Assign reviewers per-user instead of pre-filtering by collaborator API

Replaces the upfront `gh api repos/X/collaborators/Y` filter with
per-user `gh pr edit --add-reviewer` attempts. Routes GitHub's own
rejection (422) into the mention list instead of relying on our
filter to pre-compute the split.

Why: on PR #759 the collaborator check returned 404 for Stacklok
employees who ARE collaborators via the `stackers` team (push
permission on docs-website) -- `ChrisJBurns`, `jhrozek`, `reyortiz3`,
`tgrunnagle`. Only `rdimitrov` passed, so four reviewers silently
vanished. A local check with a PAT that has read:org confirms all
five are collaborators; the discrepancy appears to be GITHUB_TOKEN
treating team-based access differently at the collaborator endpoint,
though we haven't pinned the exact rule.

The authoritative answer is "will GitHub accept this person as a
reviewer right now" -- asking that question directly (via the
add-reviewer API) avoids the filter being wrong. Each attempt is
independent, so one rejection doesn't kill the batch.

The separate "Add reviewers" step is now redundant -- assignments
happen inline during candidate iteration. Dropped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: rdimitrov

.github/workflows/upstream-release-docs.yml

@@ -391,13 +391,14 @@ jobs:
         id: pre_skill
         run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
 
-      - name: Extract reviewers and contributors from release compare
+      - name: Assign reviewers and prepare contributor mentions
         id: reviewers
         env:
           REPO: ${{ steps.detect.outputs.repo }}
           PREV: ${{ steps.detect.outputs.prev_tag }}
           NEW: ${{ steps.detect.outputs.new_tag }}
           REVIEW_REPO: ${{ github.repository }}
+          PR_NUMBER: ${{ steps.eff.outputs.number }}
         run: |
           # Get non-bot commit authors in the release range.
           if COMPARE=$(gh api "repos/$REPO/compare/$PREV...$NEW" \
@@ -412,43 +413,53 @@ jobs:
           CANDIDATES=$(echo "$COMPARE" |
             grep -Ev '(\[bot\]$|^github-actions|^stacklokbot$|^dependabot|^renovate|^copilot)' || true)
 
-          # Split candidates into two groups:
-          #   - ASSIGN_LIST: collaborators on this repo -- safe to pass
-          #     to `gh pr edit --add-reviewer`. GitHub rejects the
-          #     entire call with 422 if any name in the list isn't a
-          #     collaborator, so the filter is mandatory to avoid
-          #     dropping valid reviewers alongside invalid ones.
-          #   - MENTION_LIST: everyone else. Upstream contributors
-          #     (often Stacklok employees with private org membership
-          #     we can't detect via GITHUB_TOKEN, which lacks
-          #     read:org) still deserve a ping so they see the PR
-          #     documenting their work. @-mentioning in the PR body
-          #     handles that without needing reviewer-assignment
-          #     rights.
-          # Future: a PAT with read:org could let us also check
-          # membership in the `stackers` team and promote those to
-          # ASSIGN_LIST. Deferred -- not wiring a secret in now.
+          # Attempt to assign each candidate as a reviewer individually,
+          # rather than filtering upfront and batching. Rationale:
+          #   - `gh pr edit --add-reviewer "a,b,c"` is atomic. A single
+          #     422 on any name aborts the whole call, dropping valid
+          #     names alongside invalid ones.
+          #   - `gh api repos/X/collaborators/Y` as a pre-filter is
+          #     unreliable from a GITHUB_TOKEN in Actions: on PR #759
+          #     the check returned 404 for Stacklok employees who ARE
+          #     collaborators via the `stackers` team (push perm on
+          #     this repo), and only `rdimitrov` slipped through. We
+          #     suspect the collaborator endpoint treats team-based
+          #     access differently for GITHUB_TOKEN vs PATs with
+          #     read:org, but haven't nailed down the exact rule.
+          # Per-user attempts sidestep both issues: the authoritative
+          # answer is "does GitHub accept this as a reviewer right now"
+          # and we ask the API that question directly.
+          #
+          # Cap attempts at 5 to avoid review fatigue on big releases.
+          TRIED=0
           ASSIGN_LIST=""
           MENTION_LIST=""
           while IFS= read -r login; do
             [ -z "$login" ] && continue
-            if gh api "repos/$REVIEW_REPO/collaborators/$login" --silent 2>/dev/null; then
+            if [ "$TRIED" -ge 5 ]; then
+              # Over the review-fatigue cap -- mention any additional
+              # contributors instead of trying to assign them.
+              MENTION_LIST="${MENTION_LIST:+$MENTION_LIST }@$login"
+              continue
+            fi
+            TRIED=$((TRIED + 1))
+            if gh pr edit "$PR_NUMBER" --add-reviewer "$login" 2>/dev/null; then
               ASSIGN_LIST="${ASSIGN_LIST:+$ASSIGN_LIST,}$login"
+              echo "Assigned: $login"
             else
               MENTION_LIST="${MENTION_LIST:+$MENTION_LIST }@$login"
+              echo "Mention (assignment rejected by GitHub): $login"
             fi
           done <<< "$CANDIDATES"
 
-          # Cap auto-assignments at 5 to avoid review fatigue. Mentions
-          # aren't capped -- they're cheap and the block is a single
-          # PR-body notification.
-          ASSIGN_LIST=$(echo "$ASSIGN_LIST" | tr ',' '\n' | head -5 | paste -sd, -)
-
+          # Exposed for diagnostic visibility in the PR body (e.g.,
+          # "Auto-assigned: @alice @bob") and for the next workflow_
+          # dispatch retry to know what was attempted.
           echo "list=$ASSIGN_LIST" >> "$GITHUB_OUTPUT"
           {
             echo "mention_block<<MENTION_EOF"
             if [ -n "$MENTION_LIST" ]; then
-              echo "Release contributors who aren't collaborators on this repo and so couldn't be auto-assigned as reviewers. Mentioning them so they see the PR documenting their work:"
+              echo "Release contributors we couldn't auto-assign as reviewers (review fatigue cap or GitHub rejected the assignment). Mentioning them so they see the PR documenting their work:"
               echo ""
               echo "$MENTION_LIST"
             fi
@@ -896,13 +907,6 @@ jobs:
 
           gh pr edit "$PR_NUMBER" --body-file /tmp/pr-body.md
 
-      - name: Add reviewers
-        if: always() && steps.reviewers.outputs.list != ''
-        env:
-          PR_NUMBER: ${{ steps.eff.outputs.number }}
-          REVIEWERS: ${{ steps.reviewers.outputs.list }}
-        run: gh pr edit "$PR_NUMBER" --add-reviewer "$REVIEWERS"
-
       - name: Comment on augmentation failure
         # Runs only when a preceding step failed. Comments a retry
         # pointer on the PR so a human can see the run URL.