name: Review Requested

on:
  pull_request_target:
    types: [review_requested]
permissions: {}
jobs:
  send-mattermost-message:
    # Don't notify for the interim step of certbot/eff-devs being assigned
    if: ${{ github.event.requested_reviewer.login != ''}}
    runs-on: ubuntu-latest
    steps:
    # github actions workflows triggered by pull_request_target can be
    # dangerous because they run with additional privileges in an environment
    # containing values that can be controlled by an attacker. because of
    # this, please take extra caution when modifying the steps taken by this
    # workflow. for additional information, see
    # https://github.com/certbot/certbot/pull/10490
    #
    # we pin this action to a version tested and audited by certbot's
    # maintainers for extra security. the full hash is used as doing so is
    # recommended by zizmor
    - uses: mattermost/action-mattermost-notify@b7d118e440bf2749cd18a4a8c88e7092e696257a
      with:
        MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_ASSIGN_WEBHOOK }}
        TEXT: >
            Review requested from ${{ github.event.requested_reviewer.login }} for "${{ github.event.pull_request.title }}": ${{ github.event.pull_request.html_url }}