ci: add merge_group trigger to required-check workflows#64
Conversation
|
Warning Review limit reached
Next review available in: 30 minutes Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable usage-based reviews in Billing to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information, and refer to the rate limits docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (5)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
The merge queue (ALLGREEN) requires four status checks to report on merge_group events: Dependency & Standards Validation, Check REUSE Compliance, Security Gate Validation, and SonarCloud Code Analysis. Only ci.yml triggered on merge_group, so the queue stalled waiting for statuses that never reported, blocking every PR. - pr-validation.yml: tidy the merge_group trigger and concurrency block - reuse.yml: correct the now-inaccurate "PR-only" comment - security-analysis.yml: add merge_group trigger so Security Gate Validation reports in the queue (the reusable scan runs event-agnostically) - sonarcloud.yml: add merge_group trigger; SonarCloud's App does not report on merge_group refs, so the real scan stays PR/push-only and a lightweight job named exactly "SonarCloud Code Analysis" satisfies the required context (the ruleset pins no integration_id to it) - pyproject.toml, uv.lock: add pip-audit so the repurposed Dependency & Standards Validation check can spawn `uv run --frozen pip-audit`, and bump pytest to >=9.0.3 to fix CVE-2025-71176 surfaced once the scan is wired in Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
57ca8cf to
1ab320b
Compare
|



Summary
merge_group:to workflows emitting required status checks so they fire in the merge queueGitHub merge queues fire a
merge_groupevent, notpull_request. Without the trigger,required checks never report and the queue stalls indefinitely waiting for them.
Test plan
Generated with Claude Code