sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity
Files
main
pulumi-docker-build/.github/workflows/shared/review.md
pulumi-provider-automation[bot] 9048892848 Update GitHub Actions workflows. (#851) 
This PR was triggered by @t0yv0 generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit
[daf8aba035d6ed8919db6089c780f56cb7fefc69](daf8aba035).

Co-authored-by: Pulumi Bot <bot@pulumi.com>
2026-05-12 06:35:37 +00:00

3.5 KiB
Raw Permalink Blame History

permissions, engine, steps, tools, safe-outputs
permissions engine steps tools safe-outputs
contents pull-requests id-token
read read write
id env
claude
ANTHROPIC_API_KEY
${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY || '__GH_AW_ACTIVATION_PLACEHOLDER__' }}
env id name uses
ESC_ACTION_ENVIRONMENT ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES ESC_ACTION_OIDC_AUTH ESC_ACTION_OIDC_ORGANIZATION ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE
imports/github-secrets false true pulumi urn:pulumi:token-type:access_token:organization
esc-secrets Fetch secrets from ESC pulumi/esc-action@6cf9520e68
name env run
Validate ESC secret output
ANTHROPIC_API_KEY_FROM_ESC
${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
test -n "$ANTHROPIC_API_KEY_FROM_ESC" || { echo "ESC did not return ANTHROPIC_API_KEY"; exit 1; }
cache-memory github
true
toolsets
pull_requests
repos
threat-detection create-pull-request-review-comment resolve-pull-request-review-thread submit-pull-request-review noop messages
false
max side target target-repo
12 RIGHT ${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }} ${{ github.repository }}
max target target-repo
12 ${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }} ${{ github.repository }}
max allowed-events target
1
APPROVE
REQUEST_CHANGES
COMMENT
${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}
max
1
footer run-started run-success run-failure
> Reviewed by [{workflow_name}]({run_url}) Started automated PR review for #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}. Finished automated PR review for #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}. Automated PR review failed for #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }} ({status}).

Review pull request #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }} in repository ${{ github.repository }}.

Workflow-specific rules:

  • Use ${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }} as the authoritative PR target.
  • Treat the imported review prompt as the source of the review procedure.
  • Use only gh-aw safe outputs for side effects:
    • create-pull-request-review-comment for actionable inline findings on changed lines
    • resolve-pull-request-review-thread for previously reported bot-authored threads that are now fixed or clearly acknowledged
    • submit-pull-request-review for the final review
    • noop when the PR is not reviewable or required context is missing
  • Submit exactly one final review:
    • REQUEST_CHANGES when at least one blocking issue exists.
    • APPROVE otherwise, including when only non-blocking observations exist.
    • Do not submit COMMENT as the final review state.
  • Do not post free-form issue comments outside safe outputs.
  • Respect the configured inline comment limit and prioritize the highest-signal unique findings.
  • Use cache-memory only as a best-effort continuity aid; live PR state and current review threads are authoritative.
  • Ignore discovery steps intended for runs without PR context.
View Git Blame Copy Permalink