-blocking nitpicks on the new tests, both optional robustness polish rather than correctness issues: (1) use jq optional chaining (?) in the ruleset assertions in test_bootstrap_new_repo.bats so malformed JSON fails cleanly instead of erroring; (2) tighten the generic '"are not"' substring check in test_seed_repo_template.bats, which could match unrelated BOOTSTRAP.md text. The bats suite passes as written and the assertions test the intended behavior; addressing the nitpicks would harden the tests but is not required to merge. These threads are bot-authored COMMENTED suggestions (not CHANGES_REQUESTED) and not human-reviewer questions.
CI status
All substantive checks green: shellcheck/ShellCheck, Lint, bats, unit-tests, CodeQL (actions+python), SonarCloud (quality gate passed, 0 new issues), AgentShield, Agent Security Scan, Secret scan (gitleaks), holdout-guard, validate-agent-profiles, gh-aw-compile, Compile agentic workflows, Test-Deletion Guard, CodeRabbit. Two entries show CANCELLED (dev-lead/dispatch, dev-lead/ci-relay) but each has a SUCCESS/SKIPPED duplicate — superseded orchestration jobs, not real failures. MCP run_secret_scanning was not exposed in this environment, so the gitleaks CI gate is the secret-scan signal (green). mergeStateStatus=BLOCKED reflects the pending required org-leads review/thread-resolution, not a failed check.
Reviewed automatically by the PR-review agent (single-reviewer mode: fable 5). Reply if you need a human review.
donpetry-bot
dismissed
their stale review
Superseded by automated re-review at ddb4b64.
Dev-Lead — review-changes (applied)Changes committed and pushed. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Dev-Lead — waiting on PR blockers (intent: review-changes)PR: #982 |
|
Note @don-petry I reviewed this PR and no code changes were needed, but it still has blocking checks or reviews (failing or cancelled checks, or changes-requested reviews), so I cannot mark it done yet. I'll re-check automatically. |
|
Dev-Lead — review-changes (no-changes)No changes were needed for this PR. |
|
Advisory bots were rate-limited; auto-approval is withheld until they recover. pr-review-sweep will re-review this PR after 2026-06-28T13:05:45Z. |
2 participants
Closes #970
Implemented by dev-lead agent. Please review.