CI/CD & Code Review¶
All repos use GitHub Flow with branch protection, Copilot code review, and auto-merge.
PR Lifecycle¶
sequenceDiagram
participant Dev as Developer
participant GH as GitHub
participant CI as CI Checks
participant Cop as Copilot Review
participant AM as Auto-Merge
Dev->>GH: Push branch & create PR
GH->>CI: Trigger CI checks
GH->>Cop: Trigger Copilot review
CI-->>GH: Pass / Fail
Cop-->>GH: Comments / Approve
alt CI passes + no unresolved comments
GH->>AM: Auto-merge PR
AM-->>GH: Squash merge to main
else Copilot has comments
Dev->>GH: Address comments
Dev->>GH: Resolve conversations
GH->>AM: Re-check auto-merge
endBranch Protection¶
| Rule | Setting |
|---|---|
| Require PR before merge | Yes |
| Require CI to pass | Yes |
| Require Copilot review | Yes (via ruleset) |
| Allow force push | No |
| Allow deletion of main | No |
Copilot Code Review¶
All repos have automatic Copilot review enabled via repository rulesets:
| Setting | Value |
|---|---|
review_on_push |
true -- reviews every new commit |
review_draft_pull_requests |
true -- reviews drafts early |
Monitoring PRs¶
# Wait for CI checks
gh pr checks <number>
# Check for Copilot review conversations
./scripts/resolve-pr-conversations.sh <number>
# Verify merge
gh pr view <number> --json state,mergedAt
Copilot Suggestion Triage¶
| Category | Action | Examples |
|---|---|---|
| Security | Must fix before merge | Credential exposure, injection vulnerabilities |
| Bugs/Errors | Must fix before merge | Logic errors, missing error handling |
| Best Practices | Create issue, fix in follow-up | Error messages, defensive coding |
| Style/Documentation | Acknowledge and move on | Code comments, naming preferences |
Auto-Merge Workflow¶
Each repo has an auto-merge workflow that checks:
- All CI checks pass
- All Copilot review conversations are resolved
- No unresolved review comments remain
Wait before merging
Copilot review runs separately from CI. Always wait at least 2 minutes after the last push before attempting to merge.
Merge Strategy¶
| Branch type | Strategy |
|---|---|
| Feature branches | Squash merge (clean history) |
| Release branches | Regular merge (preserve history) |
| Shared branches | Never rebase |
Commit Convention¶
All repos use Conventional Commits:
| Type | Description |
|---|---|
feat: |
New feature |
fix: |
Bug fix |
refactor: |
Code change (no behavior change) |
docs: |
Documentation only |
chore: |
Maintenance (deps, CI, build) |
test: |
Adding/updating tests |
ci: |
CI/CD changes |
Infrastructure Status¶
| Repo | Dependabot | CI | Self-hosted | Auto-merge | GCP |
|---|---|---|---|---|---|
| nutri-e | Yes | Yes | Yes | Yes | Yes |
| cutie | Yes | Yes | Yes | Yes | Yes |
| star-rewards | Yes | Yes | Yes | Yes | Yes |
| ios-sdk | Yes | Yes | Yes | Yes | -- |
| ios-link-sdk | Yes | Yes | Yes | Yes | -- |