55 types : [created]
66 pull_request_review_comment :
77 types : [created]
8+ # Auto-trigger when PR becomes ready for review (supports forks)
9+ pull_request_target :
10+ types : [ready_for_review, opened]
811
912permissions :
1013 contents : read
@@ -13,7 +16,69 @@ permissions:
1316
1417jobs :
1518 # ==========================================================================
16- # MAIN REVIEW PIPELINE
19+ # AUTOMATIC REVIEW FOR DOCKER EMPLOYEES
20+ # Triggers when a PR is marked ready for review or opened (non-draft)
21+ # Only runs for Docker org members (supports fork-based workflow)
22+ # ==========================================================================
23+ auto-review :
24+ if : |
25+ github.event_name == 'pull_request_target' &&
26+ !github.event.pull_request.draft
27+ runs-on : ubuntu-latest
28+
29+ steps :
30+ - name : Check if PR author is Docker org member
31+ id : membership
32+ uses : actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
33+ with :
34+ github-token : ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
35+ script : |
36+ const org = 'docker';
37+ const username = context.payload.pull_request.user.login;
38+
39+ try {
40+ await github.rest.orgs.checkMembershipForUser({
41+ org: org,
42+ username: username
43+ });
44+ core.setOutput('is_member', 'true');
45+ console.log(`✅ ${username} is a Docker org member - proceeding with auto-review`);
46+ } catch (error) {
47+ if (error.status === 404 || error.status === 302) {
48+ core.setOutput('is_member', 'false');
49+ console.log(`⏭️ ${username} is not a Docker org member - skipping auto-review`);
50+ } else if (error.status === 401) {
51+ core.setFailed(
52+ '❌ ORG_MEMBERSHIP_TOKEN secret is missing or invalid.\n\n' +
53+ 'This secret is required to check Docker org membership for auto-reviews.\n\n' +
54+ 'To fix this:\n' +
55+ '1. Create a classic PAT with read:org scope at https://github.com/settings/tokens/new\n' +
56+ '2. Add it as a repository secret named ORG_MEMBERSHIP_TOKEN:\n' +
57+ ' gh secret set ORG_MEMBERSHIP_TOKEN --repo docker/cagent'
58+ );
59+ } else {
60+ core.setFailed(`Failed to check org membership: ${error.message}`);
61+ }
62+ }
63+
64+ # Safe to checkout PR head because review-pr only READS files (no code execution)
65+ - name : Checkout PR head
66+ if : steps.membership.outputs.is_member == 'true'
67+ uses : actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
68+ with :
69+ fetch-depth : 0
70+ ref : ${{ github.event.pull_request.head.sha }}
71+
72+ - name : Run PR Review Team
73+ if : steps.membership.outputs.is_member == 'true'
74+ uses : docker/cagent-action/review-pr@latest
75+ with :
76+ anthropic-api-key : ${{ secrets.ANTHROPIC_API_KEY }}
77+ pr-number : ${{ github.event.pull_request.number }}
78+
79+ # ==========================================================================
80+ # MANUAL REVIEW PIPELINE
81+ # Triggers when someone comments /review on a PR
1782 # ==========================================================================
1883 run-review :
1984 if : github.event.issue.pull_request && contains(github.event.comment.body, '/review')
@@ -31,12 +96,13 @@ jobs:
3196 anthropic-api-key : ${{ secrets.ANTHROPIC_API_KEY }}
3297
3398 # ==========================================================================
34- # LEARN FROM FEEDBACK - Process replies to agent review comments
99+ # LEARN FROM FEEDBACK
100+ # Processes replies to agent review comments for continuous improvement
35101 # ==========================================================================
36102 learn-from-feedback :
37- # Triggers when someone REPLIES to a review comment (for learning from feedback)
38103 if : github.event_name == 'pull_request_review_comment' && github.event.comment.in_reply_to_id
39104 runs-on : ubuntu-latest
105+
40106 steps :
41107 - name : Checkout repository
42108 uses : actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
0 commit comments