1# Assign Reviewers — Smart team assignment based on diff weight
 2#
 3# Triggers on PR open and ready_for_review events. Checks out the coordinator
 4# repo (zed-industries/codeowner-coordinator) to access the assignment script and rules,
 5# then assigns the 1-2 most relevant teams as reviewers.
 6#
 7# NOTE: This file is stored in the codeowner-coordinator repo but must be deployed to
 8# the zed repo at .github/workflows/assign-reviewers.yml. See INSTALL.md.
 9#
10# AUTH NOTE: Uses a GitHub App (COORDINATOR_APP_ID + COORDINATOR_APP_PRIVATE_KEY)
11# for all API operations: cloning the private coordinator repo, requesting team
12# reviewers, and setting PR assignees. GITHUB_TOKEN is not used.
13
14name: Assign Reviewers
15
16on:
17  pull_request:
18    types: [opened, ready_for_review]
19
20# GITHUB_TOKEN is not used — all operations use the GitHub App token.
21# Declare minimal permissions so the default token has no write access.
22permissions: {}
23
24# Only run for PRs from within the org (not forks) — fork PRs don't have
25# write access to request team reviewers.
26jobs:
27  assign-reviewers:
28    if: >-
29      github.event.pull_request.head.repo.full_name == github.repository &&
30      github.event.pull_request.draft == false &&
31      contains(fromJSON('["MEMBER", "OWNER"]'), github.event.pull_request.author_association)
32    runs-on: ubuntu-latest
33    steps:
34      - name: Generate app token
35        id: app-token
36        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf  # v2.2.1
37        with:
38          app-id: ${{ vars.COORDINATOR_APP_ID }}
39          private-key: ${{ secrets.COORDINATOR_APP_PRIVATE_KEY }}
40          repositories: codeowner-coordinator,zed
41
42      - name: Checkout coordinator repo
43        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4.3.1
44        with:
45          repository: zed-industries/codeowner-coordinator
46          ref: main
47          path: codeowner-coordinator
48          token: ${{ steps.app-token.outputs.token }}
49          persist-credentials: false
50
51      - name: Setup Python
52        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5.6.0
53        with:
54          python-version: "3.11"
55
56      - name: Install dependencies
57        run: pip install pyyaml==6.0.3
58
59      - name: Assign reviewers
60        env:
61          GH_TOKEN: ${{ steps.app-token.outputs.token }}
62          PR_URL: ${{ github.event.pull_request.html_url }}
63          TARGET_REPO: ${{ github.repository }}
64        run: |
65          cd codeowner-coordinator
66          python .github/scripts/assign-reviewers.py \
67            --pr "$PR_URL" \
68            --apply \
69            --rules-file team-membership-rules.yml \
70            --repo "$TARGET_REPO" \
71            --org zed-industries \
72            --min-association member \
73            2>&1 | tee /tmp/assign-reviewers-output.txt
74
75      - name: Upload output
76        if: always()
77        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
78        with:
79          name: assign-reviewers-output
80          path: /tmp/assign-reviewers-output.txt
81          retention-days: 30