Generalized attachment system: pluggable Sources, per-alias capabilities, end-to-end MIME coverage #2487
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Review | |
| on: | |
| issue_comment: | |
| types: [created] | |
| workflow_run: | |
| workflows: ["PR Review - Trigger"] | |
| types: [completed] | |
| permissions: | |
| contents: read # Required at top-level to give `issue_comment` events access to the secrets below. | |
| jobs: | |
| review: | |
| if: | | |
| github.event_name == 'issue_comment' || | |
| github.event.workflow_run.conclusion == 'success' | |
| uses: docker/cagent-action/.github/workflows/review-pr.yml@ec4865576952df6285652f2cf8ffb4ad45ff5f80 # v1.4.3 | |
| # Scoped to the job so other jobs in this workflow aren't over-permissioned | |
| permissions: | |
| contents: read # Read repository files and PR diffs | |
| pull-requests: write # Post review comments | |
| issues: write # Create security incident issues if secrets detected | |
| checks: write # (Optional) Show review progress as a check run | |
| id-token: write # Required for OIDC authentication to AWS Secrets Manager | |
| actions: read # Download artifacts from trigger workflow | |
| with: | |
| trigger-run-id: ${{ github.event_name == 'workflow_run' && format('{0}', github.event.workflow_run.id) || '' }} | |