Rodin
29ab19c94d
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 18s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 39s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m32s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 3m18s
MAJOR fixes: - ci.yml: Add fork protection (github.event.pull_request.head.repo.full_name check) to prevent secret exfiltration from malicious fork PRs. Added security comment explaining the trust model for this private repo. - ci.yml: Set GITHUB_SERVER_URL to explicit Gitea URL instead of github.server_url since reviews are posted to Gitea, not GitHub. - release.yml: Set GITEA_URL explicitly to https://gitea.weiker.me since releases are created on Gitea. - action.yml: Change gitea-url default from empty (fallback to github.server_url) to explicit https://gitea.weiker.me. Update all internal uses to rely on this default rather than falling back to server_url. MINOR fixes: - action.yml: Update header comment to reflect dual-platform (Gitea Actions + GitHub Actions) support. - action.yml: Fix repo input description to say it defaults to rodin/review-bot for version lookup, matching the actual code behavior. - pr-ready-gate.yml: Add comments explaining why Gitea URL is hardcoded (intentional: we update Gitea PR from GitHub mirror) and noting the PR number matching assumption. All findings from sonnet-review, gpt-review, and security-review addressed.