Skip to content

feat: implement new github app#27

Merged
derekmisler merged 1 commit intodocker:mainfrom
derekmisler:feature-implement-new-github-app
Feb 4, 2026
Merged

feat: implement new github app#27
derekmisler merged 1 commit intodocker:mainfrom
derekmisler:feature-implement-new-github-app

Conversation

@derekmisler
Copy link
Contributor

@derekmisler derekmisler commented Feb 3, 2026

Summary

Adds GitHub App integration to enable custom reviewer identity (comments/reviews appear as your app instead of github-actions[bot]), introduces a reusable PR review workflow for easier adoption, and improves API key handling with explicit validation and better security.

Changes

  • .github/workflows/review-pr.yml: New reusable workflow supporting auto-review for org members, manual /review triggers, and feedback learning
  • action.yml: Added GitHub App token generation, explicit API key validation (fails fast if none provided), API key masking, and quiet mode to suppress verbose tool output
  • review-pr/action.yml: Integrated GitHub App token support with fallback to github.token
  • .github/workflows/pr-describe.yml: Added GitHub App token generation for custom app identity in PR descriptions
  • .github/workflows/security-scan.yml: Added GitHub App token support for security issue creation
  • README.md: Updated documentation to clarify API key requirements, GitHub App setup, and new quiet input
  • review-pr/README.md: Comprehensive documentation for reusable workflow, GitHub App setup, and org-based auto-review

Breaking Changes

API Key Handling: API keys now require explicit inputs (e.g., anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}). Environment variable fallback (env.ANTHROPIC_API_KEY) has been removed. The action now validates at startup that at least one API key is provided and fails fast with a clear error message.

Migration: Update workflows to pass API keys as action inputs instead of environment variables:

# Before
env:
  ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

# After
with:
  anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

@derekmisler derekmisler self-assigned this Feb 3, 2026
@derekmisler
Copy link
Contributor Author

/describe

@github-actions
Copy link

github-actions bot commented Feb 3, 2026

✅ PR description has been generated and updated!

@derekmisler derekmisler force-pushed the feature-implement-new-github-app branch 3 times, most recently from dafec2d to 822ee32 Compare February 3, 2026 21:01
@derekmisler derekmisler marked this pull request as ready for review February 3, 2026 21:02
@derekmisler derekmisler requested a review from a team as a code owner February 3, 2026 21:02
@derekmisler derekmisler force-pushed the feature-implement-new-github-app branch 6 times, most recently from f617864 to ed90dd7 Compare February 3, 2026 22:00
@derekmisler derekmisler marked this pull request as draft February 4, 2026 03:09
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is almost entirely copied and pasted from the review workflow in cagent.

@derekmisler derekmisler force-pushed the feature-implement-new-github-app branch 3 times, most recently from 2a072f9 to 79d023e Compare February 4, 2026 17:31
…usable PR review workflow, and improves performance and reliability across the board
@derekmisler derekmisler force-pushed the feature-implement-new-github-app branch from 79d023e to 2424672 Compare February 4, 2026 17:34
@derekmisler derekmisler marked this pull request as ready for review February 4, 2026 17:36
@docker docker deleted a comment from github-actions bot Feb 4, 2026
@derekmisler
Copy link
Contributor Author

/describe

@docker docker deleted a comment from github-actions bot Feb 4, 2026
@github-actions
Copy link

github-actions bot commented Feb 4, 2026

✅ PR description has been generated and updated!

@derekmisler derekmisler merged commit 09ce7ca into docker:main Feb 4, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants