test review

Author: cx-anurag-dalke

.github/workflows/ast-cli-team-review.yml

@@ -1,22 +1,75 @@
 name: add-assignee-and-reviewers
+
 on:
   pull_request_target:
-    types: [ready_for_review, opened, reopened]
+    types: [ready_for_review, opened, reopened, review_requested, edited]
 
 permissions:
-  contents: none
+  contents: read
   issues: write
-  pull-requests: write
+  pull-requests: read
 
 jobs:
   add-assignee-and-reviewers:
     runs-on: ubuntu-latest
     if: ${{ github.event.pull_request.user.type != 'Bot' }}
     steps:
-      - name: Request reviewers
+      - name: Set up GitHub CLI
+        uses: cli/cli-action@v2
+        with:
+          version: latest
+
+      - name: Authenticate GitHub CLI
+        env:
+          GH_TOKEN: ${{ secrets.AST_CLI_GH_TOKEN }}
+        run: gh auth status
+
+      - name: Fetch team members
+        id: team
+        env:
+          GH_TOKEN: ${{ secrets.AST_CLI_GH_TOKEN }}
+        run: |
+          gh api orgs/CheckmarxDev/teams/ast-sypher-team/members --jq '.[].login' > team_members.txt
+          echo "✅ Team members:"
+          cat team_members.txt
+
+      - name: Fetch current reviewers
+        id: reviewers
         env:
-          GH_REPO: ${{ github.repository }}
           GH_TOKEN: ${{ secrets.AST_CLI_GH_TOKEN }}
-          PRNUM: ${{ github.event.pull_request.number }}
-          PRAUTHOR: ${{ github.event.pull_request.user.login }}
-        run: gh pr edit $PRNUM --add-reviewer CheckmarxDev/ast-sypher-team
+        run: |
+          gh pr view ${{ github.event.pull_request.number }} --json reviewRequests --jq '.reviewRequests' > all_reviewers.json
+
+          jq -r '.[] | select(.type == "User") | .login' all_reviewers.json > user_reviewers.txt
+          jq -r '.[] | select(.type == "Team") | .login' all_reviewers.json > team_reviewers.txt
+
+          echo "👤 User reviewers:"
+          cat user_reviewers.txt || echo "None"
+
+          echo "👥 Team reviewers:"
+          cat team_reviewers.txt || echo "None"
+
+      - name: Validate reviewers are only from ast-sypher-team
+        run: |
+          INVALID_USERS=()
+          while read reviewer; do
+            if ! grep -qx "$reviewer" team_members.txt; then
+              INVALID_USERS+=("$reviewer")
+            fi
+          done < user_reviewers.txt || true
+
+          INVALID_TEAMS=()
+          while read team; do
+            if [ "$team" != "ast-sypher-team" ]; then
+              INVALID_TEAMS+=("$team")
+            fi
+          done < team_reviewers.txt || true
+
+          if [ ${#INVALID_USERS[@]} -gt 0 ] || [ ${#INVALID_TEAMS[@]} -gt 0 ]; then
+            echo "❌ Invalid reviewers detected!"
+            echo "Invalid users: ${INVALID_USERS[*]}"
+            echo "Invalid teams: ${INVALID_TEAMS[*]}"
+            exit 1
+          fi
+
+          echo "✅ All reviewers are valid members of the ast-sypher-team or the team itself."

CODEOWNERS

@@ -2,4 +2,5 @@
 # Each line is a file pattern followed by one or more owners
 
 # Specify the default owners for the entire repository
-*       @AlvoBen @greensd4 @miryamfoiferCX
+*       @cx-anurag-dalke @cx-rah-pid
+