From 25f69de852736721fd948648a47bc2b2d70e8a8f Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sat, 8 Nov 2025 13:35:15 +0000
Subject: [PATCH] [Project] Restrict code review workflow to authorized
 maintainers

Limit '@droid review' trigger to only vstakhov, moisseev, and fatalbanana
to prevent unauthorized users from triggering expensive code review runs.
---
 .github/workflows/droid-code-review.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/droid-code-review.yml b/.github/workflows/droid-code-review.yml
index f59797e96d..93d7833d74 100644
--- a/.github/workflows/droid-code-review.yml
+++ b/.github/workflows/droid-code-review.yml
@@ -17,10 +17,15 @@ jobs:
   code-review:
     runs-on: ubuntu-latest
     timeout-minutes: 20
-    # Only run on PR comments that contain "@droid review"
+    # Only run on PR comments that contain "@droid review" from authorized users
     if: |
       github.event.issue.pull_request &&
-      contains(github.event.comment.body, '@droid review')
+      contains(github.event.comment.body, '@droid review') &&
+      (
+        github.event.comment.user.login == 'vstakhov' ||
+        github.event.comment.user.login == 'moisseev' ||
+        github.event.comment.user.login == 'fatalbanana'
+      )
 
     steps:
       - name: Checkout repository
-- 
2.47.3