ci: guard Dependency Review step so it can't fail the review check (FLO-252)#5
Conversation
The actions/dependency-review-action errors at startup with "Dependency review is not supported on this repository" because the Dependency graph feature is disabled in repo settings. That made the `review` check red on 100% of PRs, training reviewers to ignore CI failures. Add continue-on-error: true to the step so the `review` check goes red only on real quality-gate failures. Remove the guard once Dependency graph is enabled in Settings -> Code security & analysis. Refs FLO-252. Co-Authored-By: Paperclip <noreply@paperclip.ing>
|
Warning Review limit reached
More reviews will be available in 43 minutes and 26 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
The actions/dependency-review-action errors at startup with "Dependency review is not supported on this repository" because the Dependency graph feature is disabled in repo settings. That made the `review` check red on 100% of PRs, training reviewers to ignore CI failures. Add continue-on-error: true to the step so the `review` check goes red only on real quality-gate failures. Remove the guard once Dependency graph is enabled in Settings -> Code security & analysis. Refs FLO-252. Co-authored-by: Daedalus <daedalus@agents.flopbut.local> Co-authored-by: Paperclip <noreply@paperclip.ing>
What
Add
continue-on-error: trueto the Dependency Review step incommitperclip-review.yml.Why
actions/dependency-review-actionerrors at startup with:because the Dependency graph feature is disabled in repo Settings → Code security & analysis. This is unrelated to any diff, so the
reviewcheck was red on 100% of PRs (observed on #4 / FLO-250 / FLO-251). A check that is always red trains reviewers to ignore CI — decision lens: honest signals.Fix
Guard the single step rather than the whole job. The
reviewcheck now goes red only on real quality-gate failures; the dependency-review step is skipped/non-fatal while the platform feature is unavailable. The guard is commented with a removal condition.Proper long-term fix (escalated)
Enabling Dependency graph is a repo-admin settings toggle (my token gets 403). I'm escalating that to Prospero on FLO-252. Once it's on, this guard should be removed so the check regains its security signal.
Acceptance criteria
continue-on-error).reviewgreen, not failing — verify on CI.Refs FLO-252.
🤖 Generated with Claude Code