chore: add dev-lead.yml to DEPLOYABLE_WORKFLOWS

[don-petry]

Summary

• Adds dev-lead.yml to the DEPLOYABLE_WORKFLOWS list in deploy-standard-workflows.sh so the dev-lead caller stub is auto-deployed to all org repos going forward.
• All 6 app repos were manually synced to the current version as part of this rollout (all confirmed compliant via dry-run).

Test plan

• bash scripts/deploy-standard-workflows.sh --dry-run reports all repos compliant for both dev-lead.yml and pr-review-mention.yml

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Enabled deployment of the dev-lead workflow to supported repositories, making it available alongside existing deployable workflows.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2af8c8db-f425-43d7-aec9-4b9c9b396c1b

📥 Commits

Reviewing files that changed from the base of the PR and between 376a4fc and f0677eb.

📒 Files selected for processing (1)

• scripts/deploy-standard-workflows.sh

---

📝 Walkthrough

Walkthrough

The DEPLOYABLE_WORKFLOWS allowlist in the deployment script is updated to include dev-lead.yml, enabling that workflow for deployment to targeted repositories subject to existing template presence and compliance checks.

Changes

Workflow allowlist update

Layer / File(s)	Summary
Workflow allowlist update scripts/deploy-standard-workflows.sh	The dev-lead.yml workflow is added to the DEPLOYABLE_WORKFLOWS array, making it eligible for deployment alongside other configured workflows.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• petry-projects/.github#301: Coordinates the dev-lead.yml rollout by promoting the workflow in ci-standards.md and removing the claude.yml template, while this PR enables dev-lead.yml in the deployment allowlist.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding dev-lead.yml to the DEPLOYABLE_WORKFLOWS list in the deployment script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/add-dev-lead-to-deployable-workflows

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

This PR adds the Dev-Lead workflow stub to the standard workflow deployment script so it can be rolled out across organization repositories.

Changes:

• Adds dev-lead.yml to DEPLOYABLE_WORKFLOWS.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f0677eba15

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep dev-lead out until its stub matches audit

Adding dev-lead.yml to the all-repo deploy list will push standards/workflows/dev-lead.yml verbatim, but that template currently calls petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@main while scripts/compliance-audit.sh checks downstream repos for petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1 (see check_centralized_workflow_stubs). In any repo touched by this deployment, the deploy script’s own dry-run can report “already compliant” because it compares against the template, but the org compliance audit will still flag the workflow as non-canonical. Please align the dev-lead template/audit expectation before enabling it for bulk deployment.

Useful? React with 👍 / 👎.

[gemini-code-assist]

Code Review

This pull request adds the dev-lead.yml workflow to the DEPLOYABLE_WORKFLOWS list in the deployment script. A review comment highlights a conflict between this automated synchronization and the workflow's internal documentation, which suggests it can be modified locally. The reviewer recommends either excluding the workflow from the deployment script or updating the template to clarify that it is enforced verbatim to prevent local changes from being overwritten.

[gemini-code-assist]

Adding dev-lead.yml to the DEPLOYABLE_WORKFLOWS list enables verbatim synchronization across all repositories. However, the dev-lead.yml template itself (lines 12-13) contains a comment stating it 'may be freely modified on PR branches to adjust triggers'. There is a conflict here: if a repository owner customizes the triggers, those changes will be silently overwritten by this script whenever the central template's uses: version is updated or if the script is run with --force. If the workflow is intended to be customizable at the repository level, it should likely be excluded from this list (similar to feature-ideation.yml). If it should be enforced verbatim, the misleading comment in standards/workflows/dev-lead.yml should be removed to avoid developer confusion.

[donpetry-bot]

Review — fix requested (cycle 1/3)

The automated review identified the following issues. Please address each one:

Findings to fix

Automated review — NEEDS HUMAN REVIEW

Risk: MEDIUM
Reviewed commit: f0677eba15c22e93a880c55423bcc7cbdb13100a
Review mode: triage-approved (single reviewer)

Summary

The diff itself is trivial — one line adding dev-lead.yml to DEPLOYABLE_WORKFLOWS. CI is fully green and SonarCloud/CodeQL/AgentShield all pass. However, three independent AI reviewers (Copilot, Codex, Gemini) raised the same concrete concern, and on verification it holds up: the dev-lead stub template and the compliance audit disagree about what the canonical reusable reference should be, and this PR will propagate that mismatch across every org repo.

Flagging for human confirmation since the triage tier classified this as trivial low-risk.

Linked issue analysis

No linked issue. Related context: PR #301 (promote dev-lead.yml in ci-standards) and PR #302 (per-workflow version tags in stub checker).

Findings

Template / compliance-audit mismatch (carry-forward from Copilot + Codex + Gemini threads):

• standards/workflows/dev-lead.yml:52 delegates to:

  petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@main
  

• scripts/compliance-audit.sh:731 expects:

  petry-projects/.github/.github/workflows/dev-lead-reusable.yml@v1
  

• Verified that dev-lead-reusable.yml does not exist in petry-projects/.github at main or at the v1 tag — it lives only in .github-private. Other entries in the audit's centralized array (agent-shield, auto-rebase, etc.) point to reusables that do exist in .github, so dev-lead is the outlier.
• deploy-standard-workflows.sh:103-109 (is_already_compliant) compares against the template's uses: line, so the dry-run will happily report repos as "compliant" — but the org compliance audit applies a different rule and will flag every deployed copy as non-stub-dev-lead.yml.

This mismatch already exists on main and predates this PR. The reason to flag it here is that this PR is the action that propagates the broken stub from the 6 repos already touched manually to every repo under the org, multiplying the audit noise. Easier to reconcile once than to chase down.

Suggested resolutions (pick one before bulk rollout):

1. Update standards/workflows/dev-lead.yml so its uses: matches what the audit expects, and publish the reusable at that location/tag in .github (mirror or move from .github-private).
2. Update the audit's expectation in scripts/compliance-audit.sh:731 to match the current .github-private/.../@main form (note: this loses the version-pinning intent established in fix(compliance): track per-workflow version tags in stub checker #302).
3. Hold dev-lead off the auto-deploy list until 1 or 2 is settled (Gemini's suggestion, parallels how feature-ideation.yml is intentionally excluded).

Gemini's secondary concern about the "may be freely modified on PR branches" comment at standards/workflows/dev-lead.yml:12-13 is also worth a follow-up — that comment is now misleading once the file is auto-synced. Lower priority; can be addressed in the same follow-up as the audit/template reconciliation.

CI status

All required checks green (Lint, ShellCheck, CodeQL, SonarCloud, Secret scan, AgentShield, Agent Security Scan). CodeRabbit auto-approved; Copilot/Codex/Gemini are COMMENTED with unresolved review threads on line 40.

---

Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.

Additional tasks

1. Resolve all unresolved review thread comments from other reviewers
2. Ensure all CI checks pass after your changes
3. Rebase on the target branch if behind
4. Do NOT modify files unrelated to the findings above

The review cascade will automatically re-review after new commits are pushed.