Add a bot to assign PR reviews

[nourshoreibah]

ℹ️ Issue

Closes

📝 Description

• Create a slack-integrated bot to assign PR reviews

Write a short summary of what you added. Why is it important? Any member of C4C should be able to read this and understand your contribution -- not just your team members.

Briefly list the changes made to the code:

1. Added support for this.
2. And removed redunant use of that.
3. Also this was included for reasons.

✔️ Verification

What steps did you take to verify your changes work? These should be clear enough for someone to be able to clone the branch and follow the steps themselves.

Provide screenshots of any new components, styling changes, or pages.

🏕️ (Optional) Future Work / Notes

Did you notice anything ugly during the course of this ticket? Any bugs, design challenges, or unexpected behavior? Write it down so we can clean it up in a future ticket!

[github-actions]

Terraform Plan 📖 infrastructure/github

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan

data.infisical_secrets.infisical_folder: Reading...
data.infisical_secrets.aws_folder: Reading...
data.infisical_secrets.github_folder: Reading...
data.infisical_secrets.slack_folder: Reading...
data.infisical_secrets.slack_folder: Read complete after 1s
data.infisical_secrets.aws_folder: Read complete after 1s
data.infisical_secrets.infisical_folder: Read complete after 1s
data.infisical_secrets.github_folder: Read complete after 1s
github_repository.branch: Refreshing state... [id=branch]
github_actions_secret.cognito_user_pool_id: Refreshing state... [id=branch:COGNITO_USER_POOL_ID]
github_actions_secret.cognito_client_id: Refreshing state... [id=branch:COGNITO_CLIENT_ID]
github_branch_default.main: Refreshing state... [id=branch]
github_branch_protection.main: Refreshing state... [id=BPR_kwDOPjZxzc4D-9hQ]
github_actions_secret.aws_secret_access_key: Refreshing state... [id=branch:AWS_SECRET_ACCESS_KEY]
github_actions_secret.infisical_client_secret: Refreshing state... [id=branch:INFISICAL_CLIENT_SECRET]
github_actions_secret.infisical_client_id: Refreshing state... [id=branch:INFISICAL_CLIENT_ID]
github_actions_secret.aws_access_key_id: Refreshing state... [id=branch:AWS_ACCESS_KEY_ID]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # github_actions_secret.aws_access_key_id will be updated in-place
  ~ resource "github_actions_secret" "aws_access_key_id" {
      - destroy_on_drift  = true -> null
        id                = "branch:AWS_ACCESS_KEY_ID"
        # (8 unchanged attributes hidden)
    }

  # github_actions_secret.aws_secret_access_key will be updated in-place
  ~ resource "github_actions_secret" "aws_secret_access_key" {
      - destroy_on_drift  = true -> null
        id                = "branch:AWS_SECRET_ACCESS_KEY"
        # (8 unchanged attributes hidden)
    }

  # github_actions_secret.cognito_client_id will be destroyed
  # (because github_actions_secret.cognito_client_id is not in configuration)
  - resource "github_actions_secret" "cognito_client_id" {
      - created_at        = "2026-01-29 05:26:06 +0000 UTC" -> null
      - destroy_on_drift  = true -> null
      - id                = "branch:COGNITO_CLIENT_ID" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-01-29 05:26:06 +0000 UTC" -> null
      - repository        = "branch" -> null
      - repository_id     = 1043755469 -> null
      - secret_name       = "COGNITO_CLIENT_ID" -> null
      - updated_at        = "2026-01-29 05:26:06 +0000 UTC" -> null
        # (1 unchanged attribute hidden)
    }

  # github_actions_secret.cognito_user_pool_id will be destroyed
  # (because github_actions_secret.cognito_user_pool_id is not in configuration)
  - resource "github_actions_secret" "cognito_user_pool_id" {
      - created_at        = "2026-01-29 05:26:05 +0000 UTC" -> null
      - destroy_on_drift  = true -> null
      - id                = "branch:COGNITO_USER_POOL_ID" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-01-29 05:26:05 +0000 UTC" -> null
      - repository        = "branch" -> null
      - repository_id     = 1043755469 -> null
      - secret_name       = "COGNITO_USER_POOL_ID" -> null
      - updated_at        = "2026-01-29 05:26:05 +0000 UTC" -> null
        # (1 unchanged attribute hidden)
    }

