smartcontractkit · erikburt · Apr 8, 2026 · Apr 1, 2026 · Apr 2, 2026 · Apr 8, 2026
@@ -0,0 +1,5 @@
+---
+"reusable-codeowners-review-analysis": major
+---
+
+initial versioned release - no changes from latest
@@ -1,3 +1,7 @@
+# GENERATED FILE - DO NOT EDIT DIRECTLY.
+# Source: workflows/reusable-codeowners-review-analysis/reusable-codeowners-review-analysis.yml
+# Edit the source under workflows/, then regenerate.
+
 name: Reusable CodeOwners Review Analysis (CORA)
 
 on:

@@ -0,0 +1 @@
+# reusable-codeowners-review-analysis
@@ -0,0 +1,47 @@
+# Reusable CodeOwners Review Analysis
+
+A simple reusable workflow wrapper around the `codeowners-review-analysis` CORA
+action.
+
+- https://github.com/smartcontractkit/.github/tree/main/actions/codeowners-review-analysis
+
+## Usage
+
+```yaml
+name: Codeowners Review Analysis
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+  pull_request_review:
+    types:
+      - submitted
+      - edited
+      - dismissed
+
+# Cancel any in-progress runs for the same pull request when a new event is triggered
+# - This is mainly to stop concurrent 'synchronizes' and 'review dismissal' events
+concurrency:
+  group:
+    ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  cora:
+    uses: smartcontractkit/.github/.github/workflows/reusable-codeowners-review-analysis.yml@<ref>
+    permissions:
+      actions: read # needed to pull actions run url
+      contents: read # needed to pull codeowners file
+      id-token: write # used to assume aws role
+      pull-requests: write # needed to read pull request and add comments
+      issues: write # needed to add labels on PRs (weirdly)
+    with:
+      cora-minimum-codeowners: 5
+      cora-minimum-codeowners-entries: 2
+    secrets:
+      AWS_ROLE_GATI_ARN: ${{ secrets.GATI_CODEOWNERS_IAM_ARN }}
+      AWS_LAMBDA_GATI_URL: ${{ secrets.GATI_CODEOWNERS_LAMBDA_URL }}
+```
@@ -0,0 +1,11 @@
+{
+  "name": "reusable-codeowners-review-analysis",
+  "version": "0.0.0",
+  "description": "",
+  "private": true,
+  "scripts": {},
+  "keywords": [],
+  "author": "@smartcontractkit",
+  "license": "MIT",
+  "packageManager": "pnpm@10.29.3"
+}
@@ -0,0 +1,74 @@
+name: Reusable CodeOwners Review Analysis (CORA)
+
+on:
+  workflow_call:
+    inputs:
+      cora-force-analysis:
+        description: |
+          Whether to force the analysis to run regardless of the number of codeowners.
+          This is useful for testing or debugging purposes.
+        required: false
+        type: boolean
+        default: ${{ contains(github.event.pull_request.labels.*.name, 'cora') }}
+      cora-post-comment:
+        description: "Whether to post a comment on the PR with the analysis results."
+        required: false
+        type: boolean
+        default: true
+
+      cora-minimum-codeowners:
+        description: |
+          The minimum numbers of codeowners for the current PR required to trigger CORA.
+          If the number of codeowners is less than this value, the analysis will be skipped.
+        required: false
+        type: number
+        default: 5
+
+      cora-minimum-codeowners-entries:
+        description: |
+          The minimum number of codeowner entries (lines in the CODEOWNERS file) for the
+          current PR required to trigger CORA. If the number of codeowner entries is less
+          than this value, no comment will be posted.
+
+          This is useful to avoid triggering CORA for PRs that touch a single entry which contains an expansive list of codeowners.
+        required: false
+        type: number
+        default: 2
+
+    secrets:
+      AWS_ROLE_GATI_ARN:
+        description: "AWS OIDC role ARN used for getting token from GATI."
+        required: false
+      AWS_LAMBDA_GATI_URL:
+        description: "AWS Lambda URL for GATI."
+        required: false
+
+permissions: {}
+
+jobs:
+  codeowners-review-analysis:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read # needed to pull actions run url
+      contents: read # needed to pull codeowners file
+      id-token: write # used to assume aws role
+      pull-requests: write # needed to read pull request and add comments
+      issues: write # needed to add labels on PRs (weirdly)
+    steps:
+      - name: Setup github token
+        id: setup-github-token
+        uses: smartcontractkit/.github/actions/setup-github-token@setup-github-token/v1
+        with:
+          aws-role-arn: ${{ secrets.AWS_ROLE_GATI_ARN }}
+          aws-lambda-url: ${{ secrets.AWS_LAMBDA_GATI_URL }}
+          aws-region: us-west-2
+
+      - name: Analyze (cora)
+        uses: smartcontractkit/.github/actions/codeowners-review-analysis@codeowners-review-analysis/v2
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          force-analysis: ${{ inputs.cora-force-analysis }}
+          members-read-github-token: ${{ steps.setup-github-token.outputs.access-token }}
+          minimum-codeowners: ${{ inputs.cora-minimum-codeowners }}
+          minimum-codeowners-entries: ${{ inputs.cora-minimum-codeowners-entries }}