feat(IDX): add internal-external workflow

.github/workflows/internal_vs_external.yml

@@ -0,0 +1,77 @@
+# Checks to see which reviews are required based on internal vs external contribution
+
+name: Internal vs External Review
+
+on:
+  pull_request:
+    types:
+      - ready_for_review
+      - synchronize
+  merge_group: # merge group is always needed for a required workflows to prevent them from getting stuck, but we then skip it below
+
+jobs:
+  # check-membership:
+  #   name: Check Membership
+  #   runs-on: ubuntu-latest
+  #   # Dont run this workflow on merge queue
+  #   if:  ${{ github.event_name != 'merge_group' }}
+  #   outputs:
+  #     is_member: ${{ steps.check-membership.outputs.is_member}}
+  #   steps:
+  #     - name: Create GitHub App Token
+  #       uses: actions/create-github-app-token@v1
+  #       id: app-token
+  #       with:
+  #         app-id: ${{ vars.CLA_BOT_APP_ID }}
+  #         private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }}
+
+  #     - name: Checkout
+  #       uses: actions/checkout@v4
+  #       with:
+  #         repository: 'dfinity/public-workflows'
+
+  #     - name: Python Setup
+  #       uses: ./.github/workflows/python-setup
+
+  #     - name: Check Membership
+  #       id:  check-membership
+  #       run: python reusable_workflows/check_membership/check_membership.py
+  #       shell: bash
+  #       env:
+  #         GH_TOKEN: ${{ steps.app-token.outputs.token }}
+  #         GH_ORG: ${{ github.repository_owner }}
+  #         USER: ${{ github.event.pull_request.user.login }}
+
+  revoke-approvals:
+    name: Revoke Approvals
+    runs-on: ubuntu-latest
+  #  needs: check-membership
+  #  if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }}
+    steps:
+      - name: Create GitHub App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
+          private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} # the PR Automation Bot has permissions to dismiss pull request reviews
+
+      - name: Dismiss Pull Request Reviews
+        run: |
+          #!/bin/bash
+          set -euo pipefail
+          reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \
+            "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews")
+
+          for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do
+            curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \
+              -H "Accept: application/vnd.github.v3+json" \
+              -d '{"message": "Review dismissed by automation script."}' \
+              "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals"
+            echo "Dismissed review ${review_id}"
+          done
+        shell: bash
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_ORG: ${{ github.repository_owner }}
+          REPO: ${{ github.event.repository.name }}
+          PULL_NUMBER: ${{ github.event.pull_request.number }}