mingyen066 opened a new pull request, #22388: URL: https://github.com/apache/kafka/pull/22388
Workflows triggered by `pull_request_review` on first-time contributors' fork PRs are gated behind manual approval (`action_required`). This makes the auto-appended `Reviewers:` trailer unreliable for exactly the PRs that need the most reviewer attention — first-time contributions sitting in the queue. The `issue_comment` event is not in GitHub's approval-gated list and always executes the workflow from the base repo's default branch, so it carries the same security properties as `pull_request_target` / `workflow_run` (no fork code ever runs) while triggering immediately. Changes: * New `.github/workflows/pr-comment-trailer.yml`: on every PR comment (skipping bots and the PR author), runs the existing `pr-format.py` with `REVIEWER_LOGIN` set to the commenter, so the trailer is appended via the same code path as today. * `.github/workflows/pr-reviewed.yml`: removes the `Save Reviewer Login` step. The `pull_request_review` -> artifact -> `workflow_run` chain still runs the PR linter on review submissions; it just no longer attempts the trailer append (which was gated and unreliable). Trade-off worth flagging during review: a `pull_request_review` submission alone no longer auto-appends the reviewer. Reviewers who want to be credited must leave a top-level comment (or the customary "LGTM" / approval message) in the conversation. Inline-only reviews will not trigger the append. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
