[Project] Restrict code review workflow to authorized maintainers

Limit '@droid review' trigger to only vstakhov, moisseev, and fatalbanana
to prevent unauthorized users from triggering expensive code review runs.

diff --git a/.github/workflows/droid-code-review.yml b/.github/workflows/droid-code-review.yml
index f59797e96de29ffe796f803cd0f9d2ce07f1b2d4..93d7833d74346ebf5a5bc44289ea1a712dfe9850 100644 (file)
--- a/.github/workflows/droid-code-review.yml
+++ b/.github/workflows/droid-code-review.yml
@@ -17,10 +17,15 @@ jobs:
   code-review:
     runs-on: ubuntu-latest
     timeout-minutes: 20
-    # Only run on PR comments that contain "@droid review"
+    # Only run on PR comments that contain "@droid review" from authorized users
     if: |
       github.event.issue.pull_request &&
-      contains(github.event.comment.body, '@droid review')
+      contains(github.event.comment.body, '@droid review') &&
+      (
+        github.event.comment.user.login == 'vstakhov' ||
+        github.event.comment.user.login == 'moisseev' ||
+        github.event.comment.user.login == 'fatalbanana'
+      )
 
     steps:
       - name: Checkout repository