Skip to content

fix(ci): checkout PR policy from github.workflow_sha#891

Merged
cursor[bot] merged 2 commits into
mainfrom
cursor/pr-policy-workflow-sha-9b6d
Jul 18, 2026
Merged

fix(ci): checkout PR policy from github.workflow_sha#891
cursor[bot] merged 2 commits into
mainfrom
cursor/pr-policy-workflow-sha-9b6d

Conversation

@BigSimmo

Copy link
Copy Markdown
Owner

Summary

  • Make PR policy checkout deterministic by using github.workflow_sha (the trusted workflow revision for the run).
  • Avoid both moving github.base_ref tips and stale pull_request.base.sha trees that can miss scripts/pr-policy.mjs on older PRs.
  • Add self-test coverage for the workflow ref contract.
  • Supersedes fix(ci): make PR policy checkout deterministic #884 (Codex PR body is not editable by this agent token; that PR reintroduced stale base.sha).

Verification

  • npm run check:pr-policy (self-test including workflow ref assertions)
  • Verification not run: full npm run verify:cheap deferred; this change is CI workflow + self-test only and Static PR checks cover the cheap gate on this PR.

Risk and rollout

  • Risk: medium; changes which trusted tree the required PR policy job checks out for pull_request_target runs.
  • Rollback: revert the merge commit; policy checkout returns to github.base_ref.
  • Provider or production effects: None (GitHub Actions workflow only).
Open in Web Open in Cursor 

Use the workflow revision for pull_request_target policy checkout so
reruns stay deterministic without pinning stale pull_request.base.sha
trees that can miss scripts/pr-policy.mjs on older PRs.

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
@supabase

supabase Bot commented Jul 18, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@cursor[bot], you've reached your PR review limit, so we couldn't start this review.

Next review available in: 38 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: e8fbf9ce-5235-4120-b029-6cfd58285041

📥 Commits

Reviewing files that changed from the base of the PR and between 13a7901 and d4adc88.

📒 Files selected for processing (2)
  • .github/workflows/pr-policy.yml
  • scripts/pr-policy.mjs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cursor/pr-policy-workflow-sha-9b6d

Comment @coderabbitai help to get the list of available commands.

@cursor
cursor Bot marked this pull request as ready for review July 18, 2026 16:06
@cursor
cursor Bot enabled auto-merge (squash) July 18, 2026 16:07
…flow-sha-9b6d

Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
@cursor
cursor Bot merged commit ae65c69 into main Jul 18, 2026
15 checks passed
@cursor
cursor Bot deleted the cursor/pr-policy-workflow-sha-9b6d branch July 18, 2026 16:10
cursor Bot pushed a commit that referenced this pull request Jul 18, 2026
Capture the reviewed screenshot-queue outcomes, supersessions, and
hosted/local checks used for the safe merge pass.

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants