update cagent-action to latest (with better permissions) #1832
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Review | |
| on: | |
| issue_comment: # Enables /review command in PR comments | |
| types: [created] | |
| pull_request_review_comment: # Captures feedback on review comments for learning | |
| types: [created] | |
| pull_request: # Triggers auto-review on PR open (same-repo branches only; fork PRs use /review) | |
| types: [ready_for_review, opened] | |
| permissions: | |
| contents: read # Required at top-level to give `issue_comment` events access to the secrets below. | |
| jobs: | |
| review: | |
| uses: docker/cagent-action/.github/workflows/review-pr.yml@dba0ca51938c78afb363625363c50582243218d6 # v1.3.1 | |
| # Scoped to the job so other jobs in this workflow aren't over-permissioned | |
| permissions: | |
| contents: read # Read repository files and PR diffs | |
| pull-requests: write # Post review comments and approve/request changes | |
| issues: write # Create security incident issues if secrets are detected in output | |
| checks: write # (Optional) Show review progress as a check run on the PR | |
| secrets: | |
| ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} | |
| CAGENT_ORG_MEMBERSHIP_TOKEN: ${{ secrets.CAGENT_ORG_MEMBERSHIP_TOKEN }} # PAT with read:org scope; gates auto-reviews to org members only | |
| CAGENT_REVIEWER_APP_ID: ${{ secrets.CAGENT_REVIEWER_APP_ID }} # GitHub App ID; reviews appear as your app instead of github-actions[bot] | |
| CAGENT_REVIEWER_APP_PRIVATE_KEY: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }} # GitHub App private key; paired with App ID above |