Skip to content

Code review skill: warn before approving PRs with auto-merge enabled#15997

Merged
JamesNK merged 2 commits intomainfrom
code-review-auto-merge-warning
Apr 9, 2026
Merged

Code review skill: warn before approving PRs with auto-merge enabled#15997
JamesNK merged 2 commits intomainfrom
code-review-auto-merge-warning

Conversation

@JamesNK
Copy link
Copy Markdown
Member

@JamesNK JamesNK commented Apr 9, 2026

Description

When the code review skill is asked to approve a PR with comments, and that PR has auto-merge enabled, the approval could trigger an automatic merge before the author has a chance to address the review comments.

This change adds an auto-merge safety check to Step 6 of the code review skill. Before submitting an APPROVE review with comments, the skill now:

  1. Checks if the PR has auto-merge enabled via gh pr view --json autoMergeRequest
  2. Warns the user if auto-merge is active
  3. Offers two options: approve anyway, or downgrade to a COMMENT review

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
    • No. Follow-up changes expected.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes
    • No
  • Did you add public API?
    • Yes
    • No
  • Does the change make any security assumptions or guarantees?
    • Yes
    • No
  • Does the change require an update in our Aspire docs?
    • Yes
    • No

Copilot AI review requested due to automatic review settings April 9, 2026 05:46
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 9, 2026
edited
Loading

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 15997

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 15997"

Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub PR code review skill instructions to avoid unintentionally triggering auto-merge when a user asks to approve a PR while also posting review comments.

Changes:

  • Adds an “Auto-merge safety check” step that queries autoMergeRequest via gh pr view before approving with comments.
  • Introduces a user prompt to either proceed with approval or downgrade to a comment-only review.
  • Tightens Step 6 submission guidance to gate "APPROVE" usage behind explicit user intent and the safety check.

Comment thread .github/skills/code-review/SKILL.md Outdated
3. **Submit the review**:
Use `mcp_github_pull_request_review_write` with method `submit_pending`:
- If any comments were posted: `event: "COMMENT"`, with a summary body listing the number of issues found by category. Do not use `"REQUEST_CHANGES"` unless the user explicitly asks for it.
- If any comments were posted: `event: "COMMENT"`, with a summary body listing the number of issues found by category. Do not use `"REQUEST_CHANGES"` unless the user explicitly asks for it. Do not use `"APPROVE"` unless the user explicitly asks for it **and** the auto-merge safety check above has passed or been acknowledged.
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "Submit the review" guidance is internally inconsistent: it says "If any comments were posted: event: "COMMENT"", which prevents the very "approve with comments" flow described in the new Auto-merge safety check section. Consider updating Step 6.3 to explicitly allow event: "APPROVE" when (a) the user explicitly requested approval with comments and (b) the auto-merge safety check was acknowledged/passed; otherwise default to event: "COMMENT" when comments exist.

Suggested change
- If any comments were posted: `event: "COMMENT"`, with a summary body listing the number of issues found by category. Do not use `"REQUEST_CHANGES"` unless the user explicitly asks for it. Do not use `"APPROVE"` unless the user explicitly asks for it **and** the auto-merge safety check above has passed or been acknowledged.
- If any comments were posted:
- Use `event: "APPROVE"` only if the user explicitly asked to approve with comments **and** the auto-merge safety check above has passed or been acknowledged.
- Otherwise, use `event: "COMMENT"`.
- In either case, include a summary body listing the number of issues found by category. Do not use `"REQUEST_CHANGES"` unless the user explicitly asks for it.

Copilot uses AI. Check for mistakes.
@JamesNK
Fix Step 6.3 submit guidance to be agent-friendly
ed7a5fd 
- Restructure auto-merge check trigger as a clear precondition
- Replace ambiguous 'passed or acknowledged' with explicit conditions
- Flatten nested bullets into mutually exclusive if/then rules
@JamesNK JamesNK merged commit 078ea8b into main Apr 9, 2026
6 checks passed
@joperezr joperezr added this to the 13.3 milestone Apr 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@radical radical radical approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

13.3

Development

Successfully merging this pull request may close these issues.

4 participants

@JamesNK @radical @joperezr