ci(coderabbit-gate): tolerate status-publish 403 on fork prs#512
ci(coderabbit-gate): tolerate status-publish 403 on fork prs#512Yurii214 wants to merge 1 commit into
Conversation
the gate job publishes the required `coderabbit-approved` commit status
via POST /repos/{repo}/statuses/{sha}. for a pr opened from a fork the
GITHUB_TOKEN can't write a status onto the fork's head sha, so the api
returns 403 "resource not accessible by integration". that failed the
whole job and put a red check on every external contribution — even when
the review verdict was `approved`.
the unset status already blocks native auto-merge on its own (the ruleset
keeps waiting for it), so failing this infra job adds only noise for
outside contributors. treat a 403 on a fork head as expected: warn and
succeed. same-repo prs still hard-fail if the publish fails.
|
Warning Review limit reached
Next review available in: 58 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@coderabbitai review |
✅ Action performedReview finished.
|
the
coderabbit-gatejob publishes the requiredcoderabbit-approvedcommit status viaPOST /repos/{repo}/statuses/{sha}. for a pr opened from a fork, the base-repoGITHUB_TOKENcan't write a status onto the fork's head sha, so the api returns 403 "resource not accessible by integration" and the whole job fails — putting a redgatecheck on every external contribution, even when the review verdict isapproved. same-repo prs never hit it (their head sha lives in the base repo), which is why it slipped through in #508.this treats a 403 on a fork head as expected: warn and succeed, so external prs stop showing a spurious failed check. same-repo prs still hard-fail if the publish fails.
what this does and doesn't do: the unset status already blocks native auto-merge on its own (the ruleset keeps waiting for it), so failing this infra job only added noise for outside contributors — this removes that noise. it does not make auto-merge self-complete for fork prs; the status still can't be published with this token, so a maintainer merges the fork pr by hand until a token with
statuses:writefor cross-fork writes (fine-grained PAT / app installation token) or a switch to the checks api lands.repro and full detail in #511. verified locally: the yaml parses and the diff is the single status-publish step.