Add renovate.json #31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude-Code When Mentioned | ||
| # Concurrency control to prevent multiple jobs running for the same PR/issue | ||
| concurrency: | ||
| group: claude-${{ github.event.pull_request.number || github.event.issue.number || 'manual' }} | ||
| cancel-in-progress: false | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| test_mode: | ||
| description: 'Test mode for debugging' | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| issue_comment: | ||
| types: [created] | ||
| pull_request_review_comment: | ||
| types: [created] | ||
| jobs: | ||
| # Security gate: Check if user is dotCMS organization member | ||
| security-check: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read # Allow repository checkout | ||
| metadata: read # Allow reading repository metadata | ||
| # Note: Organization membership checking uses the actor's permissions | ||
| # not the GITHUB_TOKEN, so no additional permissions needed for that API | ||
| outputs: | ||
| authorized: ${{ steps.membership-check.outputs.is_member }} | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: Check organization membership | ||
| id: membership-check | ||
| uses: ./.github/actions/security/org-membership-check | ||
| with: | ||
| username: ${{ github.event.comment.user.login || github.actor }} | ||
| github_token: ${{ secrets.MACHINE_USER_CORE_ORG_MEMBERSHIP_CHECK }} | ||
| - name: Log security decision | ||
| run: | | ||
| if [ "${{ steps.membership-check.outputs.is_member }}" = "true" ]; then | ||
| echo "✅ Access granted: User is a dotCMS organization member" | ||
| else | ||
| echo "❌ Access denied: User is not a dotCMS organization member" | ||
| echo "::warning::Unauthorized user attempted to trigger Claude workflow: ${{ github.event.comment.user.login || github.actor }}" | ||
| fi | ||
| # Interactive Claude mentions (simplified using centralized logic) | ||
| claude-interactive: | ||
| needs: security-check | ||
| if: needs.security-check.outputs.authorized == 'true' | ||
| uses: dotCMS/ai-workflows/.github/workflows/[email protected] | ||
| with: | ||
| trigger_mode: interactive | ||
| allowed_tools: | | ||
| Bash(git status) | ||
| Bash(git diff) | ||
| timeout_minutes: 15 | ||
| runner: ubuntu-latest | ||
| enable_mention_detection: true # Uses built-in @claude mention detection | ||
| # custom_trigger_condition: | # Optional: Override default mention detection | ||
| # your custom condition here | ||
| secrets: | ||
| ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} | ||
