From eecea2d2c5914be3aea22e4bac174d8f233d750e Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Wed, 10 Jun 2026 18:42:55 +0000 Subject: [PATCH] harden OB1 PR Gate: add ready_for_review trigger + clearer branch protection instructions - Add ready_for_review to the pull_request event types so draft PRs re-run the gate when marked ready (previously only opened/synchronize/ reopened were covered) - Replace vague recommendation comment with step-by-step branch protection setup instructions, referencing the exact job name ('OB1 Review') that must be added as a required status check The gate already blocks merge on failure: line 671 exits with code 1 when any of the 15 review checks fail. This change ensures the workflow also runs when a draft PR transitions to ready-for-review, closing a coverage gap. --- .github/workflows/ob1-gate.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ob1-gate.yml b/.github/workflows/ob1-gate.yml index 86571c0ac..06ed16a28 100644 --- a/.github/workflows/ob1-gate.yml +++ b/.github/workflows/ob1-gate.yml @@ -1,14 +1,16 @@ name: OB1 PR Gate -# Branch protection recommendation: -# After this action is working, enable branch protection on main: -# - Require the "OB1 PR Gate" workflow to pass its checks -# - Require at least 1 approving review from a maintainer -# This means: automated agent passes → human admin approves → merge allowed +# ── Branch protection setup (admin-only, one-time) ────────────── +# 1. Settings → Branches → Add branch protection rule for "main" +# 2. Check "Require status checks to pass before merging" +# 3. Search for and add: "OB1 Review" (the job name below) +# 4. Optionally check "Require branches to be up to date" +# 5. Check "Require approvals" with at least 1 approving review +# Result: automated gate passes → human admin approves → merge allowed on: pull_request: - types: [opened, synchronize, reopened] + types: [opened, synchronize, reopened, ready_for_review] branches: [main] permissions: