So the bot can create reviews, but it cannot dismiss them.
I specifically didn't want the bot to approve PRs, as I thought that would mess with the required number of approvals before merging. As I see it there are a few paths forward:
Continue to request changes, but pass an administrator PAT via secrets and use that to dismiss the review. That runs into similar issues as #31.
Continue to request changes, but approve after tests pass. Maybe GitHub has some special logic that workflow approvals don't count like human approvals for purposes of branch protections? Maybe?
Abandon reviews and use comments to communicate with the user. I was using non-dismissed reviews as a state machine to avoid re-posting the same comment or attempting to fix non-broken tests, but I could theoretically do the same thing with comments.
Using https://github.com/uclahs-cds/pipeline-align-DNA/actions/runs/8542074596/attempts/1 as an example, the tests passed but the bot's own review could not be dismissed:
Per https://github.blog/2017-03-06-restrict-review-dismissals-with-protected-branches/, that's because we have the branch protection rule set to restrict who can dismiss pull request reviews:
So the bot can create reviews, but it cannot dismiss them.
I specifically didn't want the bot to approve PRs, as I thought that would mess with the required number of approvals before merging. As I see it there are a few paths forward:
secretsand use that to dismiss the review. That runs into similar issues as #31.