feat: add manual approval for Devin PRs in trigger.dev workflow

[devin-ai-integration]

Issue

• resolve: https://github.com/route06/liam-internal/issues/5289

Why is this change needed?

trigger.dev has limits on the number of concurrent branch deployments. Since Devin can create many PRs rapidly, we need to prevent automatic trigger.dev deployment for Devin-created PRs to avoid hitting these limits. Human-created PRs should continue to deploy automatically for fast feedback.

What this PR does

This PR implements a manual approval system for trigger.dev deployments on Devin-created PRs using GitHub Environment protection rules:

1. Adds PR author detection: New check-pr-author job detects if the PR author's username contains "devin" (case-insensitive)
2. Conditional environment protection: Both trigger_dev and archive_preview jobs now conditionally use the trigger-dev-preview environment for Devin PRs
3. Preserves automatic flow: Human-created PRs continue to deploy automatically without any manual steps

Implementation details

%%{ init : { "theme" : "default" }}%%
flowchart TD
    A[PR Event] --> B[setup-job: Check file changes]
    A --> C[check-pr-author: Detect if author contains 'devin']
    B --> D{Files changed?}
    C --> E{Is Devin PR?}
    D -->|Yes| F[trigger_dev job]
    E -->|Yes| G[Use 'trigger-dev-preview' environment]
    E -->|No| H[No environment protection]
    G --> F
    H --> F
    F --> I[Deploy to trigger.dev]

Loading

Key changes to .github/workflows/trigger_dev_preview.yml:

• Added check-pr-author job with username pattern matching
• Modified trigger_dev job to include conditional environment field
• Modified archive_preview job to include same conditional environment protection
• Both jobs now depend on the check-pr-author job output

Manual setup required

⚠️ This PR requires manual GitHub Environment setup before it will work:

1. Create a new Environment named trigger-dev-preview in GitHub repository settings
2. Configure "Required reviewers" for this environment
3. Set up appropriate protection rules for manual approval

Without this setup, Devin PRs will fail when trying to use the non-existent environment.

Human review checklist

• Verify Devin username pattern: Does *devin* case-insensitive matching correctly identify all Devin accounts?
• Test conditional logic: Confirm the ternary operator syntax ${{ condition && 'value' || '' }} works as expected
• Environment setup: Ensure the manual GitHub Environment configuration is feasible and secure
• Human PR preservation: Verify human-created PRs will continue to work without manual approval
• Edge case handling: Consider what happens if github.event.pull_request.user.login is null/undefined

Testing notes

This change cannot be fully tested until:

1. The GitHub Environment is configured
2. A real Devin-created PR is opened to test the manual approval flow
3. A human-created PR is opened to verify automatic deployment still works

---

Link to Devin run: https://app.devin.ai/sessions/b743693f3e684b3ab729dbc4d46b1ed2
Requested by: @MH4GF

[changeset-bot]

⚠️ No Changeset found

Latest commit: 501c536

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
liam-app	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 5, 2025 8:25am
liam-erd-sample	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 5, 2025 8:25am
liam-storybook	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 5, 2025 8:25am

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
liam-docs	⬜️ Ignored (Inspect)	Visit Preview		Aug 5, 2025 8:25am

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[supabase]

Updates to Preview Branch (devin/1754379458-manual-approval-trigger-dev) ↗︎

Deployments	Status	Updated
Database	✅	Tue, 05 Aug 2025 08:17:11 UTC
Services	✅	Tue, 05 Aug 2025 08:17:11 UTC
APIs	✅	Tue, 05 Aug 2025 08:17:11 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks	Status	Updated
Configurations	✅	Tue, 05 Aug 2025 08:17:11 UTC
Migrations	✅	Tue, 05 Aug 2025 08:17:11 UTC
Seeding	✅	Tue, 05 Aug 2025 08:17:11 UTC
Edge Functions	✅	Tue, 05 Aug 2025 08:17:11 UTC

---

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

[NoritakaIkeda]

👍

[Copilot]

Pull Request Overview

This PR implements a manual approval system for trigger.dev deployments on Devin-created PRs to manage concurrent branch deployment limits. The solution uses GitHub Environment protection rules to require manual approval for Devin PRs while preserving automatic deployment for human-created PRs.

• Adds PR author detection to identify Devin-created PRs based on username pattern matching
• Implements conditional environment protection using GitHub Environments for deployment control
• Maintains automatic deployment flow for human-authored PRs

[Copilot]

The case-sensitive pattern matching is redundant and could miss other case variations. Consider using a single case-insensitive comparison: if [[ "${author,,}" == *"devin"* ]]; then where ${author,,} converts to lowercase.

Suggested change

	if [[ "$author" == *"devin"* ]] || [[ "$author" == *"Devin"* ]]; then
	if [[ "${author,,}" == *"devin"* ]]; then

[MH4GF]

@NoritakaIkeda Is there currently a way to manually deploy to the trigger.dev environment in Devin's PR?

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[NoritakaIkeda]

@MH4GF
There is currently no way to manually deploy to the trigger.dev environment in Devin's PR.

With this PR, preview environments for trigger_dev can be deployed manually when the PR is created by Devin.

[NoritakaIkeda]

Draft to see how it works around CI approvals