feat(release-please): org-native auto-merge + major-bump block; retire central hub#22
Merged
Merged
Conversation
…e central hub The org-native reusable _release-please.yml now blocks automated major bumps (jq versioning override) and eager-auto-merges the release PR (--auto --squash with re-poke + retry), reaching parity with the personal-account workflow that several dryvist repos had been reaching across accounts to use. Remove the redundant central release-please-hub (workflow + script): every dryvist repo carrying a release config already ships a per-repo caller (verified against the live App installation), so the daily hub only double-created PRs. Per-repo push-triggered callers are now the single source of truth. Update AGENTS.md and README.md to document the org-native model (dryvist release App secret GH_ACTION_RELEASE_PLEASE_PRIVATE_KEY) instead of the retired JacobPEvans cross-account inheritance for release-please. Renovate-preset and SECURITY.md inheritance from JacobPEvans/.github is unchanged. Assisted-by: Claude:claude-opus-4-8
This was referenced Jun 3, 2026
Merged
JacobPEvans-personal
added a commit
to dryvist/ai-assistant-instructions
that referenced
this pull request
Jun 3, 2026
…ct shared-workflow home rule (#669) Point the release-please caller at dryvist/.github (org-native, dryvist release App) instead of the personal account, and forward GH_ACTION_RELEASE_PLEASE_PRIVATE_KEY. Correct shared-workflow-org-refs.md: dryvist is the canonical home for everything dryvist uses; JacobPEvans-personal may depend on dryvist, never the reverse. Release-please is now recorded as dryvist-homed (joining Nix CI); the remaining non-Nix workflows still in the personal account are marked pending relocation, not a permanent home. Refs: dryvist/.github#22 Assisted-by: Claude:claude-opus-4-8
JacobPEvans-personal
added a commit
to dryvist/ansible-splunk
that referenced
this pull request
Jun 3, 2026
Point the release-please caller at the dryvist org-native reusable workflow (dryvist release App) instead of the personal account, forwarding GH_ACTION_RELEASE_PLEASE_PRIVATE_KEY. Auto-merge + major-bump block come from the reusable workflow. Refs: dryvist/.github#22 Assisted-by: Claude:claude-opus-4-8
JacobPEvans-personal
added a commit
to dryvist/docs
that referenced
this pull request
Jun 3, 2026
The CI/CD policy said templates and reusable workflows live in JacobPEvans/.github. Correct it to the actual principle: dryvist is the canonical home for everything dryvist uses; JacobPEvans-personal may depend on dryvist, never the reverse. Record Nix + release-please as dryvist-homed and the remaining shared .github workflows as pending relocation rather than a permanent personal-account home. Refs: dryvist/.github#22 Assisted-by: Claude:claude-opus-4-8
JacobPEvans-personal
added a commit
to dryvist/cc-edge-pack-template
that referenced
this pull request
Jun 3, 2026
Point the release-please caller at the dryvist org-native reusable workflow (dryvist release App) instead of the personal account, forwarding GH_ACTION_RELEASE_PLEASE_PRIVATE_KEY. The is_template guard is preserved so the template repo itself never cuts releases. Auto-merge + major-bump block come from the reusable workflow. Refs: dryvist/.github#22 Assisted-by: Claude:claude-opus-4-8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Keystone of standardizing release-please across the workspace so every dryvist release PR inherits one workflow and auto-merges.
What changed
_release-please.yml(org-native reusable): add anauto-mergeinput (defaulttrue) and an eager auto-merge step (gh pr merge --auto --squashwith disable→re-poke→retry), plus the org-wide major-bump block (jqversioning override) it was previously missing. This brings the org-native workflow to parity with the personal-account_release-please.ymlthat several dryvist repos had been reaching across accounts to use.release-please-hub.yml+release-please-hub.sh. Every dryvist repo carrying a release config already ships a per-repo caller (verified against the live App installation — zero config-only repos), so the daily hub only double-created PRs. Per-repo push-triggered callers are now the single source of truth.AGENTS.md+README.mdnow describe the org-native model (dryvist release App secretGH_ACTION_RELEASE_PLEASE_PRIVATE_KEY) instead of the retired cross-account JacobPEvans inheritance for release-please. Renovate-preset andSECURITY.mdinheritance fromJacobPEvans/.githubis unchanged.Why
Release PRs behaved inconsistently: most dryvist repos used the org-native workflow (no auto-merge), others reached across to
JacobPEvans*/.github(auto-merge), and a daily hub redundantly re-created the same PRs. This makes one canonical, auto-merging path.Follow-up (separate PRs)
Consumer repos still pointing at
JacobPEvans*/.githubget flipped to this org-native caller, one PR each:ai-assistant-instructions,ansible-splunk,cc-edge-pack-template,mlx-benchmarks,nix-devenv,terraform-runs-on.Note
With no org-level required status checks today, auto-merge will land the release PR as soon as it is enabled (it does not wait for CI). That matches "always auto-merge"; gating on CI would require marking checks required via ruleset (out of scope here).