GitHub Merge Queue Stale Review Dismissal: Fix Rollback PRs That Lose Approval (2026)
Your rollback PR gets approved, enters merge queue, then suddenly requires review again. After re-approval, the same loop repeats. This is a classic stale review dismissal failure mode that can block incident rollback even when tests are healthy.
This guide is a practical incident runbook for teams using GitHub merge queue: identify stale-approval drift quickly, apply safe temporary controls, and restore normal policy after rollback is landed.
Table of contents
1. How to confirm stale-review dismissal quickly
| Observed signal | Likely meaning | Immediate action |
|---|---|---|
| PR was approved, then "changes requested/approval required" appears without new product code changes | Stale review dismissal triggered by queue/context updates | Check branch protection setting for dismiss stale approvals and queue update timeline. |
| Approval disappears after queue rebase/reorder event | Queue metadata updates are treated as stale-triggering changes | Correlate approval loss timestamp with merge queue requeue events. |
| Rollback PR keeps cycling between approved and review-required | Policy loop: queue updates + stale-review enforcement | Apply incident-time temporary approval profile with expiry. |
| Only CODEOWNERS approvals are removed repeatedly | Review policy overlap between code owners and stale dismissal | Separate rollback approval path from routine feature path. |
2. Root causes in merge queue environments
In protected branches, three mechanisms often combine into one failure loop:
- Dismiss stale pull request approvals is enabled globally.
- Merge queue updates introduce context changes while rollback PR is waiting.
- Strict approval gate requires fresh approval for every update-like change.
Even if your rollback diff is unchanged, queue orchestration can still invalidate prior approvals depending on your repository rule set.
3. 8-minute triage workflow
- Open the rollback PR timeline and record exact timestamps when approval was dismissed.
- Open repository branch protection/ruleset and confirm stale-review setting state.
- Check merge queue events around the same timestamps (requeue, merge-group refresh, priority reorder).
- Verify no new functional commits were pushed to rollback branch during that window.
- If no functional diff changed, classify incident as policy-induced approval drift.
- Escalate to incident commander and choose a bounded mitigation (next section).
# Useful CLI checkpoints during incident triage
# 1) Confirm no functional commit drift in rollback branch
git fetch origin
git log --oneline --decorate origin/main..origin/rollback-branch
# 2) Inspect approval-relevant metadata changes quickly
gh pr view <PR_NUMBER> --json reviews,latestReviews,updatedAt,mergeStateStatus
# 3) Snapshot branch protection settings for audit
gh api repos/<owner>/<repo>/branches/main/protection > protection-snapshot.json4. Safe mitigation patterns during incidents
| Mitigation | When to use | Risk | Control |
|---|---|---|---|
| Re-approve once with queue freeze window | Low queue churn, single rollback PR | Low | Temporarily pause unrelated queue traffic. |
| Temporary rollback review policy | Repeated stale dismissal loop | Medium | Dual approval + explicit expiry + post-incident restore. |
| Emergency bypass with governance | Active prod impact and SLA breach risk | High | Use bypass governance checklist. |
5. Policy templates and review guardrails
Use two policy profiles instead of one:
- Routine profile: strict stale-review dismissal for day-to-day PR safety.
- Incident rollback profile: bounded exceptions for validated rollback PRs only.
# Incident note template (paste into PR + incident timeline)
Incident rollback policy activated
- PR: #<number>
- Reason: approval dismissed repeatedly due to merge queue stale-review loop
- Approved by: incident commander + service owner
- Effective until: 2026-02-16T23:59:00Z
- Compensating controls: green required checks, smoke tests, staged validation
- Restoration owner: @oncall-platform6. Post-incident hardening
- Add a runbook section: "approval dismissed in merge queue" with concrete decision matrix.
- Record stale-review dismiss frequency as an incident metric.
- Document which queue events can invalidate approvals in your repo ruleset.
- Pre-authorize dual approvers for incident rollback windows.
- Run a quarterly game-day for rollback under merge queue + strict branch protections.
FAQ
Why does GitHub ask for review again when no one pushed new rollback commits?
In merge queue setups, orchestration updates can combine with stale-review rules and invalidate prior approvals even when rollback code did not change.
Is it safe to disable stale reviews permanently?
No. Keep strict defaults for routine development. Use a temporary incident profile for rollback only, then restore baseline rules immediately.
Can CODEOWNERS make stale approval loops worse?
Yes. If code owner review is mandatory and stale dismissal is strict, queue churn can repeatedly remove required approvals. Define a documented incident exception path.
Should we bypass merge queue instead?
Only when production impact and SLA risk justify it. If bypass is required, apply dual-control governance and time-bounded restoration tasks.
What should we monitor after fixing this once?
Track frequency of review dismissal during rollback incidents, time-to-land rollback PRs, and whether temporary policy windows are restored on time.
Related Resources
- GitHub Merge Queue Required Check Name Mismatch Guide — resolve waiting-for-status deadlocks caused by required-check context drift
- GitHub Merge Queue Required Checks Timed Out or Cancelled Guide — classify timeout vs cancellation loops in rollback incidents
- GitHub Merge Queue Flaky Required Checks Guide — stabilize nondeterministic CI failures during rollback
- GitHub Merge Queue Emergency Bypass Governance Guide — audit-safe approval and expiry controls for incident bypass decisions
- GitHub Actions CI/CD Complete Guide — workflow hardening patterns for protected branches and queue events
- Git Undo Pushed Commit Guide — safe rollback command patterns for shared branches