Skip to content

merge queue: embarking main (02126f5) and #1460 together#1484

Closed
mergify[bot] wants to merge 4 commits into
mainfrom
mergify/merge-queue/699a304bbd
Closed

merge queue: embarking main (02126f5) and #1460 together#1484
mergify[bot] wants to merge 4 commits into
mainfrom
mergify/merge-queue/699a304bbd

Conversation

@mergify
Copy link
Copy Markdown
Contributor

@mergify mergify Bot commented May 29, 2026
edited
Loading

🎉 This pull request has been checked successfully and will be merged soon. 🎉

Branch main (02126f5) and #1460 are embarked together for merge.

This pull request has been created by Mergify to speculatively check the mergeability of #1460.
You don't need to do anything. Mergify will close this pull request automatically when it is complete.

Required conditions of queue rule default for merge:

Required conditions to stay in the queue:

---
checking_base_sha: 02126f5aef8f5ee1718cf6833734698ef363d739
previous_failed_batches: []
pull_requests:
  - number: 1460
    scopes: []
scopes: []
...

jd and others added 4 commits May 29, 2026 08:33
@jd @claude
refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter
48e0093 
`ci queue-info::write_github_output` formatted a unique
`ghadelimiter_<uuid-v4>` to guard against a metadata payload that
happens to contain its own heredoc delimiter. The actual contract
is "32 unpredictable hex chars", not "a UUID per RFC 4122" — the
delimiter is never parsed by anyone, only matched as a string.

Pull 16 random bytes straight from `getrandom::fill` and hex-encode
them. Drops `uuid` from the direct deps (it stays unreferenced and
disappears from `Cargo.lock`), with `getrandom` taking its place —
which `uuid` was already pulling in transitively, so the net add
is zero new code shipped to the binary.

The local helper is six lines. Same blast radius for a
maintainer-attack story, smaller surface to read.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Change-Id: Ib6599e9b6fca49281186b726a63e4641fa32596e
@jd @claude
refactor(config): standardize the workspace on serde_yaml_ng for YAML…
f4fe757 
… parsing

The workspace had two YAML parsers — both forks of the archived
`dtolnay/serde-yaml`. `mergify-config` used `serde_norway` for
`.mergify.yml`; `mergify-ci` used `serde_yaml_ng` for merge-queue
metadata in PR bodies and git notes. Same job, two crates, two
transitive `unsafe-libyaml*` trees in Cargo.lock.

Standardize on `serde_yaml_ng` for both. The decision is grounded
in concrete signal, not vibe:

  Metric                     serde_norway   serde_yaml_ng
  ─────────────────────────  ─────────────  ─────────────
  Reverse-deps on lib.rs     229 (78 dir.)  618 (349 dir.)
  GitHub stars               53             109
  Last commit                2025-08-04     2025-09-14
  Bus factor (recent prs)    1 (solo)       merges externals
  Maintainer statement       v0.9.40 title  README: explicit
                             "I'm gonna       upstream-compat
                              maintain this"  intent
  unsafe-libyaml backend     forked ("…-    canonical
                             norway")
  Open since                 2024-06-10     2024-05-03
  License                    Apache-2.0     MIT (= upstream)

`serde_yaml_ng` wins on every axis that matters for the "will this
still be alive in two years" question: three-times the ecosystem
adoption, more recent activity, accepts third-party PRs, declares
the maintenance commitment in writing, and uses the canonical
`unsafe-libyaml` rather than a parallel-fork backend.

Functional surface is identical for both of our use shapes —
`from_str` to a typed struct for ci, `from_str` to `Value`
then convert to `serde_json::Value` for config validation.
Migration is purely a rename at the one call site.

Cargo.lock drops `serde_norway` and `unsafe-libyaml-norway`.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Change-Id: If5d28d2c4259127181bace5bafb0ac02c78d8f7b
@jd @claude
test(ci): add live smoke test for ci scopes select-all path
f58073c 
Pin the contract before porting `ci scopes` to Rust. The new test
exercises the "no base provided" branch — pass `--head HEAD`
without `--base` and the command must list every configured scope
as touched. This is the one execution path through `ci scopes`
that doesn't shell out to `git diff`, so the test stays hermetic
inside the tmp dir the `cli` fixture runs in (no git init, no
remote fetch, no Mergify API).

The Python implementation passes today. The follow-up port lands
on top and the same smoke test exercises the Rust binary,
catching any wire-format or exit-code drift between the two
implementations.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Change-Id: I14468b7046c449104675aea0a07a273eab479316
@mergify
Merge of #1460
7565b8c
@mergify mergify Bot deployed to Mergify Merge Protections May 29, 2026 08:00 Active
@mergify mergify Bot temporarily deployed to func-tests-live May 29, 2026 08:00 Inactive
@mergify mergify Bot mentioned this pull request May 29, 2026
Merged
@mergify mergify Bot closed this May 29, 2026
@mergify mergify Bot deleted the mergify/merge-queue/699a304bbd branch May 29, 2026 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jd