Conversation
Micky774
requested review from
ipanfilo,
wangye805 and
wenchenvincent
as code owners
Micky774
changed the title
Micky774
changed the title
|
|
||
| case "$EVENT_NAME" in | ||
| pull_request_target) | ||
| case "$LABEL_NAME" in |
There was a problem hiding this comment.
Can you remind me if the labels could only be added by those who has write permissions to the repo?
There was a problem hiding this comment.
Only those w/ triage perm or higher
| echo "No matching action; nothing to do." | ||
| exit 0 | ||
| fi | ||
|
|
There was a problem hiding this comment.
Let's also check if the PR number is empty or not:
if [[ -z "$pr" ]]; then
echo "::error::pr_number is required" >&2
exit 1
fi
| echo "base=$base" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: React to comment (acknowledge) | ||
| if: steps.resolve.outputs.action != '' && github.event_name == 'issue_comment' |
There was a problem hiding this comment.
Let's add the response if the action is neither "review" or "summary" so that the user knows what to do if they mistakenly use other commands.
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| # Same token is exposed to the model's `gh` subprocess so it can | ||
| # comment on the PR. Mirrors the `github_token:` input below. | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Do we need another github secret?
There was a problem hiding this comment.
No this is automatically provided to the runner
|
Isn't using OIDC a recommended way? |
Yes, however it requires the issuance of an elevated PAT w/ write contents permissions, which is difficult to obtain. |
3 participants
Description
Updated to consolidate actions into a single workflow, and revised strategy to bypass OIDC exchange, losing official claude bot attribution (posts will be made by a generic GH bot), but bypassing the need for a token w/ elevated permissions.
Fixes # (issue)
Type of change
Changes
Please list the changes introduced in this PR:
Checklist: