[Workflows] Enforce CodeRabbit before Copilot on PRs

[ashleyshaw]

Automation Summary

Enforce that CodeRabbit completes its review before Copilot (or any other AI reviewer) is requested or allowed to proceed on pull requests targeting develop and main.

Currently, CodeRabbit is configured via .coderabbit.yaml with auto_review.enabled: true and request_changes_workflow: true, but there is no workflow-level gate that prevents Copilot from being requested before CodeRabbit has posted its review. This allows a PR to receive Copilot suggestions before CodeRabbit's structural and standards checks are available, which defeats the intended review-order policy.

Problem

• CodeRabbit and Copilot can run concurrently or in arbitrary order on PRs
• A contributor can request Copilot review immediately after opening a PR, before CodeRabbit has finished
• There is no status check or required review that enforces CodeRabbit must complete first
• The intent of the review policy (CodeRabbit as first-pass structural reviewer, Copilot for targeted follow-up) is not enforceable without a gate

Proposed Solution

Add a GitHub Actions workflow (or extend the existing reviewer.yml) that:

1. On pull_request opened/synchronised — sets a pending commit status or required check named coderabbit/review that must pass before other reviewers are requested
2. Polls or listens for CodeRabbit's review — uses the PR review events API to detect when CodeRabbit (@coderabbitai) has posted its review and marks the status check as passed
3. Optionally blocks Copilot auto-assignment — either via branch protection rules requiring coderabbit/review to pass, or by not auto-requesting Copilot until CodeRabbit has reviewed

Alternative: Branch Protection Rule

If a dedicated workflow is too complex, a simpler first step is to add coderabbit/review as a required status check in branch protection for develop and main, relying on CodeRabbit's own status reporting.

Steps / Checklist

• Review how CodeRabbit reports its review status (commit status vs. check run vs. PR review)
• Decide on approach: dedicated workflow gate vs. branch protection rule
• Implement the chosen approach
• Validate that Copilot requests cannot proceed until CodeRabbit's status is green
• Document the review-order policy in CONTRIBUTING.md
• Update .coderabbit.yaml if any config changes are needed

Acceptance Criteria

• PRs to develop and main cannot have Copilot invoked before CodeRabbit has completed its review
• The enforcement is visible (either as a required status check or a workflow gate)
• Review-order policy is documented in CONTRIBUTING.md
• No regressions to existing CodeRabbit or CI behaviour
• PR uses branch prefix automation/ or fix/

Additional Context

• Owner: Workflows
• Parent epic: [Epic] Label governance stabilisation and automation hardening #449 — Label governance stabilisation and automation hardening
• Related config: .coderabbit.yaml — CodeRabbit is already wired and active
• Related workflow: .github/workflows/reviewer.yml — runs the internal reviewer agent

Definition of Ready (DoR)

• Problem and goal described
• Scope defined
• Acceptance criteria listed
• Parent epic linked

Definition of Done (DoD)

• All acceptance criteria met
• Workflow/config implemented and validated on a test PR
• Documentation updated
• Approved by maintainer

[ashleyshaw]

Follow-up update (2026-05-27): PR #436 is merged into develop and references this workflow policy task. Keeping this issue OPEN because enforcement implementation/validation has not been completed by the merged scaffolding PR.

[ashleyshaw]

Linked under parent epic #449 ([Epic] Label governance stabilisation and automation hardening). This issue is part of the batch-01 execution set.

[ashleyshaw]

Execution update from sequence run:\n- #95 triage refresh is complete with current evidence (31 orphan labels, none active on open issues/PRs).\n\nImpact on #69:\n- Sequencing dependency is satisfied for execution start.\n- This review-order enforcement task can proceed in parallel with #66 and #67.\n\nI’ll keep posting status links from the parent epic #449 as each execution step lands.

[ashleyshaw]

Execution update: implementation PR is open for this task.\n\n- PR: #452\n- Scope delivered in PR: CodeRabbit success gate added ahead of reviewer job execution, with explicit PR gating and workflow concurrency control.\n\nWill close #69 after merge confirmation and check pass.