ci: free e2e-gated auto-merge (remove the AI agent)#46
Conversation
The daily nextjs-version-check loop opened bump PRs that never merged: allow_auto_merge was off (so `gh pr merge --auto` was a no-op) and branch protection required an approving review no bot can give. The failure was swallowed, so runs looked green while PRs piled up — zero nextjs-* PRs ever merged. The e2e suite is already the reviewer: test-summary (a required check) is green only if the full matrix passes (memory, redis, valkey, elasticache). So drive the merge off the checks, not an AI: - nextjs-version-check now opens the PR and enables --squash --auto using RELEASE_PAT (a real identity, so the PR triggers CI and the merge fires tag-on-version-merge). Falls back to GITHUB_TOKEN (PR opens, no auto-merge) when the PAT is unset. - Remove the ambient-version-agent workflow + doc (cost ~$tens/mo on the Anthropic API for an OSS side project; added nothing the e2e gate didn't). - Add docs/auto-release.md: RELEASE_PAT setup + branch-protection revert. Repo config (applied out-of-band): allow_auto_merge + delete_branch_on_merge on; main's required approval dropped, status checks kept. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request replaces the AI-based "Ambient Version Agent" documentation with a new "Autonomous releases" workflow documentation (docs/auto-release.md) that relies on GitHub's native auto-merge and a personal access token (RELEASE_PAT). A review comment correctly points out that the example gh api command for restoring branch protection is missing required fields (dismiss_stale_reviews and require_code_owner_reviews), which would cause the GitHub API to fail with a 422 error, and provides a code suggestion to resolve this.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| gh api -X PUT repos/{owner}/{repo}/branches/main/protection --input - <<'JSON' | ||
| { "required_status_checks": { "strict": false, | ||
| "contexts": ["lint-and-typecheck", "unit-tests", "test-summary"] }, | ||
| "enforce_admins": false, | ||
| "required_pull_request_reviews": { "required_approving_review_count": 1 }, | ||
| "restrictions": null, "required_conversation_resolution": true } | ||
| JSON |
There was a problem hiding this comment.
The GitHub REST API for updating branch protection (PUT /repos/{owner}/{repo}/branches/{branch}/protection) is strict about the required_pull_request_reviews object. If you omit dismiss_stale_reviews and require_code_owner_reviews, the API call will fail with a 422 Unprocessable Entity validation error. Adding these fields with default boolean values ensures the command runs successfully.
| gh api -X PUT repos/{owner}/{repo}/branches/main/protection --input - <<'JSON' | |
| { "required_status_checks": { "strict": false, | |
| "contexts": ["lint-and-typecheck", "unit-tests", "test-summary"] }, | |
| "enforce_admins": false, | |
| "required_pull_request_reviews": { "required_approving_review_count": 1 }, | |
| "restrictions": null, "required_conversation_resolution": true } | |
| JSON | |
| gh api -X PUT repos/{owner}/{repo}/branches/main/protection --input - <<'JSON' | |
| { "required_status_checks": { "strict": false, | |
| "contexts": ["lint-and-typecheck", "unit-tests", "test-summary"] }, | |
| "enforce_admins": false, | |
| "required_pull_request_reviews": { | |
| "dismiss_stale_reviews": false, | |
| "require_code_owner_reviews": false, | |
| "required_approving_review_count": 1 | |
| }, | |
| "restrictions": null, "required_conversation_resolution": true } | |
| JSON |
What & why
The daily
nextjs-version-checkloop opened bump PRs that never merged —allow_auto_mergewas off andmainrequired an approving review no bot can give, and the failure was swallowed. Zeronextjs-*PRs had ever merged.The e2e suite is already the reviewer (
test-summaryis green only if memory + redis + valkey + elasticache pass), so this drives the merge off the checks instead of an AI:nextjs-version-checknow opens the PR + enables--squash --autoviaRELEASE_PAT(a real identity → the PR triggers CI and the merge firestag-on-version-merge). Degrades gracefully to "PR opens, you merge" if the PAT is unset.ambient-version-agentworkflow + doc — it cost ~tens of $/mo on the Anthropic API for an OSS side project and added nothing the e2e gate didn't.docs/auto-release.md(RELEASE_PAT setup + branch-protection revert).Repo config already applied:
allow_auto_merge+delete_branch_on_mergeon;main's required approval dropped, status checks kept.Setup still needed
Add a fine-grained
RELEASE_PATsecret (this repo only; Contents + Pull requests: write). Seedocs/auto-release.md.🤖 Generated with Claude Code