Skip to content

ci(coderabbit-gate): tolerate status-publish 403 on fork prs#512

Open
Yurii214 wants to merge 1 commit into
vouchdev:testfrom
Yurii214:fix/coderabbit-gate-fork-status
Open

ci(coderabbit-gate): tolerate status-publish 403 on fork prs#512
Yurii214 wants to merge 1 commit into
vouchdev:testfrom
Yurii214:fix/coderabbit-gate-fork-status

Conversation

@Yurii214

Copy link
Copy Markdown
Contributor

the coderabbit-gate job publishes the required coderabbit-approved commit status via POST /repos/{repo}/statuses/{sha}. for a pr opened from a fork, the base-repo GITHUB_TOKEN can't write a status onto the fork's head sha, so the api returns 403 "resource not accessible by integration" and the whole job fails — putting a red gate check on every external contribution, even when the review verdict is approved. same-repo prs never hit it (their head sha lives in the base repo), which is why it slipped through in #508.

this treats a 403 on a fork head as expected: warn and succeed, so external prs stop showing a spurious failed check. same-repo prs still hard-fail if the publish fails.

what this does and doesn't do: the unset status already blocks native auto-merge on its own (the ruleset keeps waiting for it), so failing this infra job only added noise for outside contributors — this removes that noise. it does not make auto-merge self-complete for fork prs; the status still can't be published with this token, so a maintainer merges the fork pr by hand until a token with statuses:write for cross-fork writes (fine-grained PAT / app installation token) or a switch to the checks api lands.

repro and full detail in #511. verified locally: the yaml parses and the diff is the single status-publish step.

the gate job publishes the required `coderabbit-approved` commit status
via POST /repos/{repo}/statuses/{sha}. for a pr opened from a fork the
GITHUB_TOKEN can't write a status onto the fork's head sha, so the api
returns 403 "resource not accessible by integration". that failed the
whole job and put a red check on every external contribution — even when
the review verdict was `approved`.

the unset status already blocks native auto-merge on its own (the ruleset
keeps waiting for it), so failing this infra job adds only noise for
outside contributors. treat a 403 on a fork head as expected: warn and
succeed. same-repo prs still hard-fail if the publish fails.
@Yurii214
Yurii214 requested a review from plind-junior as a code owner July 16, 2026 17:51
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@plind-junior, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 58 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 87b8cdd8-a2ff-43bf-ad08-6ccbf343c606

📥 Commits

Reviewing files that changed from the base of the PR and between bfb6b0a and cef9cfe.

📒 Files selected for processing (1)
  • .github/workflows/coderabbit-gate.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added ci github actions and automation size: XS less than 50 changed non-doc lines labels Jul 16, 2026
@plind-junior

Copy link
Copy Markdown
Member

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci github actions and automation size: XS less than 50 changed non-doc lines

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants