fix(workflows): skip mirrobot jobs without app secrets

.github/workflows/bot-reply.yml

@@ -8,6 +8,8 @@ jobs:
   continuous-reply:
     # Skip if comment author is a bot (workflow will show as "skipped")
     if: |
+      secrets.BOT_APP_ID != '' &&
+      secrets.BOT_PRIVATE_KEY != '' &&
       github.event.comment.user.login != 'mirrobot' &&
       github.event.comment.user.login != 'mirrobot-agent' &&
       github.event.comment.user.login != 'mirrobot-agent[bot]' &&
@@ -635,4 +637,4 @@ jobs:
               LAST_REVIEWED_SHA=""
             fi
             VARS='$THREAD_CONTEXT $NEW_COMMENT_AUTHOR $NEW_COMMENT_BODY $THREAD_NUMBER $GITHUB_REPOSITORY $THREAD_AUTHOR $PR_HEAD_SHA $IS_FIRST_REVIEW $FULL_DIFF_PATH $INCREMENTAL_DIFF_PATH $LAST_REVIEWED_SHA'
-            FULL_DIFF_PATH="$FULL_DIFF_PATH" INCREMENTAL_DIFF_PATH="$INCREMENTAL_DIFF_PATH" LAST_REVIEWED_SHA="$LAST_REVIEWED_SHA" envsubst "$VARS" < /tmp/bot-reply.md | opencode run --share -
+            FULL_DIFF_PATH="$FULL_DIFF_PATH" INCREMENTAL_DIFF_PATH="$INCREMENTAL_DIFF_PATH" LAST_REVIEWED_SHA="$LAST_REVIEWED_SHA" envsubst "$VARS" < /tmp/bot-reply.md | opencode run --share -

.github/workflows/compliance-check.yml

@@ -62,18 +62,22 @@ jobs:
     # Bot check is in the issue_comment branch - workflow shows "skipped" for bot comments
     # Note: workflow_run is NOT in this condition - the trigger exists but job skips unless other conditions match
     if: |
-      github.event_name == 'workflow_dispatch' ||
-      (github.event_name == 'pull_request_target' && 
-       (github.event.action == 'ready_for_review' ||
-        (github.event.action == 'labeled' && contains(github.event.label.name, 'ready-for-merge')))) ||
+      secrets.BOT_APP_ID != '' &&
+      secrets.BOT_PRIVATE_KEY != '' &&
       (
-        github.event_name == 'issue_comment' && 
-        github.event.issue.pull_request &&
-        github.event.comment.user.login != 'mirrobot' &&
-        github.event.comment.user.login != 'mirrobot-agent' &&
-        github.event.comment.user.login != 'mirrobot-agent[bot]' &&
-        (contains(github.event.comment.body, '/mirrobot-check') || 
-         contains(github.event.comment.body, '/mirrobot_check'))
+        github.event_name == 'workflow_dispatch' ||
+        (github.event_name == 'pull_request_target' && 
+         (github.event.action == 'ready_for_review' ||
+          (github.event.action == 'labeled' && contains(github.event.label.name, 'ready-for-merge')))) ||
+        (
+          github.event_name == 'issue_comment' && 
+          github.event.issue.pull_request &&
+          github.event.comment.user.login != 'mirrobot' &&
+          github.event.comment.user.login != 'mirrobot-agent' &&
+          github.event.comment.user.login != 'mirrobot-agent[bot]' &&
+          (contains(github.event.comment.body, '/mirrobot-check') || 
+           contains(github.event.comment.body, '/mirrobot_check'))
+        )
       )
     runs-on: ubuntu-latest
 

.github/workflows/issue-comment.yml

@@ -12,6 +12,7 @@ on:
 
 jobs:
   check-issue:
+    if: ${{ secrets.BOT_APP_ID != '' && secrets.BOT_PRIVATE_KEY != '' }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -154,4 +155,4 @@ jobs:
         run: |
             # Only substitute the variables we intend; leave example $vars and secrets intact
             VARS='${ISSUE_CONTEXT} ${ISSUE_NUMBER} ${ISSUE_AUTHOR}'
-            envsubst "$VARS" < /tmp/issue-comment.md | opencode run --share -
+            envsubst "$VARS" < /tmp/issue-comment.md | opencode run --share -

.github/workflows/pr-review.yml

@@ -20,17 +20,21 @@ jobs:
   review-pr:
     # Bot check is in the issue_comment branch - workflow shows "skipped" for bot comments
     if: |
-      github.event_name == 'workflow_dispatch' ||
-      (github.event.action == 'opened' && github.event.pull_request.draft == false) ||
-      github.event.action == 'ready_for_review' ||
-      (github.event.action == 'synchronize' && contains(github.event.pull_request.labels.*.name, 'Agent Monitored')) ||
+      secrets.BOT_APP_ID != '' &&
+      secrets.BOT_PRIVATE_KEY != '' &&
       (
-        github.event_name == 'issue_comment' &&
-        github.event.issue.pull_request &&
-        github.event.comment.user.login != 'mirrobot' &&
-        github.event.comment.user.login != 'mirrobot-agent' &&
-        github.event.comment.user.login != 'mirrobot-agent[bot]' &&
-        (contains(github.event.comment.body, '/mirrobot-review') || contains(github.event.comment.body, '/mirrobot_review'))
+        github.event_name == 'workflow_dispatch' ||
+        (github.event.action == 'opened' && github.event.pull_request.draft == false) ||
+        github.event.action == 'ready_for_review' ||
+        (github.event.action == 'synchronize' && contains(github.event.pull_request.labels.*.name, 'Agent Monitored')) ||
+        (
+          github.event_name == 'issue_comment' &&
+          github.event.issue.pull_request &&
+          github.event.comment.user.login != 'mirrobot' &&
+          github.event.comment.user.login != 'mirrobot-agent' &&
+          github.event.comment.user.login != 'mirrobot-agent[bot]' &&
+          (contains(github.event.comment.body, '/mirrobot-review') || contains(github.event.comment.body, '/mirrobot_review'))
+        )
       )
     runs-on: ubuntu-latest
     permissions:
@@ -793,4 +797,4 @@ jobs:
             fi
           else
             echo "Verification passed! No corrections needed."
-          fi
+          fi

.github/workflows/status-check-init.yml

@@ -6,6 +6,7 @@ on:
 
 jobs:
   init-status:
+    if: ${{ secrets.BOT_APP_ID != '' && secrets.BOT_PRIVATE_KEY != '' }}
     runs-on: ubuntu-latest
     permissions:
       statuses: write