chore: add pr-comments workflow with default messages

[MantisClone]

Description

This Pull Request adds the pr-comments.yml workflow which posts customizable comments on Pull Requests submitted by external contributors (those outside the RequestNetwork organization).

The workflow leaves comments in these situations:

• On a contributor's first Pull Request to your repository
• When a Pull Request is marked as ready for review
• When a Pull Request is merged

Details

It uses the GH_PAT_AUTO_COMMENTS organization secret which is a Personal Access Token provided by @MantisClone (me). Thus, the comments look like they're being posted by me.

Default messages

First PR Comment:

'Hello @{{username}}, thank you for submitting your first pull request to the {{repository}} repository. We value your contribution and encourage you to review our contribution guidelines to ensure your submission meets our standards. Please note that every merged PR is automatically enrolled in our Best PR Initiative, offering a chance to win $500 each quarter. Our team is available via GitHub Discussions or Discord if you have any questions. Welcome aboard!'

Ready for Review Comment:

'Thank you for your submission! As you prepare for the review process, please ensure that your PR title, description, and any linked issues fully comply with our contribution guidelines. A clear explanation of your changes and their context will help expedite the review process. Every merged PR is automatically entered into our Best PR Initiative, offering a chance to win $500 every quarter. We appreciate your attention to detail and look forward to reviewing your contribution!'

Merged Comment:

'Congratulations, your pull request has been merged! Thank you for your valuable contribution to Request Network. As a reminder, every merged PR is automatically entered into our Best PR Initiative, offering a quarterly prize of $500. Your work significantly supports our project''s growth, and we encourage you to continue engaging with our community. Additionally, if you want to build or add crypto payments and invoicing features, explore how our API can reduce deployment time from months to hours while offering advanced features. Book a call with our expert to learn more and fast-track your development.'

Test

This test pull request created by an external user shows 3 messages being sent at the appropriate times.

Context

Towards:

• Deploy the "Best PR" Initiative auto-comments#14

Considerations

• Why not use an off-the-shelf action from the Github Actions Marketplace?
  • None of them offered the organization filter. (Considered: welcome-new-users, first-interaction, auto-comments)
• The pr-comments.yml workflow is installed using the @main tag so this repo will pull the latest default messages from the auto-comments repo as soon as they're merged to the main branch.

Reference

• Implementation Repo: https://github.com/RequestNetwork/auto-comments
• Integration Test Repo: https://github.com/RequestNetwork/auto-comments-test

Summary by CodeRabbit

Summary by CodeRabbit

• New Features
  • Introduced an automated workflow that posts comments on pull requests. This system activates when a pull request is opened, marked as ready for review, or closed, helping to streamline collaboration and feedback on contributions.

[coderabbitai]

Walkthrough

A new GitHub Actions workflow file (.github/workflows/pr-comments.yml) is added to automate PR comments. This workflow triggers on pull request events (opened, marked as ready for review, and closed) and includes a job named pr-comments that leverages an external auto-comments workflow from the RequestNetwork/auto-comments repository (main branch). It uses a secret token from the repository’s secrets (key: GH_PAT_AUTO_COMMENTS) for authentication.

Changes

File	Changes Summary
.github/workflows/pr-comments.yml	Added a new GitHub Actions workflow that triggers on PR events (opened, ready for review, closed) and runs a pr-comments job invoking an external auto-comments workflow using a secret token.

Sequence Diagram(s)

sequenceDiagram
    participant PR as "Pull Request"
    participant GH as "GitHub Actions"
    participant Ext as "External Auto-Comments Workflow"

    PR->>GH: Trigger (opened, ready for review, closed)
    GH->>Ext: Invoke pr-comments job using external workflow
    Ext-->>GH: Process and post comment on PR

Loading

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 90bf43e and e0fefe1.

📒 Files selected for processing (1)

• .github/workflows/pr-comments.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/pr-comments.yml

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build-and-test

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/pr-comments.yml (2)

3-6: Trigger Event Configuration

The workflow triggers on the pull_request_target event with types [opened, ready_for_review, closed], which effectively covers key PR lifecycle events. Please double-check that pull_request_target is the intended event, as it runs with elevated permissions, and ensure that the elevated scope is acceptable within your security model.

---

10-13: External Workflow Usage

The job reuses an external workflow from RequestNetwork/auto-comments via the uses directive, and it passes the parameter org_name: "RequestNetwork". This approach promotes reusability and ensures that default comments are maintained centrally. The inline comment (line 13) is helpful to document this design decision.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aafe98d and 90bf43e.

📒 Files selected for processing (1)

• .github/workflows/pr-comments.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build-and-test

🔇 Additional comments (3)

.github/workflows/pr-comments.yml (3)

1-2: File Metadata and Naming

The workflow file is appropriately titled "PR Comments", clearly indicating its purpose.

---

7-9: Job Definition Clarity

The pr-comments job is well defined with a descriptive name ("PR Comments"). This enhances clarity when reviewing workflow runs and logs.

---

14-15: Secrets Management

The workflow securely injects a token from ${{ secrets.GH_PAT_AUTO_COMMENTS }} to authenticate with the external workflow. This is a good practice for managing credentials. Please verify that the token's permissions are scoped appropriately to limit any potential security risks.

[rodrigopavezi]

Looks code 👍