Skip to content

Implement multi-AI PR automation with auto-merge and cross-org deployment#4

Draft
Copilot wants to merge 6 commits intomainfrom
copilot/implement-ci-cd-automation
Draft

Implement multi-AI PR automation with auto-merge and cross-org deployment#4
Copilot wants to merge 6 commits intomainfrom
copilot/implement-ci-cd-automation

Conversation

Copy link

Copilot AI commented Jan 25, 2026
edited
Loading

Adds comprehensive PR automation across 6 organizations with three AI review systems, intelligent auto-merge, and foundation governance integration.

Implementation

Workflows

  • pr-automation.yml - Orchestrates labeling, AI review dispatch, merge readiness checks
  • ai-review-claude.yml - Claude 3.5 Sonnet for code quality and best practices
  • ai-review-codex.yml - GPT-4 Turbo for security vulnerability scanning
  • auto-merge.yml - Merges when checks pass, no conflicts, no blocking labels
  • auto-delete-branch.yml - Cleans up merged branches (respects protected/fork branches)
  • canonical-checks.yml - Validates repo structure, workflow integrity, chittyfoundation/ops compliance
  • reusable-pr-automation.yml - Parameterized workflow for cross-org deployment

Configuration

  • labeler.yml - 10 label types via file patterns, branch naming, content analysis
  • coderabbit.yml - Auto-review, incremental reviews, high-level summaries
  • auto-merge.json - Required checks, blocked labels, merge method, retry logic

Cross-Org Deployment

./deploy-pr-automation.sh [org1] [org2] ...

Creates PRs in each repo with reusable workflow reference:

jobs:
  automation:
    uses: CHITTYOS/chittyops/.github/workflows/reusable-pr-automation.yml@main
    secrets:
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

Security Considerations

  • JSON construction uses jq to prevent shell variable injection in heredocs
  • GraphQL mutations fetch node_id dynamically for non-PR triggers (check_suite, status events)
  • Python YAML validation avoids command injection via isolated script files
  • All credentials via secrets.* or ephemeral ChittyConnect tokens

Cost

~$0.023/PR (Claude: $0.003, OpenAI: $0.02, CodeRabbit: included)

Next Steps

  1. Configure org-level secrets: ANTHROPIC_API_KEY, OPENAI_API_KEY
  2. Install CodeRabbit GitHub App
  3. Deploy: ./deploy-pr-automation.sh
Original prompt

Objective

Implement comprehensive CI/CD automation for pull requests across all organizations (Chittyfoundation, chittyos, chittyapps, chittycorp, furnished-condos, chicagoapps) with AI-powered reviews, auto-labeling, auto-merge, and auto-delete functionality.

Requirements

1. Multi-AI Review System

Create GitHub Actions workflows that integrate three AI review systems:

  • CodeRabbit AI: Automatic PR reviews via GitHub App integration
  • Claude (Anthropic): Deep code analysis and review comments
  • OpenAI Codex: Code quality and security analysis

2. Auto-Labeling

Automatically label PRs based on content analysis:

  • implementation - New feature implementations
  • enhancement - Improvements to existing features
  • bugfix - Bug fixes
  • documentation - Documentation changes
  • security - Security-related changes
  • performance - Performance improvements

3. Auto-Merge Logic

PRs should automatically merge when ALL conditions are met:

  • All CI/CD checks pass (including canonical checks from chittyfoundation/ops)
  • All AI reviews are completed successfully
  • No merge conflicts exist
  • Branch is up to date with base branch
  • Required approvals obtained

4. Auto-Delete Branches

Automatically delete source branches after successful merge

5. Integration with chittyfoundation/ops

  • Reference and require canonical checks from chittyfoundation/ops repository
  • These checks should be treated as governing/required checks
  • Cannot merge without passing chittyfoundation/ops core validation

Implementation Details

GitHub Actions Workflows to Create:

.github/workflows/pr-automation.yml

Main automation workflow that:

  • Triggers on PR open, synchronize, and labeled events
  • Assigns CodeRabbit AI for review
  • Runs Claude API for code analysis
  • Runs OpenAI Codex for security/quality checks
  • Auto-labels based on PR content and file changes
  • Posts review comments with AI findings
  • Enables auto-merge when conditions are met

.github/workflows/ai-review-claude.yml

Claude-specific review workflow:

  • Analyzes PR diff and provides detailed review
  • Comments on code quality, best practices, potential issues
  • Uses ANTHROPIC_API_KEY secret

.github/workflows/ai-review-codex.yml

OpenAI Codex review workflow:

  • Security vulnerability scanning
  • Code quality analysis
  • Performance recommendations
  • Uses OPENAI_API_KEY secret

.github/workflows/auto-merge.yml

Auto-merge workflow:

