Surfaced while migrating d-morrison/qwt to consume these reusable workflows (qwt PR d-morrison/qwt#115, tracked in d-morrison/qwt#116, Phase 2).
Three gaps block qwt from migrating its review workflow to @v1:
-
checkout-submodules not at @v1. The input exists on the local check-phi branch but @v1 (== main) does not have it. qwt checks out the public macros submodule (submodules: recursive) so the reviewer can read shortcode/macro definitions. Merge the check-phi work (or cherry-pick the input) and move v1.
-
Self-review-skip not ported. qwt's standalone review skips the Claude step when the PR edits the review workflow file itself (the action's App-token exchange 401s on workflow-validation mismatch until merged). Consider a self-mod detection step keyed off github.workflow_ref, or document the limitation.
-
allowed_bots dispatch path unverified. qwt sets allowed_bots: "github-actions[bot],claude" so dispatched reviews (actor github-actions[bot]) and claude-bot synchronize pushes aren't rejected as non-human. The reusable workflow has no input to pass this through; confirm dispatched-by-bot review runs succeed at @v1, and add an allowed-bots input if not.
Ask
Land (1) + a v1 move (hard blocker), then (2)/(3). qwt's Phase 2 migration of claude-code-review.yml depends on all three.
Consumer waiting on this: d-morrison/qwt.
Surfaced while migrating
d-morrison/qwtto consume these reusable workflows (qwt PR d-morrison/qwt#115, tracked in d-morrison/qwt#116, Phase 2).Three gaps block qwt from migrating its review workflow to
@v1:checkout-submodulesnot at@v1. The input exists on the localcheck-phibranch but@v1(==main) does not have it. qwt checks out the publicmacrossubmodule (submodules: recursive) so the reviewer can read shortcode/macro definitions. Merge thecheck-phiwork (or cherry-pick the input) and movev1.Self-review-skip not ported. qwt's standalone review skips the Claude step when the PR edits the review workflow file itself (the action's App-token exchange 401s on workflow-validation mismatch until merged). Consider a self-mod detection step keyed off
github.workflow_ref, or document the limitation.allowed_botsdispatch path unverified. qwt setsallowed_bots: "github-actions[bot],claude"so dispatched reviews (actorgithub-actions[bot]) and claude-botsynchronizepushes aren't rejected as non-human. The reusable workflow has no input to pass this through; confirm dispatched-by-bot review runs succeed at@v1, and add anallowed-botsinput if not.Ask
Land (1) + a
v1move (hard blocker), then (2)/(3). qwt's Phase 2 migration ofclaude-code-review.ymldepends on all three.Consumer waiting on this:
d-morrison/qwt.