-
Notifications
You must be signed in to change notification settings - Fork 5.8k
28 lines (26 loc) · 1.1 KB
/
pr-review.yml
File metadata and controls
28 lines (26 loc) · 1.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
name: PR Review
on:
issue_comment:
types: [ created ]
workflow_run:
workflows: [ "PR Review - Trigger" ]
types: [ completed ]
permissions:
contents: read # Required at top-level to give `issue_comment` events access to the secrets below.
jobs:
review:
if: |
github.event_name == 'issue_comment' ||
github.event.workflow_run.conclusion == 'success'
uses: docker/cagent-action/.github/workflows/review-pr.yml@2369328cd25777eb0a4ff959a399b6d1a5204fc7 # v1.4.4
# Scoped to the job so other jobs in this workflow aren't over-permissioned
permissions:
contents: read # Read repository files and PR diffs
pull-requests: write # Post review comments
issues: write # Create security incident issues if secrets detected
checks: write # (Optional) Show review progress as a check run
id-token: write # Required for OIDC authentication to AWS Secrets Manager
actions: read # Download artifacts from trigger workflow
with:
trigger-run-id: ${{ github.event_name == 'workflow_run' && format('{0}',
github.event.workflow_run.id) || '' }}