feat: ACNA-4515 add pr-reviewer workflow#163
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 PR Reviewer
The workflow is well-structured with clear separation of gate-checking and review execution. There are minor security and robustness concerns worth addressing before merging.
📝 4 suggestion(s) - Please review inline comments below.
💡 How to re-trigger
Comment /review or /pr-reviewer on this PR
| # NOTE: comment body matching is exact — /review or /pr-reviewer with no trailing spaces, newlines, or mixed case | ||
| # This does not fail the workflow; non-matching comments simply do not trigger the job | ||
| if: | | ||
| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) || |
There was a problem hiding this comment.
The fork check only prevents pull_request events from forks, but issue_comment events on PRs from forks are NOT blocked by this condition. A fork contributor could open a PR and then if a collaborator accidentally comments /review, it would run with repo permissions. The permission gate on the commenter handles this case, but worth documenting this explicitly.
There was a problem hiding this comment.
Already handled, the collaborator permission gate blocks non-admins regardless of PR origin. No secrets are exposed to fork code since the workflow runs in the base repo context.
chsrimanaswi
dismissed
github-actions[bot]’s stale review
Proposed changes not required.
Adds the pr-review.yml workflow so the GitHub review bot can be enabled for this repo, mirroring adobe/aio-cli-plugin-app-dev#163.
2 participants
Adds AI PR reviewer workflow. See adobe/generator-aio-app#296 for reference implementation.