  • Checks all required status checks pass
  • Verifies chittyfoundation/ops canonical checks pass
  • Confirms no merge conflicts
  • Enables auto-merge with squash or merge commit
  • Triggers on successful check completion

.github/workflows/auto-delete-branch.yml

Branch cleanup workflow:

  • Triggers on PR merge/close
  • Deletes source branch automatically
  • Preserves protected branches

.github/workflows/canonical-checks.yml

Integration with chittyfoundation/ops:

  • Calls reusable workflows from chittyfoundation/ops
  • Enforces core validation rules
  • Reports status back to PR

Configuration Files:

.github/coderabbit.yml

CodeRabbit AI configuration:

language: en-US
early_access: true
reviews:
  auto_review:
    enabled: true
    auto_incremental_review: true
  request_changes_workflow: true
  high_level_summary: true
  poem: false
  review_status: true

.github/auto-merge.json

Auto-merge rules configuration

.github/labeler.yml

Auto-labeling rules based on file patterns

GitHub Secrets Required

The following secrets must be configured in repository settings or organization level:

  • ANTHROPIC_API_KEY - For Claude API access
  • OPENAI_API_KEY - For OpenAI Codex access
  • GITHUB_TOKEN - Automatically provided, used for GitHub API operations

CodeRabbit AI Setup

CodeRabbit should be installed as a GitHub App with permissions:

  • Pull requests: Read & Write
  • Contents: Read
  • Issues: Read & Write

Branch Protection Rules

Update branch protection to require:

  • Status checks from all AI review workflows
  • Status checks from chittyfoundation/ops canonical workflows
  • Up-to-date branches before merging

Global Deployment

After testing in chittyos/chittyops, these workflows should be:

  1. Committed to a central repository or GitHub organization .github repo
  2. Referenced as reusable workflows across all organizations
  3. Deployed to: Chittyfoundation, chittyos, chittyapps, chittycorp, furnished-condos, chicagoapps

Success Criteria

  • ✅ PRs automatically get AI reviews from all three services
  • ✅ PRs are automatically labeled based on content
  • ✅ chittyfoundation/ops checks are required and enforced
  • ✅ PRs auto-merge when all conditions met
  • ✅ Branches auto-delete after successful merge
  • ✅ Workflows are reusable across all organizations

Notes

  • Ensure workflows handle API rate limits gracefully
  • Add appropriate error handling and notifications
  • Make workflows parameterizable for easy reuse
  • Document setup process ...

This pull request was created from Copilot chat.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 5 commits January 25, 2026 07:11
@chitcommit
Add core CI/CD automation workflows and configuration files
7901562 
Co-authored-by: chitcommit <208086304+chitcommit@users.noreply.github.com>
@chitcommit
Add documentation and deployment tools for PR automation
7bc281a 
Co-authored-by: chitcommit <208086304+chitcommit@users.noreply.github.com>
@chitcommit
Update README with PR automation features and documentation
e0364d7 
Co-authored-by: chitcommit <208086304+chitcommit@users.noreply.github.com>
@chitcommit
Add implementation summary and complete PR automation system
9dabc87 
Co-authored-by: chitcommit <208086304+chitcommit@users.noreply.github.com>
@chitcommit
Fix code review issues: variable substitution, node_id handling, and …
8affb47 
…shell injection prevention

Co-authored-by: chitcommit <208086304+chitcommit@users.noreply.github.com>
Copilot AI changed the title [WIP] Implement CI/CD automation for pull requests across organizations Implement multi-AI PR automation with auto-merge and cross-org deployment Jan 25, 2026
Copilot AI requested a review from chitcommit January 25, 2026 07:21
chitcommit added a commit that referenced this pull request Feb 9, 2026
@chitcommit @claude
fix: Address security and correctness issues from code review
5fb354f 
Critical fixes:
- Fix command injection in remediate.js: switch from execSync with
  string interpolation to execFileSync with argument arrays (#1)
- Fix shell injection in github-checker.js: all execSync calls
  replaced with execFileSync using argument arrays (#2)
- Fix audit:service arg parsing: parser now handles both --service=NAME
  and --service NAME formats (#3)

Significant fixes:
- Fix onboard-service.sh YAML append: use python3 for org-aware
  insertion instead of blind file append (#4)
- Clarify checks.yml as reference doc, remove unused loadChecks()
  method from audit engine (#5)
- Add compliance/README.md so remediation issue links work (#7)
- Remove dead parseSimpleYaml fallback, use js-yaml directly (#8)

Minor fixes:
- Fix inverted return codes in deploy_file/deploy_template/deploy_workflow
  to follow bash convention (0=success, 1=skip) (#9)
- Add cleanup trap to setup-org-workflows.sh to remove /tmp clones (#10)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chitcommit chitcommit Awaiting requested review from chitcommit

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

Copilot code review Copilot

@chitcommit chitcommit

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chitcommit