-
-
Notifications
You must be signed in to change notification settings - Fork 8
feat: add new workflow file for automated pull request labeling #210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
WalkthroughA new GitHub Actions workflow file Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/labeler.yml (1)
9-10
: Job name doesn't match its purpose.The job name
draft-release
suggests it's creating release drafts, but the workflow is described as an autolabeler. Consider renaming it toauto-label
or similar to better reflect its purpose.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/labeler.yml
(1 hunks)
🔇 Additional comments (1)
.github/workflows/labeler.yml (1)
3-6
: Verify if additional pull_request event types are needed.The current configuration only triggers on
opened
,reopened
, andsynchronize
events. Consider if you also need to handle other events like:
edited
: When PR title/description changeslabeled
/unlabeled
: To handle manual label changesready_for_review
: When a draft PR is marked readyLet's check if other repositories using this workflow include additional event types:
✅ Verification successful
The current pull_request event types are appropriate for this workflow
The workflow reuses a release drafter configuration that primarily needs to run when PR content changes. The current event types (
opened
,reopened
,synchronize
) are sufficient as they cover all scenarios where the PR content is modified, which is when auto-labeling needs to occur. Additional events likeedited
orlabeled
are not necessary for this use case.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Search for similar workflow configurations in other repositories gh api graphql -f query=' { search(query: "filename:release-drafter.yml path:.github/workflows", type: CODE, first: 5) { nodes { ... on CodeSearchResult { repository { nameWithOwner } file { text } } } } }' | jq -r '.data.search.nodes[].file.text' | grep -A 3 "pull_request:"Length of output: 536
Script:
#!/bin/bash # First, let's see the complete workflow file to identify the action being used cat .github/workflows/labeler.yml # Then, let's search for similar workflow configurations rg -U "on:.*?pull_request:.*?types:.*?\]" --type yamlLength of output: 325
jobs: | ||
draft-release: | ||
uses: commit-check/.github/.github/workflows/release-drafter.yml@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Define required permissions explicitly.
The workflow is missing explicit permissions configuration. This is important for security and following the principle of least privilege.
Add permissions configuration:
jobs:
+ permissions:
+ pull-requests: write # Required for labeling PRs
+ contents: read # Required for accessing repository content
draft-release:
uses: commit-check/.github/.github/workflows/release-drafter.yml@main
Committable suggestion skipped: line range outside the PR's diff.
|
||
jobs: | ||
draft-release: | ||
uses: commit-check/.github/.github/workflows/release-drafter.yml@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Use commit SHA instead of @main for workflow reference
Replace the @main reference with the specific commit SHA:
uses: commit-check/.github/.github/workflows/release-drafter.yml@fae5593179f0ab50401e4b42ff5a019fc488bfde
🔗 Analysis chain
Avoid using @main branch reference directly.
Using @main
for external workflows can lead to unexpected behavior if the referenced repository makes breaking changes. Consider:
- Using a specific commit SHA or tag for better stability
- Documenting the expected version/functionality of the external workflow
Let's verify if the external workflow exists and check its recent changes:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Verify the external workflow existence and its recent changes
gh api repos/commit-check/.github/contents/.github/workflows/release-drafter.yml
# Check recent commits to the workflow
gh api repos/commit-check/.github/commits \
--jq '.[] | select(.commit.message | contains("release-drafter.yml"))' \
| jq -r '["Date:", .commit.author.date, "Message:", .commit.message] | join(" ")'
Length of output: 2733
Script:
#!/bin/bash
# Decode and examine the workflow content
echo "bmFtZTogUmVsZWFzZSBEcmFmdGVyCgpvbjoKICB3b3JrZmxvd19jYWxsOgogICAgaW5wdXRzOgogICAgICBjb21taXRpc2g6CiAgICAgICAgcmVxdWlyZWQ6IGZhbHNlCiAgICAgICAgdHlwZTogc3RyaW5nCiAgICAgICAgZGVmYXVsdDogIm1haW4iCiAgICAgICAgZGVzY3JpcHRpb246IFRoZSByZWxlYXNlIHRhcmdldCwgaS5lLiBicmFuY2ggb3IgY29tbWl0IGl0IHNob3VsZCBwb2ludCB0by4KCmpvYnM6CiAgdXBkYXRlX3JlbGVhc2VfZHJhZnQ6CiAgICBwZXJtaXNzaW9uczoKICAgICAgIyB3cml0ZSBwZXJtaXNzaW9uIGlzIHJlcXVpcmVkIHRvIGNyZWF0ZSBhIGdpdGh1YiByZWxlYXNlCiAgICAgIGNvbnRlbnRzOiB3cml0ZQogICAgICAjIHdyaXRlIHBlcm1pc3Npb24gaXMgcmVxdWlyZWQgZm9yIGF1dG9sYWJlbGVyCiAgICAgICMgb3RoZXJ3aXNlLCByZWFkIHBlcm1pc3Npb24gaXMgcmVxdWlyZWQgYXQgbGVhc3QKICAgICAgcHVsbC1yZXF1ZXN0czogd3JpdGUKICAgIHJ1bnMtb246IHVidW50dS1sYXRlc3QKICAgIHN0ZXBzOgogICAgICAjIERyYWZ0IHlvdXIgbmV4dCBSZWxlYXNlIG5vdGVzIGFzIFB1bGwgUmVxdWVzdHMgYXJlIG1lcmdlZCBpbnRvIHRoZSBkZWZhdWx0IGJyYW5jaAogICAgICAtIHVzZXM6IHJlbGVhc2UtZHJhZnRlci9yZWxlYXNlLWRyYWZ0ZXJAdjYKICAgICAgICB3aXRoOgogICAgICAgICAgY29tbWl0aXNoOiAnJHt7IGlucHV0cy5jb21taXRpc2ggfX0nCiAgICAgICAgZW52OgogICAgICAgICAgR0lUSFVCX1RPS0VOOiAke3sgc2VjcmV0cy5HSVRIVUJfVE9LRU4gfX0K" | base64 -d
# Get the commit SHA
echo "fae5593179f0ab50401e4b42ff5a019fc488bfde"
Length of output: 1269
Add labeler workflow
Summary by CodeRabbit