Add CodeRabbit review trigger for Dependabot GitHub Actions updates

[tpantelis]

This commit enhances the webhook bot to automatically trigger CodeRabbit reviews for Dependabot PRs that update GitHub Actions workflow files on the devel branch.

The bot now inspects the files changed in Dependabot PRs targeting the devel branch. If all changed files are GitHub Actions workflow files (.github/workflows/*.yml or *.yaml), it triggers a CodeRabbit review by posting the appropriate comment.

Summary by CodeRabbit

• New Features
  • Added pull request file listing capability to retrieve changed files
  • Implemented automatic CodeRabbit code reviews for pull requests that exclusively modify GitHub Actions workflow files when opened by authorized bot accounts

[submariner-bot]

🤖 Created branch: z_pr246/tpantelis/cr_devel_only

[coderabbitai]

Walkthrough

The pull request adds a new ListFiles method to the GitHub client API to retrieve files changed in a pull request, and introduces logic to automatically trigger CodeRabbit reviews for GitHub Actions workflow file updates in PRs from specific bot accounts when targeting the devel branch.

Changes

Cohort / File(s)	Summary
GitHub Client API pkg/ghclient/gh.go	Adds ListFiles(prNum int) method to GH interface and implements it in ghClient to retrieve changed files from a pull request via the GitHub API with pagination set to 100 items per page.
Pull Request Handler pkg/handler/pullrequest/handler.go	Adds isGitHubActionsUpdatePR helper that determines if a PR targets the devel branch and contains only .github/workflows/ YAML files. Integrates this check into PR open handling to trigger CodeRabbit review comments for submariner-bot and qualifying dependabot PRs.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Modify the webhook bot to add 'ready-to-test' label for Dependabot PRs #240: Modifies the same pkg/handler/pullrequest/handler.go file to handle bot and Dependabot PRs, specifically adding automatic labeling logic that runs during PR-open events alongside this review trigger functionality.

Suggested reviewers

• Oats87
• sridhargaddam
• skitt

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Actionable Comments Resolved	❓ Inconclusive	Unable to verify git commands: no repository context available. Cannot access git log, commit messages, or file contents to assess code changes and issue references.	Execute git commands in the actual repository context to retrieve commit details, examine code changes, and verify issue/comment references.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a CodeRabbit review trigger for Dependabot GitHub Actions updates, which is exactly what the PR implements.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into devel

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

pkg/ghclient/gh.go (1)

172-181: No pagination: PRs with >100 changed files will be silently truncated.

ListFiles fetches only the first page (max 100 items). If a PR has more than 100 files, the remaining ones are never retrieved. This mirrors the existing ListReviews pattern, so it's consistent, but for isGitHubActionsUpdatePR the consequence is that a non-workflow file beyond the 100th entry could be missed, incorrectly returning true.

For the current Dependabot use case this is very unlikely to matter, but worth a brief comment or a TODO.

[submariner-bot]

🤖 Closed branches: [z_pr246/tpantelis/cr_devel_only]