fix(ci): ajout du job de review-auto à chaque nouvelle branche

[maxgfr]

En pair avec @Viczei

fix #2790

[revu-bot]

Summary

This PR restructures the CI workflow triggers to enable automatic review deployments (review-auto.yaml) for all branches except master, renovate, and dependabot. The regular review workflow (review.yaml) is now limited to only dependabot branches.

Key Changes:

• review-auto.yaml: Changed from specific branch patterns (feat/**, fix/**, etc.) to all branches with exclusions
• review.yaml: Simplified to only trigger on dependabot/** branches
• CODEOWNERS: Reduced to single owner
• renovate.json: Deleted (Renovate disabled)

Critical Issues Found:

1. [CRITICAL] Potential infinite workflow triggers and resource exhaustion
2. [IMPORTANT] Missing branch protection for critical infrastructure paths

The workflow trigger changes could lead to significant CI/CD resource consumption and need careful consideration of edge cases.

[revu-bot]

[IMPORTANT] Missing default code owner pattern

Why this matters:

• The line @gary-van-woerkens without a path pattern is invalid CODEOWNERS syntax
• This should either specify a path pattern (like * for all files) or be removed
• Without proper syntax, this line will be ignored and provide no protection

Current behavior:
This line is likely being ignored by GitHub, meaning no default code owner is set.

Recommended fix:

Suggested change

	.kontinuous/ @socialgouv/sre
	@pom421 @gary-van-woerkens @lsagetlethias
	@gary-van-woerkens
	* @gary-van-woerkens

This sets @gary-van-woerkens as the default owner for all files not matched by more specific patterns above.

[Copilot]

Pull request overview

This PR restructures the GitHub Actions workflow trigger patterns to make the review-auto workflow run on all new branches (except dependency management and master branches), while restricting the review workflow to only dependabot branches. The changes also remove the disabled renovate configuration and update the code owners list.

Changes:

• Modified workflow triggers to make review-auto.yaml run on all branches except renovate/, dependabot/, and master
• Restricted review.yaml to only trigger on dependabot/** branches
• Removed the disabled renovate.json configuration file
• Updated CODEOWNERS to remove @pom421 and @lsagetlethias, keeping only @gary-van-woerkens

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/review.yaml	Restricts workflow to only run on dependabot/** branches instead of all branches with specific exclusions
.github/workflows/review-auto.yaml	Expands workflow to run on all branches except renovate/, dependabot/, and master
.github/renovate.json	Removes the disabled renovate configuration file
.github/CODEOWNERS	Reduces code owners list to single reviewer

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The review.yaml workflow has been significantly restricted to only run on dependabot/** branches. This means that branches that were previously triggering this workflow (all branches except master, feat/, feature/, fix/, hotfix/, /review/) will no longer trigger it.

If the intent is to have review-auto.yaml handle all regular branches and review.yaml handle only dependabot branches, this is correct. However, this represents a major behavioral change that should be confirmed. The key difference is that review.yaml uses the "build-review" environment while review-auto.yaml uses "build-review-auto" environment, which may have different configurations or permissions.

[Copilot]

The renovate.json configuration file is being removed (it was already disabled), but review-auto.yaml now excludes "renovate/**" branches. While this exclusion is harmless and defensive, it may be unnecessary since renovate is not configured. Consider whether this exclusion should remain for future-proofing or be removed for clarity since renovate is not in use.

Suggested change

- "!renovate/**"