Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions .github/workflows/opencode-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,38 @@ jobs:
# OpenCode posts its PR summary/session link via issues.createComment.
issues: write
steps:
- name: Check trigger user permissions
id: trigger-permission
env:
GH_TOKEN: ${{ github.token }}
TRIGGER_USER: ${{ github.actor }}
run: |
encoded_user=$(jq -nr --arg value "$TRIGGER_USER" '$value|@uri')
permission_error=$(mktemp)
if ! permission=$(gh api "repos/${GITHUB_REPOSITORY}/collaborators/${encoded_user}/permission" --jq '.permission' 2>"$permission_error"); then
echo "OpenCode permission lookup failed; treating ${TRIGGER_USER} as having no repository permission."
sed 's/^/gh api: /' "$permission_error"
permission="none"
fi
rm -f "$permission_error"
permission=${permission:-none}
echo "permission=${permission}" >> "$GITHUB_OUTPUT"

if [[ "$permission" == "admin" || "$permission" == "write" ]]; then
echo "can_review=true" >> "$GITHUB_OUTPUT"
else
echo "can_review=false" >> "$GITHUB_OUTPUT"
echo "Skipping OpenCode review because ${TRIGGER_USER} has ${permission} repository permission, not write/admin."
Comment on lines +41 to +45
fi

- name: Checkout repository
if: ${{ steps['trigger-permission'].outputs.can_review == 'true' }}
uses: actions/checkout@v7
with:
persist-credentials: false

- name: Run OpenCode review
if: ${{ steps['trigger-permission'].outputs.can_review == 'true' }}
uses: anomalyco/opencode/github@ed75ce9eccb6d97a4ee0f79d3db8cb33b47b0661
env:
GITHUB_TOKEN: ${{ github.token }}
Expand Down
Loading