Skip to content

ci: free e2e-gated auto-merge (remove the AI agent)#46

Merged
mrjasonroy merged 1 commit into
mainfrom
ci/free-auto-merge-release-loop
Jun 25, 2026
Merged

ci: free e2e-gated auto-merge (remove the AI agent)#46
mrjasonroy merged 1 commit into
mainfrom
ci/free-auto-merge-release-loop

Conversation

@mrjasonroy

Copy link
Copy Markdown
Owner

What & why

The daily nextjs-version-check loop opened bump PRs that never mergedallow_auto_merge was off and main required an approving review no bot can give, and the failure was swallowed. Zero nextjs-* PRs had ever merged.

The e2e suite is already the reviewer (test-summary is green only if memory + redis + valkey + elasticache pass), so this drives the merge off the checks instead of an AI:

  • nextjs-version-check now opens the PR + enables --squash --auto via RELEASE_PAT (a real identity → the PR triggers CI and the merge fires tag-on-version-merge). Degrades gracefully to "PR opens, you merge" if the PAT is unset.
  • Removed the ambient-version-agent workflow + doc — it cost ~tens of $/mo on the Anthropic API for an OSS side project and added nothing the e2e gate didn't.
  • Added docs/auto-release.md (RELEASE_PAT setup + branch-protection revert).

Repo config already applied: allow_auto_merge + delete_branch_on_merge on; main's required approval dropped, status checks kept.

Setup still needed

Add a fine-grained RELEASE_PAT secret (this repo only; Contents + Pull requests: write). See docs/auto-release.md.

🤖 Generated with Claude Code

The daily nextjs-version-check loop opened bump PRs that never merged:
allow_auto_merge was off (so `gh pr merge --auto` was a no-op) and branch
protection required an approving review no bot can give. The failure was
swallowed, so runs looked green while PRs piled up — zero nextjs-* PRs ever
merged.

The e2e suite is already the reviewer: test-summary (a required check) is
green only if the full matrix passes (memory, redis, valkey, elasticache).
So drive the merge off the checks, not an AI:

- nextjs-version-check now opens the PR and enables --squash --auto using
  RELEASE_PAT (a real identity, so the PR triggers CI and the merge fires
  tag-on-version-merge). Falls back to GITHUB_TOKEN (PR opens, no auto-merge)
  when the PAT is unset.
- Remove the ambient-version-agent workflow + doc (cost ~$tens/mo on the
  Anthropic API for an OSS side project; added nothing the e2e gate didn't).
- Add docs/auto-release.md: RELEASE_PAT setup + branch-protection revert.

Repo config (applied out-of-band): allow_auto_merge + delete_branch_on_merge
on; main's required approval dropped, status checks kept.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request replaces the AI-based "Ambient Version Agent" documentation with a new "Autonomous releases" workflow documentation (docs/auto-release.md) that relies on GitHub's native auto-merge and a personal access token (RELEASE_PAT). A review comment correctly points out that the example gh api command for restoring branch protection is missing required fields (dismiss_stale_reviews and require_code_owner_reviews), which would cause the GitHub API to fail with a 422 error, and provides a code suggestion to resolve this.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread docs/auto-release.md
Comment on lines +64 to +70
gh api -X PUT repos/{owner}/{repo}/branches/main/protection --input - <<'JSON'
{ "required_status_checks": { "strict": false,
"contexts": ["lint-and-typecheck", "unit-tests", "test-summary"] },
"enforce_admins": false,
"required_pull_request_reviews": { "required_approving_review_count": 1 },
"restrictions": null, "required_conversation_resolution": true }
JSON

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The GitHub REST API for updating branch protection (PUT /repos/{owner}/{repo}/branches/{branch}/protection) is strict about the required_pull_request_reviews object. If you omit dismiss_stale_reviews and require_code_owner_reviews, the API call will fail with a 422 Unprocessable Entity validation error. Adding these fields with default boolean values ensures the command runs successfully.

Suggested change
gh api -X PUT repos/{owner}/{repo}/branches/main/protection --input - <<'JSON'
{ "required_status_checks": { "strict": false,
"contexts": ["lint-and-typecheck", "unit-tests", "test-summary"] },
"enforce_admins": false,
"required_pull_request_reviews": { "required_approving_review_count": 1 },
"restrictions": null, "required_conversation_resolution": true }
JSON
gh api -X PUT repos/{owner}/{repo}/branches/main/protection --input - <<'JSON'
{ "required_status_checks": { "strict": false,
"contexts": ["lint-and-typecheck", "unit-tests", "test-summary"] },
"enforce_admins": false,
"required_pull_request_reviews": {
"dismiss_stale_reviews": false,
"require_code_owner_reviews": false,
"required_approving_review_count": 1
},
"restrictions": null, "required_conversation_resolution": true }
JSON

@mrjasonroy mrjasonroy enabled auto-merge (squash) June 25, 2026 19:13
@mrjasonroy mrjasonroy merged commit 49491b4 into main Jun 25, 2026
7 checks passed
@mrjasonroy mrjasonroy deleted the ci/free-auto-merge-release-loop branch June 25, 2026 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant