fix: add missing setup steps to bonk-auto-triage

.github/actions/check-codeowner/action.yml

@@ -4,7 +4,7 @@ description: "Check whether the event actor is listed in CODEOWNERS, including t
 inputs:
   GH_ORG_TOKEN:
     description: "Token with read:org scope for resolving team membership"
-    required: true
+    required: false
 
 outputs:
   is-codeowner:

.github/actions/check-codeowner/index.ts

@@ -93,7 +93,12 @@ async function isCodeowner(octokit: Octokit, actor: string): Promise<boolean> {
 
 (async function () {
 	try {
-		const token = core.getInput("GH_ORG_TOKEN", { required: true });
+		const token = core.getInput("GH_ORG_TOKEN");
+		if (!token) {
+			core.warning("GH_ORG_TOKEN not set — skipping CODEOWNERS check");
+			core.setOutput("is-codeowner", "false");
+			return;
+		}
 		const octokit = github.getOctokit(token);
 
 		const actor = getActor();

.github/workflows/bonk.yml

@@ -89,11 +89,8 @@ jobs:
           mentions: "/bonk"
           permissions: CODEOWNERS
 
-  bonk-auto-triage:
+  bonk-auto-review:
     needs: check-codeowner
-    # pull_request (not pull_request_target) is used here — secrets are available
-    # because this only runs on non-fork PRs (head.repo == base.repo). We do NOT
-    # check out or execute the PR's code — Bonk reads context via the GitHub API only.
     if: |
       needs.check-codeowner.outputs.is-codeowner == 'true' &&
       github.event_name == 'pull_request' &&
@@ -107,7 +104,35 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - name: Run Lil Bonk (auto-triage)
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 1
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+        with:
+          version: 10
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        id: setup-node
+        with:
+          node-version: 24.x
+          cache: pnpm
+
+      - name: Restore node_modules (cache hit)
+        id: node-modules-cache
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        with:
+          path: node_modules
+          key: node-modules-${{ runner.os }}-node-${{ steps.setup-node.outputs.node-version }}-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('package.json') }}
+
+      - name: Install node_modules (cache miss)
+        run: pnpm install --frozen-lockfile
+        if: steps.node-modules-cache.outputs.cache-hit != 'true'
+
+      - name: Run Lil Bonk (auto-review)
         uses: ask-bonk/ask-bonk/github@main
         env:
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_AI_GATEWAY_ACCOUNT_ID }}
@@ -119,7 +144,7 @@ jobs:
           permissions: CODEOWNERS
           token_permissions: NO_PUSH
           prompt: |
-            Triage this pull request. Review the title, description, and diff.
+            Review this pull request. Review the title, description, and diff.
             Apply appropriate labels, summarize what the PR changes, and flag
             any issues that need attention from a maintainer (e.g. missing
             description, broken links, incorrect frontmatter, style guide