Code-review findings on the org-governance release:
- Fail closed on org-rule lookup error: getFirstMatchProtectedBranchRule
swallowed FindOrgBranchRuleForBranch errors (returned nil,nil), silently
dropping the org floor and falling back to the repo rule on a transient DB
error. Propagate the error so the org rule stays enforced.
- Stop the org rule locking out deploy-key and Actions-bot pushes:
OrgProtectedBranch is team-only, so mergeMostRestrictive was ANDing the
repo's WhitelistDeployKeys / WhitelistActionsUser (and the force-push,
delete and merge counterparts) against the org side's always-false zero
value, blocking every deploy-key and Actions push in any org with a
matching branch rule. Carry those org-unmanaged fields through from the
repo rule unchanged.
- Org push-policy max-file-size now inspects only the pushed delta
(diff-tree + cat-file --batch-check) instead of the full tip tree via
ls-tree, so a pre-existing oversized file can no longer permanently block
unrelated pushes. New branches (no base commit) still scan the full tree.
Dev deploy targeting:
- deploy-dev.yml drove the dev container image via `sed` on the SHARED
compose file, but the pattern matched the *prod* service line
(container_name: mokogitea) — leaving the dev service pinned to a stale
image (so every "green" deploy recreated old code) while corrupting the
prod image pin. Drive the dev service image from ${MOKOGITEA_DEV_TAG}
instead; the env-var only affects the dev service.
Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT