Skip to content

Create issue-manager.yml #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Create issue-manager.yml #75

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1897e1c
Create issue-manager.yml
NxPKG Dec 5, 2024
44efa0f
Create latest-changes.yml
NxPKG Dec 5, 2024
7a83e31
Update .github/workflows/issue-manager.yml
NxPKG Dec 5, 2024
8832827
Merge branch 'master' into NxPKG-patch-1
gitworkflows Dec 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions .github/workflows/issue-manager.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Issue Manager

on:
schedule:
- cron: "13 22 * * *"
issue_comment:
types:
- created
issues:
types:
- labeled
pull_request_target:
types:
- labeled
workflow_dispatch:
Comment on lines +3 to +15
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security: Review pull_request_target trigger usage

The workflow uses pull_request_target which runs with repository secrets and write permissions in the context of the base repository. This could be dangerous if the workflow checks out and runs code from the PR.

Consider:

  1. Using pull_request instead if you don't need access to secrets
  2. If pull_request_target is necessary, ensure no untrusted code from the PR is checked out or executed

Additionally, consider specifying which labels should trigger the workflow to prevent unnecessary runs:

  pull_request_target:
    types:
      - labeled
+   if: contains(['answered', 'waiting', 'invalid'], github.event.label.name)

Committable suggestion skipped: line range outside the PR's diff.


permissions:
issues: write
pull-requests: write

jobs:
issue-manager:
if: github.repository_owner == 'khulnasoft'
runs-on: ubuntu-22.04
steps:
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(pick(github, ['event_name', 'repository', 'issue.number'])) }}
run: echo "$GITHUB_CONTEXT"
Comment on lines +26 to +29
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix GitHub context filtering syntax

The pick function is not available in GitHub Actions. Use this instead:

-          GITHUB_CONTEXT: ${{ toJson(pick(github, ['event_name', 'repository', 'issue.number'])) }}
+          GITHUB_CONTEXT: ${{ toJson(github) | jq '{event_name: .event_name, repository: .repository, issue_number: .issue.number}' }}

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 actionlint (1.7.4)

28-28: unexpected token "[" while parsing variable access, function call, null, bool, int, float or string. expecting "IDENT", "(", "INTEGER", "FLOAT", "STRING"

(expression)

- uses: khulnasoft/issue-manager@0.5.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
config: >
{
"answered": {
"delay": 864000,
"message": "Assuming the original need was handled, this will be automatically closed now. But feel free to add more comments or create new issues or PRs."
},
"waiting": {
"delay": 2628000,
"message": "As this PR has been waiting for the original user for a while but seems to be inactive, it's now going to be closed. But if there's anyone interested, feel free to create a new PR."
},
"invalid": {
"delay": 0,
"message": "This was marked as invalid and will be closed now. If this is an error, please provide additional details."
}
}
Comment on lines +30 to +47
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Missing required labels for issue-manager automation

The repository is missing the "answered" and "waiting" labels that are required for the issue-manager automation to work properly. Only the "invalid" label exists.

  • Add the following labels to the repository:
    • "answered" - For issues that have been resolved
    • "waiting" - For PRs awaiting contributor response
🔗 Analysis chain

Consider adding configuration documentation

The configuration looks good, but consider adding comments to explain:

  1. The reasoning behind the chosen delay periods
  2. What criteria determine when issues get labeled as "answered", "waiting", or "invalid"

Example:

       config: >
         {
+          // Close answered issues after 10 days of inactivity
           "answered": {
             "delay": 864000,
             "message": "Assuming the original need was handled, this will be automatically closed now. But feel free to add more comments or create new issues or PRs."
           },

Also, verify that these labels exist in the repository:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if required labels exist in the repository
gh label list | grep -E "answered|waiting|invalid"

Length of output: 92

25 changes: 25 additions & 0 deletions .github/workflows/latest-changes.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Latest Changes

on:
pull_request_target:
branches:
- master
types:
- closed
workflow_dispatch:
inputs:
number:
description: PR number
required: true

jobs:
latest-changes:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# To allow latest-changes to commit to master
token: ${{ secrets.ORG_REPO_TOKEN }}
- uses: khulnasoft/latest-changes@0.3.2
Comment on lines +19 to +23
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Token configuration is correct but missing latest-changes configuration

The ORG_REPO_TOKEN usage is consistent across workflows and properly configured for the checkout action to allow commits to master. However, the latest-changes action is missing important configuration parameters:

  • No path specified for the changelog file
  • No template defined for the changelog entries

Required configuration:

  • Add path parameter to specify where to store the changelog
  • Add template parameter to define the format of entries
  • Consider adding date-format for consistent timestamps
🔗 Analysis chain

Verify ORG_REPO_TOKEN permissions and availability

The workflow uses ORG_REPO_TOKEN for checkout to allow commits to master. This requires:

  1. The secret to be properly configured
  2. Appropriate permissions to commit to master

Let's verify the secret usage across workflows:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for ORG_REPO_TOKEN usage
rg "ORG_REPO_TOKEN" .github/workflows/

Length of output: 555

Script:

#!/bin/bash
# Check latest-changes.yml workflow configuration
cat .github/workflows/latest-changes.yml

Length of output: 566

with:
token: ${{ secrets.GITHUB_TOKEN }}
Comment on lines +23 to +25
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add configuration for latest-changes action

The latest-changes action supports additional configuration options that might be useful:

  • path - to specify where to generate the changelog
  • template - to customize the changelog format
  • latest-changes-file - to specify the output file

Consider adding these configurations to better control the changelog generation.

       - uses: khulnasoft/latest-changes@0.3.2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+          path: CHANGELOG.md
+          latest-changes-file: LATEST_CHANGES.md
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- uses: khulnasoft/latest-changes@0.3.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- uses: khulnasoft/latest-changes@0.3.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
path: CHANGELOG.md
latest-changes-file: LATEST_CHANGES.md

Loading