johba/disinto
1
0
Fork 0
Code Issues 6 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: feat: vault PRs should auto-merge after approval (#170)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details

Browse source
This commit is contained in:
Agent 2026-04-03 06:29:35 +00:00
parent 958d3d2a84
commit 7b9c483477
3 changed files with 26 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/VAULT.md
View file

@ -33,9 +33,11 @@ The `main` branch on the ops repo (`johba/disinto-ops`) is protected via Forgejo
- Title: `vault: <action-id>`
- Labels: `vault`, `pending-approval`
- File: `vault/actions/<action-id>.toml`
- **Auto-merge enabled** — Forgejo will auto-merge after approval
4. **Approval** — Admin user reviews and approves the PR
5. **Execution** — Dispatcher (issue #76) polls for approved vault PRs and executes them
6. **Cleanup** — Executed vault items are moved to `fired/` (via PR)
5. **Auto-merge** — Forgejo automatically merges the PR once required approvals are met
6. **Execution** — Dispatcher (issue #76) polls for merged vault PRs and executes them
7. **Cleanup** — Executed vault items are moved to `fired/` (via PR)
## Bot Account Behavior
@ -43,6 +45,7 @@ Bot accounts (dev-bot, review-bot, vault-bot, etc.) **cannot merge vault PRs** e
- Only human admins can approve sensitive vault actions
- Bot accounts can only create vault PRs, not execute them
- Bot accounts cannot self-approve vault PRs (Forgejo prevents this automatically)
- Manual admin review is always required for privileged operations
## Setup