Conversation
Signed-off-by: Derek Misler <derek.misler@docker.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 85814c892f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| jobs: | ||
| review: | ||
| uses: docker/cagent-action/.github/workflows/review-pr.yml@latest |
There was a problem hiding this comment.
Calling docker/cagent-action/.github/workflows/review-pr.yml@latest makes execution depend on a mutable upstream ref, so future tag moves can silently change behavior or run compromised code while this job has write permissions and receives ANTHROPIC_API_KEY and app private key secrets. Pinning to a commit SHA (or tightly controlled immutable release ref) is needed to prevent supply-chain drift and secret-handling risk introduced by this workflow.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
i'll leave that up to you all. other teams are cool with using @latest, so they can easily stay up-to-date, but I'm fine with a hash instead
There was a problem hiding this comment.
The latest (immutable) tag is v1.1.8, if you'd prefer. Otherwise I can include the hash (pinata requires it, for example)
| issue_comment: # Enables /review command in PR comments | ||
| types: [created] |
There was a problem hiding this comment.
issue_comment events are emitted for both issues and pull requests, but this workflow unconditionally dispatches the review job, so ordinary issue comments can trigger the reviewer path without PR context. In repos where non-PR issue comments are common, this causes unnecessary runs (and unnecessary secret-bearing executions) and can produce failures/noise if the called workflow expects a PR payload; add an if: github.event.issue.pull_request guard for this path.
Useful? React with 👍 / 👎.
1 participant
What I did
Added an automated PR review workflow powered by the shared
docker/cagent-actionreusable workflow. This enables AI-assisted code review on every new or ready-for-review PR, as well as on-demand via/reviewin PR comments. The workflow feeds the repo'sCLAUDE.mdas additional context so reviews are informed by project-specific conventions.Key details:
pull_request_targetso secrets are available even for fork PRssecrets: inheritdocker-agentidentity (not the genericgithub-actions[bot])CAGENT_ORG_MEMBERSHIP_TOKENRelated issue
Closes https://github.com/docker/gordon/issues/132
(not mandatory) A picture of a cute animal, if possible in relation to what you did