fix: update broken ChatGPT-CodeReview action SHA (v1.0.23)

[Copilot]

Summary

• Problem: code-review-gpt.yml pinned anc95/ChatGPT-CodeReview@74683225bf06d9a3c56f7733a5a71e2929ba2f2c — a SHA that does not exist in the upstream repo, so every PR CI run failed at action download time.
• Why it matters: The GPT code review step was broken on every PR; CI red-blocked every review workflow run.
• What changed: Updated the pinned SHA to 1e3df152c1b85c12da580b206c91ad343460c584 (v1.0.23, latest release).
• What did NOT change: Workflow logic, permissions, trigger events, env var handling — all unchanged.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Related Arc: throttle self-drive and remove broken GPT review workflow #35

User-visible / Behavior Changes

GPT code review comments will now appear on PRs. Previously the step errored before running.

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

OPENAI_API_KEY is still passed via ${{ secrets.OPENAI_API_KEY }}. Workflow uses pull_request (not pull_request_target), so fork PRs cannot access secrets. No risk surface change.

Repro + Verification

Environment

• OS: GitHub Actions (ubuntu-latest)
• Runtime/container: N/A
• Model/provider: N/A
• Integration/channel (if any): GitHub Actions
• Relevant config (redacted): .github/workflows/code-review-gpt.yml

Steps

1. Open any PR against main
2. Observe the "Code Review (GPT)" workflow run

Expected

• Workflow succeeds; GPT review comment posted on PR

Actual (before fix)

• An action could not be found at the URI 'https://api.github.com/repos/anc95/ChatGPT-CodeReview/tarball/74683225bf06d9a3c56f7733a5a71e2929ba2f2c'

Evidence

• Failing test/log before + passing after

CI log from run 23375271299:

##[error]An action could not be found at the URI
'https://api.github.com/repos/anc95/ChatGPT-CodeReview/tarball/74683225bf06d9a3c56f7733a5a71e2929ba2f2c'

SHA 1e3df152c1b85c12da580b206c91ad343460c584 exists and corresponds to the v1.0.23 release tag.

Human Verification (required)

• Verified scenarios: Confirmed 74683225... SHA absent from anc95/ChatGPT-CodeReview; confirmed 1e3df152... is the HEAD commit of v1.0.23.
• Edge cases checked: action.yml at the new SHA is a valid node20 action entry point.
• What you did not verify: End-to-end GPT review comment quality (requires live OPENAI_API_KEY secret).

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: Delete or disable .github/workflows/code-review-gpt.yml
• Files/config to restore: .github/workflows/code-review-gpt.yml — revert SHA or remove file
• Known bad symptoms: Workflow fails at action download step

Risks and Mitigations

• Risk: New SHA introduces changed behavior in the third-party action (v1.0.22 → v1.0.23).
  • Mitigation: Only change is "optimize comment position" per upstream changelog; no breaking changes. SHA is pinned so the action code is immutable at runtime.

Original prompt

The fingerprint for the pr requests isn't working fix it idc what u do. Just don't leak api keys and security info thanks

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.