From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sat, 8 Nov 2025 13:35:15 +0000 (+0000)
Subject: [Project] Restrict code review workflow to authorized maintainers
X-Git-Tag: 3.14.0~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25f69de852736721fd948648a47bc2b2d70e8a8f;p=thirdparty%2Frspamd.git

[Project] Restrict code review workflow to authorized maintainers

Limit '@droid review' trigger to only vstakhov, moisseev, and fatalbanana
to prevent unauthorized users from triggering expensive code review runs.
---

diff --git a/.github/workflows/droid-code-review.yml b/.github/workflows/droid-code-review.yml
index f59797e96d..93d7833d74 100644
--- a/.github/workflows/droid-code-review.yml
+++ b/.github/workflows/droid-code-review.yml
@@ -17,10 +17,15 @@ jobs:
   code-review:
     runs-on: ubuntu-latest
     timeout-minutes: 20
-    # Only run on PR comments that contain "@droid review"
+    # Only run on PR comments that contain "@droid review" from authorized users
     if: |
       github.event.issue.pull_request &&
-      contains(github.event.comment.body, '@droid review')
+      contains(github.event.comment.body, '@droid review') &&
+      (
+        github.event.comment.user.login == 'vstakhov' ||
+        github.event.comment.user.login == 'moisseev' ||
+        github.event.comment.user.login == 'fatalbanana'
+      )
 
     steps:
       - name: Checkout repository