Merge branch 'main' into auto-cherry-pick

Raj-StepSecurity · web-flow · commit 25a04403f261 · 2025-10-17T10:35:33.000+05:30
diff --git a/.github/workflows/auto_cherry_pick.yml b/.github/workflows/auto_cherry_pick.yml
@@ -15,6 +15,8 @@ on:
         description: "Specify a script to run after audit fix"
         required: false
         default: "yarn run all"
+  pull_request:
+    types: [opened, synchronize, labeled]
 
 permissions:
   contents: write
@@ -24,10 +26,12 @@ permissions:
 
 jobs:
   cherry-pick:
+    if: github.event_name == 'workflow_dispatch' || contains(fromJson(toJson(github.event.pull_request.labels)).*.name, 'review-required')
     uses: step-security/reusable-workflows/.github/workflows/auto_cherry_pick.yaml@v1
     with:
       original-owner: "crazy-max"
       repo-name: "ghaction-setup-docker"
       base_branch: ${{ inputs.base_branch }}
       package_manager: "yarn"
       script: ${{ inputs.script || 'yarn run all' }}
+      mode: ${{ github.event_name == 'pull_request' && 'verify' || inputs.mode }}
diff --git a/.github/workflows/claude_review.yml b/.github/workflows/claude_review.yml
@@ -0,0 +1,18 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, labeled]
+
+jobs:
+  code-review:
+      uses: step-security/reusable-workflows/.github/workflows/claude_review.yml@v1
+      secrets:
+        anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+      
+permissions:
+  contents: read
+  pull-requests: write
+  packages: read
+  issues: write
+  id-token: write
