From 163db4a8f30db2e0a56f8f4cf48fa3fb4f31e759 Mon Sep 17 00:00:00 2001 From: derekmisler <2684662+derekmisler@users.noreply.github.com> Date: Thu, 16 Apr 2026 14:36:37 -0400 Subject: [PATCH 1/2] chore: update cagent-action to v1.4.1 Signed-off-by: derekmisler <2684662+derekmisler@users.noreply.github.com> --- .github/workflows/pr-review.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml index 675f159f62..87a39ddda6 100644 --- a/.github/workflows/pr-review.yml +++ b/.github/workflows/pr-review.yml @@ -31,7 +31,7 @@ jobs: (github.event_name == 'pull_request_review_comment' && contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association))) && !endsWith(github.actor, '[bot]') - uses: docker/cagent-action/.github/workflows/review-pr.yml@3a12dbd0c6cd7dda3d4e05f24f0143c9701456de # v1.2.13 + uses: docker/cagent-action/.github/workflows/review-pr.yml@d98096f432f2aea5091c811852c4da804e60623a # v1.4.1 secrets: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} CAGENT_ORG_MEMBERSHIP_TOKEN: ${{ secrets.CAGENT_ORG_MEMBERSHIP_TOKEN }} @@ -42,3 +42,4 @@ jobs: pull-requests: write # to post review comments issues: write # to reply to issue/PR comments checks: write # to update check statuses + id-token: write # Required for OIDC authentication to AWS Secrets Manager From 5fcf059a2d71ddd0faa137cf68a9c4d8947976ae Mon Sep 17 00:00:00 2001 From: Derek Misler Date: Thu, 16 Apr 2026 16:13:30 -0400 Subject: [PATCH 2/2] Update pr-review.yml Signed-off-by: Derek Misler Signed-off-by: Derek Misler --- .github/workflows/pr-review.yml | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml index 87a39ddda6..fd31cbddb5 100644 --- a/.github/workflows/pr-review.yml +++ b/.github/workflows/pr-review.yml @@ -1,42 +1,16 @@ name: PR Review on: - pull_request_target: + pull_request: types: [opened, ready_for_review] issue_comment: types: [created] pull_request_review_comment: types: [created] -# Serialize reviews per PR; do not cancel in-progress runs -# so no review is silently dropped mid-execution. -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number }} - cancel-in-progress: false - jobs: review: - # Only run on the upstream repo (not forks) to prevent credential leaks. - # Skip draft PRs (ready_for_review will fire when promoted). - # Skip bot actors to avoid reviewing Dependabot and automation PRs. - # Require collaborator-level access for comment-triggered events. - # Only trigger on PR comments, not plain issue comments. - if: >- - github.repository == 'docker/compose' && - (github.event_name != 'pull_request_target' || github.event.pull_request.draft == false) && - (github.event_name == 'pull_request_target' || - (github.event_name == 'issue_comment' && - github.event.issue.pull_request && - contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || - (github.event_name == 'pull_request_review_comment' && - contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association))) && - !endsWith(github.actor, '[bot]') uses: docker/cagent-action/.github/workflows/review-pr.yml@d98096f432f2aea5091c811852c4da804e60623a # v1.4.1 - secrets: - ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - CAGENT_ORG_MEMBERSHIP_TOKEN: ${{ secrets.CAGENT_ORG_MEMBERSHIP_TOKEN }} - CAGENT_REVIEWER_APP_ID: ${{ secrets.CAGENT_REVIEWER_APP_ID }} - CAGENT_REVIEWER_APP_PRIVATE_KEY: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }} permissions: contents: read # to fetch code pull-requests: write # to post review comments