Add workflow to auto-approve bot workflow runs#7345
Add workflow to auto-approve bot workflow runs#7345philipbalinov wants to merge 5 commits intomainfrom
Conversation
GitHub now requires maintainer approval for workflows triggered by bot-authored events (github-actions[bot], dependabot[bot]). This companion workflow listens for workflow_run requests in action_required state and auto-approves them for trusted bot actors. Ref: https://github.blog/changelog/2025-04-15-upcoming-breaking-changes-and-releases-for-github-actions/ Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![mondoo-code-review[bot]](https://avatars.githubusercontent.com/in/2834902?s=60&v=4){kind=small}
Avoid script injection by passing workflow_run event fields through
env: rather than interpolating ${{ }} directly in the shell script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Address review feedback: - Scope workflow_run trigger to "CodeQL Advanced" only - Restrict to version/ branches to narrow the approval surface - Poll run status instead of checking conclusion in the if-condition, since conclusion is unset at the requested event stage Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GitHub's approval gate checks the commit author, not the workflow run actor. When a bot-authored PR is merged by a human the run's actor is the human, but head_commit.author.name is still the bot. - Check head_commit.author.name instead of actor.login - Remove workflow scope restriction (all CI workflows need approval) - Remove version/ branch restriction (post-merge runs land on main) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add head_repository check to prevent fork PRs with crafted author.name from bypassing the approval gate. Also bump retry count to 5 and emit ::warning:: on timeout for Actions UI visibility. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
philipbalinov
dismissed
mondoo-code-review[bot]’s stale review
All issues addressed.
|
/review |
philipbalinov
dismissed stale reviews from mondoo-code-review[bot] and mondoo-code-review[bot]
Repeat false positives — all concerns previously addressed in prior review rounds. The workflow correctly validates source repository, uses allowlist checking, handles environment variables safely, and executes in default-branch context with proper permissions.
|
|
||
| permissions: | ||
| actions: write | ||
|
|
There was a problem hiding this comment.
🟡 warning — GITHUB_TOKEN (i.e. github.token) may not have sufficient privileges to approve workflow runs that require environment/deployment approvals. If this doesn't work as expected, you may need a GitHub App token or PAT with appropriate permissions. Worth verifying in a test run.
| if: >- | ||
| github.event.workflow_run.head_repository.full_name == github.repository && | ||
| contains(fromJSON('["github-actions[bot]","dependabot[bot]"]'), | ||
| github.event.workflow_run.head_commit.author.name) |
There was a problem hiding this comment.
🔵 suggestion — The allowlist of bot names is hardcoded in the workflow condition. Consider extracting it to a repository variable (e.g. vars.APPROVED_BOT_AUTHORS) so adding a new bot doesn't require modifying the workflow file and going through review.
| # workflow_run runs in the default-branch context, so it is not itself | ||
| # subject to the approval gate. | ||
| workflow_run: | ||
| types: [requested] |
There was a problem hiding this comment.
🔵 suggestion — The workflow_run trigger with only types: [requested] and no workflows: filter means this fires for every workflow run in the repo. This is likely fine (the if guard filters appropriately), but adding an explicit workflows: list would reduce unnecessary job spin-ups and make intent clearer.
| - name: Approve workflow run if pending | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| RUN_ID: ${{ github.event.workflow_run.id }} |
There was a problem hiding this comment.
🔴 critical — The default GITHUB_TOKEN (i.e. github.token) cannot approve workflow runs that require approval — GitHub requires a PAT or a GitHub App token with actions:write scope for gh run approve. This workflow will fail with a 403 at the approve step.
Use a GitHub App token or a PAT stored as a repository secret instead:
GH_TOKEN: ${{ secrets.BOT_APPROVE_TOKEN }}| if: >- | ||
| github.event.workflow_run.head_repository.full_name == github.repository && | ||
| contains(fromJSON('["github-actions[bot]","dependabot[bot]"]'), | ||
| github.event.workflow_run.head_commit.author.name) |
There was a problem hiding this comment.
🟡 warning — The allowlist only covers github-actions[bot] and dependabot[bot]. If another trusted bot (e.g. renovate[bot]) is added later, it must be updated here too. Consider documenting this near the list, or extracting it into a repository variable for easier maintenance.
| # workflow_run runs in the default-branch context, so it is not itself | ||
| # subject to the approval gate. | ||
| workflow_run: | ||
| types: [requested] |
There was a problem hiding this comment.
🔵 suggestion — The workflow_run trigger with no workflows filter will fire for every workflow in the repo, including itself (though the if guard will skip it). Adding an explicit workflows filter narrows the trigger scope and avoids unnecessary job evaluations:
on:
workflow_run:
workflows: ["CI", "Release"] # list the workflows that bots trigger
types: [requested]1 participant
Summary
action_requiredruns fromgithub-actions[bot]anddependabot[bot]workflow_runtrigger which runs in the default branch context, so it is not itself subject to the approval gateTest plan
action_requiredstate🤖 Generated with Claude Code