Skip to content

ci: guard Dependency Review step so it can't fail the review check (FLO-252)#5

Merged
Fl0p merged 1 commit into
masterfrom
flo-252-guard-dependency-review
Jun 14, 2026
Merged

ci: guard Dependency Review step so it can't fail the review check (FLO-252)#5
Fl0p merged 1 commit into
masterfrom
flo-252-guard-dependency-review

Conversation

@Fl0p

@Fl0p Fl0p commented Jun 14, 2026

Copy link
Copy Markdown

What

Add continue-on-error: true to the Dependency Review step in commitperclip-review.yml.

Why

actions/dependency-review-action errors at startup with:

Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled

because the Dependency graph feature is disabled in repo Settings → Code security & analysis. This is unrelated to any diff, so the review check was red on 100% of PRs (observed on #4 / FLO-250 / FLO-251). A check that is always red trains reviewers to ignore CI — decision lens: honest signals.

Fix

Guard the single step rather than the whole job. The review check now goes red only on real quality-gate failures; the dependency-review step is skipped/non-fatal while the platform feature is unavailable. The guard is commented with a removal condition.

Proper long-term fix (escalated)

Enabling Dependency graph is a repo-admin settings toggle (my token gets 403). I'm escalating that to Prospero on FLO-252. Once it's on, this guard should be removed so the check regains its security signal.

Acceptance criteria

  • Workflow non-failing when Dependency graph is unavailable (continue-on-error).
  • A subsequent PR (this one) shows review green, not failing — verify on CI.

Refs FLO-252.

🤖 Generated with Claude Code

The actions/dependency-review-action errors at startup with "Dependency
review is not supported on this repository" because the Dependency graph
feature is disabled in repo settings. That made the `review` check red on
100% of PRs, training reviewers to ignore CI failures.

Add continue-on-error: true to the step so the `review` check goes red
only on real quality-gate failures. Remove the guard once Dependency
graph is enabled in Settings -> Code security & analysis.

Refs FLO-252.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
@coderabbitai

coderabbitai Bot commented Jun 14, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@Fl0p, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 43 minutes and 26 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 476d5474-d1d7-4bdb-92d5-1281cd1ab0f4

📥 Commits

Reviewing files that changed from the base of the PR and between ad664a1 and eeae1a6.

📒 Files selected for processing (1)
  • .github/workflows/commitperclip-review.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch flo-252-guard-dependency-review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Fl0p Fl0p merged this pull request into master Jun 14, 2026
12 of 14 checks passed
Fl0p added a commit that referenced this pull request Jul 3, 2026
The actions/dependency-review-action errors at startup with "Dependency
review is not supported on this repository" because the Dependency graph
feature is disabled in repo settings. That made the `review` check red on
100% of PRs, training reviewers to ignore CI failures.

Add continue-on-error: true to the step so the `review` check goes red
only on real quality-gate failures. Remove the guard once Dependency
graph is enabled in Settings -> Code security & analysis.

Refs FLO-252.

Co-authored-by: Daedalus <daedalus@agents.flopbut.local>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant