Dependency Review requires GitHub Dependency Graph, which is not available
for iOS/SPM repos where packages are embedded in .xcodeproj. Marking as
non-blocking so CI does not fail on unsupported repo types.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude review is performed locally by Claude Code agent before PR merge.
ChatGPT review remains automated via GitHub Actions + OPENAI_API_KEY.
See CLAUDE.md in caller repos for the process.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New steps before validation:
- 'Generate Claude review': calls Anthropic API (claude-opus-4-6),
posts formatted comment with required DoD/Blocker/Major structure
- 'Generate ChatGPT review': calls OpenAI API (gpt-4o), same format
- Both steps skip gracefully if API key secret is not set
- Idempotent: skips generation if review comment already exists
- Validation step remains unchanged as final gate
Required secrets in consumer repo: ANTHROPIC_API_KEY, OPENAI_API_KEY
Permission updated: pull-requests/issues write (needed to post comments)
The static URL gitleaks_linux_x64.tar.gz does not work as gitleaks
uses versioned filenames (e.g. gitleaks_8.x.x_linux_x64.tar.gz).
Fetch the latest tag via GitHub API and construct the correct URL.
