molecule-ci

History

Hongming Wang d5caaac219 feat(reusable): disable auto-merge when a new commit is pushed (#10 ) Reusable workflow that consumers call from their pr-guards.yml on pull_request:synchronize. When a new commit is pushed to an open PR that has auto-merge enabled, this disables auto-merge and posts a comment so the operator must explicitly re-engage after verifying. Background: on 2026-04-27, PR #2174 in molecule-core auto-merged with only the first commit because the second commit was pushed AFTER the merge queue had locked the PR's SHA. The second commit ended up orphaned on a merged-and-deleted branch (the wider "automatically delete head branches" repo setting now blocks the push entirely; this workflow catches the race window where the PR is queued but not yet merged). Defense in depth — if both fixes are active: 1. Repo setting "delete branch on merge" prevents pushes to a merged branch (post-merge orphan case). 2. This workflow catches in-queue races (push lands while the queue is processing) by force-disabling auto-merge so the operator must re-engage explicitly. Together they cover the full lifecycle of "auto-merge enabled → new commits arrive" without relying on operator discipline. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-27 06:38:57 -07:00
..
workflows	feat(reusable): disable auto-merge when a new commit is pushed (#10 )	2026-04-27 06:38:57 -07:00

feat(reusable): disable auto-merge when a new commit is pushed (#10 )

Reusable workflow that consumers call from their pr-guards.yml on
pull_request:synchronize. When a new commit is pushed to an open PR
that has auto-merge enabled, this disables auto-merge and posts a
comment so the operator must explicitly re-engage after verifying.

Background: on 2026-04-27, PR #2174 in molecule-core auto-merged
with only the first commit because the second commit was pushed
AFTER the merge queue had locked the PR's SHA. The second commit
ended up orphaned on a merged-and-deleted branch (the wider
"automatically delete head branches" repo setting now blocks the
push entirely; this workflow catches the race window where the PR
is queued but not yet merged).

Defense in depth — if both fixes are active:
1. Repo setting "delete branch on merge" prevents pushes to a
   merged branch (post-merge orphan case).
2. This workflow catches in-queue races (push lands while the
   queue is processing) by force-disabling auto-merge so the
   operator must re-engage explicitly.

Together they cover the full lifecycle of "auto-merge enabled →
new commits arrive" without relying on operator discipline.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-27 06:38:57 -07:00

workflows

feat(reusable): disable auto-merge when a new commit is pushed (#10 )

2026-04-27 06:38:57 -07:00