fix(ci): disable zizmor advanced security to unblock releases #65
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Review on Maintainer PRs | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - ready_for_review | |
| jobs: | |
| comment: | |
| # Only run on PRs that are not drafts and are from the same repository (i.e., not from forks) | |
| if: github.event.pull_request.draft == false && github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - name: Check author permission and existing review request | |
| id: check | |
| uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 | |
| with: | |
| script: | | |
| const owner = context.repo.owner; | |
| const repo = context.repo.repo; | |
| const issue_number = context.payload.pull_request.number; | |
| const username = context.payload.pull_request.user.login; | |
| let permission = "none"; | |
| try { | |
| const { data } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner, | |
| repo, | |
| username, | |
| }); | |
| permission = data.permission; | |
| } catch (error) { | |
| if (error.status !== 404) { | |
| throw error; | |
| } | |
| } | |
| const canWrite = ["write", "admin"].includes(permission); | |
| const comments = await github.paginate(github.rest.issues.listComments, { | |
| owner, | |
| repo, | |
| issue_number, | |
| per_page: 100, | |
| }); | |
| const hasReviewRequest = comments.some( | |
| (comment) => comment.body?.trim() === "@claude review", | |
| ); | |
| core.info( | |
| `PR #${issue_number} by ${username}: permission=${permission}, hasReviewRequest=${hasReviewRequest}`, | |
| ); | |
| core.setOutput("should_comment", canWrite && !hasReviewRequest ? "true" : "false"); | |
| - name: Add Claude review comment | |
| if: steps.check.outputs.should_comment == 'true' | |
| uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 | |
| with: | |
| script: | | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.pull_request.number, | |
| body: "@claude review", | |
| }); |