fix(review-checklist): re-request dismissed reviewer on fixup push #376
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Review Checklist | |
| # Posts a per-area sign-off checklist on every PR and auto-checks each item | |
| # when one of that area's designated owners submits an approval. | |
| # | |
| # Reviewer lists are derived entirely from .github/CODEOWNERS — no duplication. | |
| # To add an area or change owners, edit only CODEOWNERS. | |
| # | |
| # Uses pull_request_target so the workflow runs with the base repo's full token | |
| # even for fork PRs. The checkout and script execution always use the base | |
| # branch (develop), never the fork's code — this is the safe posture for | |
| # pull_request_target. | |
| # | |
| # Approval boxes are also updated immediately when a review is submitted, via | |
| # a two-workflow pattern: review-checklist-gather.yml fires on pull_request_review | |
| # (read-only token) and this workflow fires on its completion via workflow_run | |
| # (full write token, no fork approval gate). Requires the repo setting | |
| # "Fork pull request workflows from outside collaborators" to be | |
| # "Require approval for first-time contributors". | |
| on: | |
| # zizmor: ignore[pull-request-target] | |
| # Safe: checkout has no ref: override so the base branch (develop) is always | |
| # used — the fork's code is never checked out or executed. | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, ready_for_review, review_requested, review_request_removed] | |
| branches: [develop] | |
| workflow_run: | |
| workflows: ["Review Checklist (gather)"] | |
| types: [completed] | |
| concurrency: | |
| group: review-checklist-${{ github.event.pull_request.number || github.event.workflow_run.head_sha }} | |
| cancel-in-progress: true | |
| permissions: | |
| pull-requests: write | |
| issues: write | |
| contents: read | |
| jobs: | |
| checklist: | |
| runs-on: ubuntu-latest | |
| if: > | |
| (github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == 'develop') || | |
| (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') | |
| steps: | |
| - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| retries: 3 | |
| retry-exempt-status-codes: 400,403,404,422 | |
| script: | | |
| const run = require('./.github/scripts/review-checklist.js'); | |
| await run({ github, context, core }); |