diff --git a/.github/workflows/qwen-code-pr-review.yml b/.github/workflows/qwen-code-pr-review.yml index 4c307c2254..fa788e1265 100644 --- a/.github/workflows/qwen-code-pr-review.yml +++ b/.github/workflows/qwen-code-pr-review.yml @@ -68,6 +68,8 @@ jobs: pull-requests: 'read' issues: 'write' uses: './.github/workflows/qwen-pr-safety-precheck.yml' + secrets: + CI_BOT_PAT: '${{ secrets.CI_BOT_PAT }}' ack-review-request: # KEEP IN SYNC with review-pr.if (explicit-trigger branches). diff --git a/.github/workflows/qwen-pr-safety-precheck.yml b/.github/workflows/qwen-pr-safety-precheck.yml index 3e73b6b872..609bc89445 100644 --- a/.github/workflows/qwen-pr-safety-precheck.yml +++ b/.github/workflows/qwen-pr-safety-precheck.yml @@ -2,6 +2,9 @@ name: 'Qwen PR Safety Precheck' on: workflow_call: + secrets: + CI_BOT_PAT: + required: false outputs: decision: description: 'allow_triage or manual_required' @@ -70,7 +73,7 @@ jobs: - name: 'Upsert manual approval comment' if: "steps.assess.outputs.decision == 'manual_required'" env: - GH_TOKEN: '${{ github.token }}' + GH_TOKEN: '${{ secrets.CI_BOT_PAT || github.token }}' PR_NUMBER: '${{ github.event.pull_request.number }}' run: |- set -euo pipefail @@ -80,7 +83,7 @@ jobs: --method GET \ --paginate \ -F per_page=100 \ - | jq -sr '[.[][] | select(.body | contains("")) | select(.user.login == "github-actions[bot]")] | last | .id // empty' + | jq -sr '[.[][] | select(.body | contains("")) | select(.user.login == "github-actions[bot]" or .user.login == "qwen-code-ci-bot" or (.user.type == "Bot"))] | last | .id // empty' )" if [ -n "$existing_id" ]; then gh api \ @@ -97,7 +100,7 @@ jobs: - name: 'Clear manual approval comment' if: "steps.assess.outputs.decision == 'allow_triage'" env: - GH_TOKEN: '${{ github.token }}' + GH_TOKEN: '${{ secrets.CI_BOT_PAT || github.token }}' PR_NUMBER: '${{ github.event.pull_request.number }}' run: |- set -euo pipefail @@ -107,7 +110,7 @@ jobs: --method GET \ --paginate \ -F per_page=100 \ - | jq -sr '[.[][] | select(.body | contains("")) | select(.user.login == "github-actions[bot]")] | last | .id // empty' + | jq -sr '[.[][] | select(.body | contains("")) | select(.user.login == "github-actions[bot]" or .user.login == "qwen-code-ci-bot" or (.user.type == "Bot"))] | last | .id // empty' )" if [ -n "$existing_id" ]; then gh api \ diff --git a/.github/workflows/qwen-triage.yml b/.github/workflows/qwen-triage.yml index 4f3ad2a348..998ec39842 100644 --- a/.github/workflows/qwen-triage.yml +++ b/.github/workflows/qwen-triage.yml @@ -34,6 +34,8 @@ jobs: github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository uses: './.github/workflows/qwen-pr-safety-precheck.yml' + secrets: + CI_BOT_PAT: '${{ secrets.CI_BOT_PAT }}' authorize: needs: ['precheck-pr']