Commit Graph

2 Commits

  • ci: pin third-party GitHub Actions to commit SHAs (#5972)
    Replaces every floating tag in our workflow and composite action files
    with an immutable 40-character commit SHA, keeping the original `# vX`
    comment so Dependabot can still propose version bumps. 186 occurrences
    across 25 workflows and 2 composite actions.
    
    Also widens the github-actions Dependabot entry to use the plural
    `directories` key with `/.github/actions/*` so composite actions under
    `.github/actions/<name>/action.yml` are kept up to date. Previously
    Dependabot only scanned `.github/workflows` and the repo-root
    `action.yml`, leaving our `python-setup` and `sample-validation-setup`
    composite actions unmaintained.
  • Add automated stale issue and PR follow-up ping workflow (#4776)
    * Add script to ping on stale issues/PRs
    
    * Add script to ping on stale issues/PRs
    
    * Fix stale issue/PR ping script review comments
    
    - Rename TEAM_NAME env var to TEAM_SLUG for clarity
    - Add actionable error messages for 403/404 team lookup failures
    - Add contents:read permission for actions/checkout
    - Use github.event.inputs context with fallback for scheduled runs
    - Pin PyGithub to 2.6.0 for reproducible builds
    - Fetch comments once in should_ping() to reduce API calls
    - Make ping() retry loop idempotent (track comment/label state)
    - Validate DAYS_THRESHOLD with helpful error for non-numeric input
    - Fix timezone bug: use astimezone() instead of replace(tzinfo=)
    - Add comprehensive unit tests (29 tests)
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Copilot <copilot@github.com>
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>