Commit Graph

1 Commits

  • Automated issue triage workflow (#5419)
    * Automated issue triage workflow
    
    * Bump dependencies
    
    * Fix issue-triage workflow: security, reliability, and testability
    
    Address six review comments on the issue-triage workflow:
    
    1. Change trigger from issues:opened to issues:labeled so the
       secret-backed triage flow is only triggered by a maintainer-
       controlled signal.
    
    2. Include inputs.issue_number in the concurrency group so
       workflow_dispatch runs for the same issue are properly
       de-duplicated.
    
    3. Improve team membership error handling to fail closed: verify
       the team exists before checking membership, and only treat a
       404 as 'not a member' (all other errors fail the job).
    
    4. Use optional chaining (issue.user?.login) for the API-fetched
       issue to handle deleted GitHub accounts without crashing.
    
    5. Extract the inline github-script into a testable module at
       .github/scripts/check_team_membership.js with 10 tests in
       .github/tests/test_check_team_membership.js covering all
       code paths (payload/API author resolution, deleted accounts,
       team lookup failure, 404 vs non-404 membership errors).
    
    6. Make the spam gate actually stop the job by exiting non-zero
       instead of just logging, so future steps cannot accidentally
       run for spam issues.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * Make issue-triage workflow manually triggered only for initial testing
    
    Remove the 'issues' event trigger, keeping only 'workflow_dispatch' so the
    workflow can be tested manually before enabling automatic triggers.
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>