docker-agent/.github/workflows/pr-review.yml at d7737631c9475092894a345e2db1937ed1d7200a · docker/docker-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
name: PR Review
on:
  issue_comment: # Enables /review command in PR comments
    types: [created]
  pull_request_review_comment: # Captures feedback on review comments for learning
    types: [created]
  pull_request: # Triggers auto-review on PR open (same-repo branches only; fork PRs use /review)
    types: [ready_for_review, opened]

permissions:
  contents: read # Required at top-level to give `issue_comment` events access to the secrets below.

jobs:
  review:
    uses: docker/cagent-action/.github/workflows/review-pr.yml@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1
    # Scoped to the job so other jobs in this workflow aren't over-permissioned
    permissions:
      contents: read # Read repository files and PR diffs
      pull-requests: write # Post review comments and approve/request changes
      issues: write # Create security incident issues if secrets are detected in output
      checks: write # (Optional) Show review progress as a check run on the PR
    secrets:
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
      CAGENT_ORG_MEMBERSHIP_TOKEN: ${{ secrets.CAGENT_ORG_MEMBERSHIP_TOKEN }} # PAT with read:org scope; gates auto-reviews to org members only
      CAGENT_REVIEWER_APP_ID: ${{ secrets.CAGENT_REVIEWER_APP_ID }} # GitHub App ID; reviews appear as your app instead of github-actions[bot]
      CAGENT_REVIEWER_APP_PRIVATE_KEY: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }} # GitHub App private key; paired with App ID above