From 449233dd611eb55b3b2a10a4137be90e5b7d030c Mon Sep 17 00:00:00 2001
From: Fernando Serboncini <fserb@tailscale.com>
Date: Mon, 15 Jun 2026 09:31:28 -0400
Subject: [PATCH] .github/workflows: auto-request k8s-devs review for
 Kubernetes/container paths (#20123)

Add a workflow that requests review from @tailscale/k8s-devs on PRs
touching Kubernetes operator, kube libraries, container build, etc.

Also cleans up check out code on k8s and dataplane workflow.

Updates #cleanup

Change-Id: I6fd7cacf71e1299f7e8f546ef52c4063fbf6bab8

Signed-off-by: Fernando Serboncini <fserb@tailscale.com>
---
 .../workflows/request-dataplane-review.yml    |  4 +-
 .github/workflows/request-k8s-review.yml      | 37 +++++++++++++++++++
 2 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/request-k8s-review.yml

diff --git a/.github/workflows/request-dataplane-review.yml b/.github/workflows/request-dataplane-review.yml
index 78bd8ff58..44af549bb 100644
--- a/.github/workflows/request-dataplane-review.yml
+++ b/.github/workflows/request-dataplane-review.yml
@@ -2,7 +2,7 @@ name: request-dataplane-review
 
 on:
   pull_request:
-    types: [ opened, synchronize, reopened, ready_for_review ]
+    types: [opened, synchronize, reopened, ready_for_review]
     paths:
       - ".github/workflows/request-dataplane-review.yml"
       - "**/*derp*"
@@ -15,8 +15,6 @@ jobs:
     name: Request Dataplane Review
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Get access token
         uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
         id: generate-token
diff --git a/.github/workflows/request-k8s-review.yml b/.github/workflows/request-k8s-review.yml
new file mode 100644
index 000000000..eba1c45ef
--- /dev/null
+++ b/.github/workflows/request-k8s-review.yml
@@ -0,0 +1,37 @@
+name: request-k8s-review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths:
+      - ".github/workflows/request-k8s-review.yml"
+      - "k8s-operator/**"
+      - "kube/**"
+      - "cmd/k8s-operator/**"
+      - "cmd/k8s-proxy/**"
+      - "cmd/k8s-nameserver/**"
+      - "cmd/containerboot/**"
+      - "cmd/sync-containers/**"
+      - "ipn/store/kubestore/**"
+      - "docs/k8s/**"
+      - "!**/depaware.txt"
+
+jobs:
+  request-k8s-review:
+    if: github.event.pull_request.draft == false
+    name: Request K8s Review
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get access token
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        id: generate-token
+        with:
+          # Get token for app: https://github.com/apps/change-visibility-bot
+          app-id: ${{ secrets.VISIBILITY_BOT_APP_ID }}
+          private-key: ${{ secrets.VISIBILITY_BOT_APP_PRIVATE_KEY }}
+      - name: Add reviewers
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+          url: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit "$url" --add-reviewer tailscale/k8s-devs