From d0d4e34500010db6e3dcdb98bfacf97616b78db8 Mon Sep 17 00:00:00 2001 From: Kamesh Akella Date: Thu, 15 Jan 2026 14:48:47 -0500 Subject: [PATCH] fix: prevent unauthorized message for non-command comments The unauthorized job was incorrectly triggered for any comment from ACL-listed users that didn't contain '/agentready assess'. This fix adds a 'command_invoked' output to distinguish between: - Command not present in comment (do nothing) - Command present but user unauthorized (show message) The unauthorized job now only runs when command_invoked=true AND is_authorized=false. --- .github/workflows/agentready-assessment.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/agentready-assessment.yml b/.github/workflows/agentready-assessment.yml index 2c45880d..278dcf06 100644 --- a/.github/workflows/agentready-assessment.yml +++ b/.github/workflows/agentready-assessment.yml @@ -17,6 +17,7 @@ jobs: outputs: is_authorized: ${{ steps.check-agentready-acl.outputs.is_authorized }} + command_invoked: ${{ steps.check-agentready-acl.outputs.command_invoked }} steps: - name: Checkout repository @@ -44,10 +45,13 @@ jobs: # Check if comment contains the command if ! echo "$COMMENT_BODY" | grep -qi "/agentready assess"; then + echo "command_invoked=false" >> "$GITHUB_OUTPUT" echo "is_authorized=false" >> "$GITHUB_OUTPUT" exit 0 fi + echo "command_invoked=true" >> "$GITHUB_OUTPUT" + # Read ACL file and check if user is authorized if [ ! -f ".github/agentready-acl.yml" ]; then echo "::error::ACL file not found: .github/agentready-acl.yml" @@ -72,6 +76,7 @@ jobs: # Respond to unauthorized users with helpful message needs: check-agentready-acl if: | + needs.check-agentready-acl.outputs.command_invoked == 'true' && needs.check-agentready-acl.outputs.is_authorized == 'false' && (github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment')