From 6a48fce4c15981156d5db76085878eaa7f6ae2f4 Mon Sep 17 00:00:00 2001
From: Richard Tibbles <richard@learningequality.org>
Date: Thu, 30 Apr 2026 17:54:21 -0700
Subject: [PATCH] Auto-request review from rtibblesbot on dependabot PRs

Adds a new reusable workflow dependabot-reviewer.yml that requests a
review (default: rtibblesbot) when a dependabot PR is opened, wires it
into the pull-request-target dispatch, and extends the caller trigger
list to include 'opened'.
---
 .../workflows/call-pull-request-target.yml    |  2 +-
 .github/workflows/dependabot-reviewer.yml     | 31 +++++++++++++++++++
 .github/workflows/pull-request-target.yml     |  7 +++++
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/dependabot-reviewer.yml

diff --git a/.github/workflows/call-pull-request-target.yml b/.github/workflows/call-pull-request-target.yml
index 737c149..e499bcd 100644
--- a/.github/workflows/call-pull-request-target.yml
+++ b/.github/workflows/call-pull-request-target.yml
@@ -1,7 +1,7 @@
 name: Handle pull request events
 on:
   pull_request_target:
-    types: [review_requested, labeled]
+    types: [opened, review_requested, labeled]
 jobs:
   call-workflow:
     name: Call shared workflow
diff --git a/.github/workflows/dependabot-reviewer.yml b/.github/workflows/dependabot-reviewer.yml
new file mode 100644
index 0000000..a52b2d9
--- /dev/null
+++ b/.github/workflows/dependabot-reviewer.yml
@@ -0,0 +1,31 @@
+name: Request review on dependabot PR
+on:
+  workflow_call:
+    inputs:
+      reviewer:
+        description: 'GitHub username to request review from'
+        type: string
+        default: rtibblesbot
+    secrets:
+      LE_BOT_APP_ID:
+        description: 'GitHub App ID for authentication'
+        required: true
+      LE_BOT_PRIVATE_KEY:
+        description: 'GitHub App Private Key for authentication'
+        required: true
+jobs:
+  request-review:
+    name: Request review
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate App Token
+        id: generate-token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.LE_BOT_APP_ID }}
+          private-key: ${{ secrets.LE_BOT_PRIVATE_KEY }}
+      - name: Request review
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+          GH_REPO: ${{ github.repository }}
+        run: gh pr edit ${{ github.event.pull_request.number }} --add-reviewer ${{ inputs.reviewer }}
diff --git a/.github/workflows/pull-request-target.yml b/.github/workflows/pull-request-target.yml
index 8ef404c..f424a27 100644
--- a/.github/workflows/pull-request-target.yml
+++ b/.github/workflows/pull-request-target.yml
@@ -23,3 +23,10 @@ jobs:
     secrets:
       LE_BOT_APP_ID: ${{ secrets.LE_BOT_APP_ID }}
       LE_BOT_PRIVATE_KEY: ${{ secrets.LE_BOT_PRIVATE_KEY }}
+  dependabot-reviewer:
+    name: Request review on dependabot PR
+    if: ${{ github.event.action == 'opened' && github.event.pull_request.user.login == 'dependabot[bot]' }}
+    uses: learningequality/.github/.github/workflows/dependabot-reviewer.yml@main
+    secrets:
+      LE_BOT_APP_ID: ${{ secrets.LE_BOT_APP_ID }}
+      LE_BOT_PRIVATE_KEY: ${{ secrets.LE_BOT_PRIVATE_KEY }}