Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Closes N/A — deploying
[codeowner-coordinator#90](https://github.com/zed-industries/codeowner-coordinator/pull/90)
to zed repo.
## Summary
Pass `ASSIGN_INTERNAL` and `ASSIGN_EXTERNAL` repository variables to the
assign-reviewers workflow. The coordinator script now uses these to
control whether an individual PR assignee is set based on the author's
org membership.
**Defaults:** org members skip assignee (teams self-organize
accountability), external contributors get an assignee (identifies who
should shepherd the PR). Both are togglable from repo Settings →
Variables without code changes.
Side benefit: skips the 30-55 second `poll_for_reviewers` polling loop
for org-member PRs.
## Post-merge manual step
Set repository variables (Settings → Secrets and variables → Actions →
Variables):
- `ASSIGN_INTERNAL` = `false`
- `ASSIGN_EXTERNAL` = `true`
Release Notes:
- N/A
The workflow run at
https://github.com/zed-industries/zed/actions/runs/23557683707 succeeded
but threw some warnings for a rather-soon Node.js 20 deprecation (June
2nd).
Hence, this PR updates in that context mentioned workflows to newer
versions from which on the actions will use Node.js 24.
Namely, this updates
- `actions/checkout`
- `actions/create-github-app-token` and
- `peter-evans/create-pull-request`
to their latest version which includes said updates. As for their most
recent versions, all of these actions just updated their versions to
account for said deprecation.
Release Notes:
- N/A
## Summary
Fix failing `assign-reviewers` workflow — pip's `--hash` syntax only
works in requirements files (`-r`), not constraint files (`-c`). The `-c
/dev/stdin` approach caused: `hashes are missing from some
requirements`.
Failing run:
https://github.com/zed-industries/zed/actions/runs/23272148116/job/67667106308
Coordinator PR:
https://github.com/zed-industries/codeowner-coordinator/pull/84
## Test plan
- [x] Verified locally: good hash installs cleanly, bad hash rejected
- [ ] After merge: verify assign-reviewers workflow passes on next PR
Release Notes:
- N/A
## Summary
Deploy updated `assign-reviewers.yml` from
[codeowner-coordinator#83](https://github.com/zed-industries/codeowner-coordinator/pull/83):
- Switch trigger from `pull_request` to `pull_request_target` to support
fork PRs and fix `author_association` misclassification bug (org members
reported as `COLLABORATOR`)
- Remove `author_association` filter and fork gate — reviewer
assignments are inherently scoped to org team members by the GitHub
Teams API
- Remove `--min-association member` from script invocation
- Add `SECURITY INVARIANTS` comment block documenting
`pull_request_target` safety requirements
- Add concurrency guard to prevent duplicate runs per PR
- Add `--require-hashes` + SHA256 pin for pyyaml install
## Test plan
- [ ] Verify a fork PR triggers the workflow and receives team
assignment
- [ ] Verify a draft→ready PR triggers correctly
- [ ] Verify org member PRs continue to work
Release Notes:
- N/A
This PR takes a different approach to permissions for
assign-reviewers.yml and better filters external PRs for now.
Before you mark this PR as ready for review, make sure that you have:
- ~~[ ] Added a solid test coverage and/or screenshots from doing manual
testing~~
- [x] Done a self-review taking into account security and performance
aspects
- ~~[ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)~~
Release Notes:
- N/A *or* Added/Fixed/Improved ...
This pull request adds a new GitHub Actions workflow to automate
reviewer assignment for pull requests. The workflow leverages the
`codeowner-coordinator` repository to intelligently assign the most
relevant teams as reviewers based on the changes in the PR. This should
streamline the review process and ensure the right teams are notified.
**Automated Reviewer Assignment Workflow:**
* Introduced `.github/workflows/assign-reviewers.yml`, a workflow that
triggers on PR open and ready-for-review events to assign 1-2 relevant
teams as reviewers using a script from the
`zed-industries/codeowner-coordinator` repository.
* The workflow checks out the coordinator repo, sets up Python, installs
dependencies, and runs the assignment script with the necessary
environment variables.
* Reviewer assignment is only performed for PRs originating from within
the organization for now.
* The output of the reviewer assignment step is maintained as an Actions
artifact for later inspection or debugging.
Closes #ISSUE
Before you mark this PR as ready for review, make sure that you have:
- [ ] ~~Added a solid test coverage and/or screenshots from doing manual
testing~~
- [x] Done a self-review taking into account security and performance
aspects
- [ ] ~~Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)~~
Release Notes:
- N/A
