ci(mergify): upgrade configuration to current format

[mergify]

Warning

The following required products are not enabled for this repository: merge_protections.
If you merge this PR without enabling them first, some of your rules will stop working.
Please enable them in your Mergify dashboard before merging.

---

Hey there! 👋

We've noticed that your Mergify configuration is using some deprecated fields.

No worries—we've got your back! This automated PR updates your config to align with the newest standards, ensuring everything keeps running smoothly.

Do not procrastinate! You must upgrade your configuration before 2026-09-30, otherwise your configuration will stop working.

What's Changed?

• pull_request_rules → actions → post_check: The post_check action is deprecated. Use Mergify Merge Protections instead: https://docs.mergify.com/merge-protections/ (deadline: 2026-09-30)

Why This Matters

Keeping your configuration up-to-date means you'll benefit from the latest features and improvements Mergify has to offer. Plus, it helps prevent any unexpected hiccups down the road.

Got Questions? We've Got Answers! 🙌

Is this update safe to merge?

Absolutely! We've made sure the changes are compatible with your current setup. Your workflows should continue to work just as before—if not better!

Do I need to do anything special after merging?

Nope! Just merge this PR, and you're all set. If you have any custom configurations, it's a good idea to give them a quick look to ensure everything's in order.

What if I run into issues or have concerns?

We're here to help! Feel free to reach out to our support team anytime.

Thanks for being awesome and keeping your configuration up-to-date! If you have any thoughts or need a hand, don't hesitate to let us know.

Happy merging! 🎉

[greptile-apps]

Greptile Summary

This PR migrates the Mergify configuration from the deprecated pull_request_rules + post_check pattern to merge_protections. Both migrated protection rules contain a semantic error: the success conditions use author~=^(...)$ (checks who opened the PR) instead of approved-reviews-by~=^(...)$ (checks who approved it), which would allow any single approval on a maintainer-authored PR to pass the gate while making the maintainer-approval path unreachable for external contributors.

• P1 – wrong condition attribute: author~= should be approved-reviews-by~= in both rules (lines 12 and 25) to correctly enforce that a listed maintainer has actually approved the PR.

Confidence Score: 3/5

Not safe to merge as-is — author~= in both success conditions means the maintainer-approval path will never work for external contributor PRs, defeating the purpose of these protection rules.

One P1 defect: author~= checks the PR writer rather than the approver in both rules. Merging would silently disable the "approved by a named maintainer" escape hatch for all externally-authored PRs and incorrectly trigger it for maintainer-authored ones. The fix is a one-word change per rule (author → approved-reviews-by), but it must be verified against intent before merging.

.mergify.yml — lines 12 and 25 (author~= condition in both protection rules)

Important Files Changed

Filename	Overview
.mergify.yml	Migrates pull_request_rules + post_check to merge_protections; introduces a semantic error where author~= checks the PR writer rather than the approver in both protection rules.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR opened / updated] --> B{#approved-reviews-by >= 1?}
    B -- No --> C[Protection skipped — no checks fire]
    B -- Yes --> D{Rule 1: Lookout UI changes?}
    B -- Yes --> E{Rule 2: Armada maintainers?}

    D --> D1{files touch internal/lookoutui/?}
    D1 -- No --> D_PASS[✅ Rule 1 passes — no UI files]
    D1 -- Yes --> D2{#approved-reviews-by >= 2?}
    D2 -- Yes --> D_PASS
    D2 -- No --> D3{"author~= maintainer list?\n⚠️ should be approved-reviews-by~="}
    D3 -- Yes --> D_PASS
    D3 -- No --> D_FAIL[❌ Rule 1 blocks merge]

    E --> E1{Only internal/lookoutui/ files?}
    E1 -- Yes --> E_PASS[✅ Rule 2 passes — covered by Rule 1]
    E1 -- No --> E2{#approved-reviews-by >= 2?}
    E2 -- Yes --> E_PASS
    E2 -- No --> E3{"author~= maintainer list?\n⚠️ should be approved-reviews-by~="}
    E3 -- Yes --> E_PASS
    E3 -- No --> E_FAIL[❌ Rule 2 blocks merge]

Loading

_{Reviews (2): Last reviewed commit: "ci(mergify): upgrade configuration to cu..." | Re-trigger Greptile}

[greptile-apps]

Tip:

Greploop — Automatically fix all review issues by running /greploops in Claude Code. It iterates: fix, push, re-review, repeat until 5/5 confidence.

Use the Greptile plugin for Claude Code to query reviews, search comments, and manage custom context directly from your terminal.