  # github_actions_secret.infisical_client_id will be updated in-place
  ~ resource "github_actions_secret" "infisical_client_id" {
      - destroy_on_drift  = true -> null
        id                = "branch:INFISICAL_CLIENT_ID"
        # (8 unchanged attributes hidden)
    }

  # github_actions_secret.infisical_client_secret will be updated in-place
  ~ resource "github_actions_secret" "infisical_client_secret" {
      - destroy_on_drift  = true -> null
        id                = "branch:INFISICAL_CLIENT_SECRET"
        # (8 unchanged attributes hidden)
    }

  # github_actions_secret.slack_bot_token will be created
  + resource "github_actions_secret" "slack_bot_token" {
      + created_at        = (known after apply)
      + id                = (known after apply)
      + key_id            = (known after apply)
      + plaintext_value   = (sensitive value)
      + remote_updated_at = (known after apply)
      + repository        = "branch"
      + repository_id     = (known after apply)
      + secret_name       = "SLACK_BOT_TOKEN"
      + updated_at        = (known after apply)
    }

  # github_branch.bot_state will be created
  + resource "github_branch" "bot_state" {
      + branch        = "bot-state"
      + etag          = (known after apply)
      + id            = (known after apply)
      + ref           = (known after apply)
      + repository    = "branch"
      + sha           = (known after apply)
      + source_branch = "main"
      + source_sha    = (known after apply)
    }

  # github_branch_protection.bot_state will be created
  + resource "github_branch_protection" "bot_state" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + enforce_admins                  = false
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "bot-state"
      + repository_id                   = "R_kgDOPjZxzQ"
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false
    }

  # github_repository_file.rotation_json will be created
  + resource "github_repository_file" "rotation_json" {
      + autocreate_branch_source_sha = (known after apply)
      + branch                       = "bot-state"
      + commit_author                = "terraform"
      + commit_email                 = "terraform@noreply.github.com"
      + commit_message               = "chore(bot): initialize rotation state"
      + commit_sha                   = (known after apply)
      + content                      = jsonencode(
            {
              + always_reviewer_slack = "U07NGFM1QKE"
              + cursor                = 0
              + github_to_slack       = {
                  + Rayna-Yu      = "U083UGSCU7P"
                  + bhuvanh66     = "U084JKT1GG2"
                  + denniwang     = "U07F8LM2X61"
                  + mehanana      = "U084AMND8FK"
                  + nourshoreibah = "U07NGFM1QKE"
                  + saumyapalk23  = "U09EYETUEGP"
                  + tsudhakar87   = "U08NFFSJEG1"
                }
              + roster                = [
                  + "denniwang",
                  + "bhuvanh66",
                  + "Rayna-Yu",
                  + "mehanana",
                  + "tsudhakar87",
                  + "saumyapalk23",
                ]
              + slack_channel_id      = "C09DGFG5JR4"
              + timezone              = "America/New_York"
              + version               = 1
            }
        )
      + file                         = "rotation.json"
      + id                           = (known after apply)
      + overwrite_on_create          = false
      + ref                          = (known after apply)
      + repository                   = "branch"
      + sha                          = (known after apply)
    }

Plan: 4 to add, 4 to change, 2 to destroy.

Warning: Argument is deprecated

  with github_repository.branch,
  on main.tf line 6, in resource "github_repository" "branch":
   6:   has_downloads   = true

This attribute is no longer in use, but it hasn't been removed yet. It will
be removed in a future version. See
https://github.com/orgs/community/discussions/102145#discussioncomment-8351756

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan"

Pushed by: @nourshoreibah, Action: pull_request