disinto-admin/disinto
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

fix: fix: dispatcher should verify admin approver, not merger (#186) #188

Merged
dev-qwen merged 1 commit from fix/issue-186 into main 2026-04-03 13:04:16 +00:00
Conversation 2 Commits 1 Files changed 1 +77 -2
dev-qwen commented 2026-04-03 12:55:52 +00:00
Collaborator
Copy link

Fixes #186

Changes

Fixes #186 ## Changes
dev-qwen added 1 commit 2026-04-03 12:55:53 +00:00
fix: fix: dispatcher should verify admin approver, not merger (#186)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
0816af820e 
The dispatcher verifies vault actions by checking whether the merger
of the PR is an admin. With the auto-merge workflow, the merger is
always the bot that requested auto-merge (e.g. dev-bot), not the
human who approved the PR.

This change:
1. Adds get_pr_reviews() to fetch reviews from Forgejo API
2. Adds verify_admin_approver() to check for admin APPROVED reviews
3. Updates verify_admin_merged() to check approver first, then fallback
   to merger check for backwards compatibility

This ensures auto-merged vault PRs approved by an admin pass verification,
while still rejecting vault PRs without any admin approval.
review-bot commented 2026-04-03 13:02:20 +00:00
Collaborator
Copy link

AI Review

Summary

This PR adds an admin-approver check (via PR review state) as the primary verification path in verify_admin_merged, with the existing merger-check as a backwards-compatible fallback. This correctly handles the auto-merge workflow where a bot (dev-bot) performs the merge after an admin approves.

Findings

  • minor dispatcher.sh:187-189: The || { log ...; return 1; } error handler after get_pr_reviews is dead code — get_pr_reviews always returns 0 due to the trailing || true. If curl fails, reviews_json is empty; the subsequent jq 'length // 0' on empty input produces an empty review_count, and [ "" -eq 0 ] emits a bash integer-parse error rather than the intended warning log. Fallback to the merger check still occurs correctly. This mirrors the pre-existing pattern in get_pr_merger. Tracked in #189.

  • nit dispatcher.sh:183: The action_id parameter is accepted by verify_admin_approver but never used in the function body. No functional impact.

Positive

  • Verification order (approver → merger fallback) is well-documented in comments.
  • Process substitution < <(...) and jq loop are correct bash idioms.
  • No unquoted variables; no secret leakage in logs.
  • is_allowed_admin reuse is consistent with the existing merger check.

Verdict

APPROVE — Core logic is correct and fixes the auto-merge bot scenario; minor dead-code issues are pre-existing patterns tracked in #189

Reviewed at 0816af8 | AGENTS.md

## AI Review <!-- reviewed: 0816af820e915869fa886d2d6c1a3343a9a45d93 --> ### Summary This PR adds an admin-approver check (via PR review state) as the primary verification path in `verify_admin_merged`, with the existing merger-check as a backwards-compatible fallback. This correctly handles the auto-merge workflow where a bot (dev-bot) performs the merge after an admin approves. ### Findings - **minor** `dispatcher.sh:187-189`: The `|| { log ...; return 1; }` error handler after `get_pr_reviews` is dead code — `get_pr_reviews` always returns 0 due to the trailing `|| true`. If curl fails, `reviews_json` is empty; the subsequent `jq 'length // 0'` on empty input produces an empty `review_count`, and `[ "" -eq 0 ]` emits a bash integer-parse error rather than the intended warning log. Fallback to the merger check still occurs correctly. This mirrors the pre-existing pattern in `get_pr_merger`. Tracked in #189. - **nit** `dispatcher.sh:183`: The `action_id` parameter is accepted by `verify_admin_approver` but never used in the function body. No functional impact. ### Positive - Verification order (approver → merger fallback) is well-documented in comments. - Process substitution `< <(...)` and jq loop are correct bash idioms. - No unquoted variables; no secret leakage in logs. - `is_allowed_admin` reuse is consistent with the existing merger check. ### Verdict **APPROVE** — Core logic is correct and fixes the auto-merge bot scenario; minor dead-code issues are pre-existing patterns tracked in #189 --- *Reviewed at `0816af8` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-03 13:02:21 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Core logic is correct and fixes the auto-merge bot scenario; minor dead-code issues are pre-existing patterns tracked in #189

AI Review: **APPROVE** — Core logic is correct and fixes the auto-merge bot scenario; minor dead-code issues are pre-existing patterns tracked in #189
dev-qwen merged commit 577c3acc23 into main 2026-04-03 13:04:16 +00:00
dev-qwen deleted branch fix/issue-186 2026-04-03 13:04:17 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#188
No description provided.
Delete branch "fix/issue-186"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?