gha: Add docker cagent PR reviewer workflows#7014
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
| review: | ||
| if: | | ||
| (github.event_name == 'issue_comment' && | ||
| github.event.comment.user.login != 'docker-agent' && | ||
| github.event.comment.user.login != 'docker-agent[bot]' && | ||
| github.event.comment.user.type != 'Bot' && | ||
| !contains(github.event.comment.body, '<!-- cagent-review -->') && | ||
| !contains(github.event.comment.body, '<!-- cagent-review-reply -->')) || | ||
| github.event.workflow_run.conclusion == 'success' | ||
| uses: docker/cagent-action/.github/workflows/review-pr.yml@3f5dc9969f307d3c76acb7e9ccaefdd96bd62f4b # v1.5.4 |
There was a problem hiding this comment.
Makes me wonder if these kind of conditions could be handled by the action itself, but I guess that's a chicken and egg case (action would always run, but then to find it didn't have to run) 🤔
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
LGTM
do we need someone else to give it a second glance?
|
Perhaps @crazy-max wants to take a look? |
|
Hmm don't we have zizmor check here? I see it complains about it on moby; moby/moby#52727 (comment) |
|
No, don't think we have it here (we should add it though) |
| issues: write # Create security incident issues if secrets detected | ||
| checks: write # (Optional) Show review progress as a check run | ||
| id-token: write # Required for OIDC authentication to AWS Secrets Manager | ||
| actions: read # Download artifacts from trigger workflow |
There was a problem hiding this comment.
only necessary on private repo but doesn't hurt to keep it
Yes would be nice to have zizmor setup here, I'm not yet sure of the impact, specially Edit: Ah didn't read moby/moby#52727 (comment) but yeah this is by design |
4 participants
Based on https://github.com/docker/cagent-action/blob/main/review-pr/README.md