mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
c9e6033048
* Automated issue triage workflow * Bump dependencies * Fix issue-triage workflow: security, reliability, and testability Address six review comments on the issue-triage workflow: 1. Change trigger from issues:opened to issues:labeled so the secret-backed triage flow is only triggered by a maintainer- controlled signal. 2. Include inputs.issue_number in the concurrency group so workflow_dispatch runs for the same issue are properly de-duplicated. 3. Improve team membership error handling to fail closed: verify the team exists before checking membership, and only treat a 404 as 'not a member' (all other errors fail the job). 4. Use optional chaining (issue.user?.login) for the API-fetched issue to handle deleted GitHub accounts without crashing. 5. Extract the inline github-script into a testable module at .github/scripts/check_team_membership.js with 10 tests in .github/tests/test_check_team_membership.js covering all code paths (payload/API author resolution, deleted accounts, team lookup failure, 404 vs non-404 membership errors). 6. Make the spam gate actually stop the job by exiting non-zero instead of just logging, so future steps cannot accidentally run for spam issues. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Make issue-triage workflow manually triggered only for initial testing Remove the 'issues' event trigger, keeping only 'workflow_dispatch' so the workflow can be tested manually before enabling automatic triggers. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <copilot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
62 lines
1.9 KiB
JavaScript
62 lines
1.9 KiB
JavaScript
// Copyright (c) Microsoft. All rights reserved.
|
|
|
|
/**
|
|
* Resolve the issue author and check their team membership.
|
|
*
|
|
* @param {object} opts
|
|
* @param {object} opts.github - Octokit REST client from actions/github-script
|
|
* @param {object} opts.context - GitHub Actions context
|
|
* @param {object} opts.core - GitHub Actions core toolkit
|
|
* @param {string} opts.teamSlug - Team slug to check membership against
|
|
* @param {string|number} opts.issueNumber - Issue number to resolve author for
|
|
* @returns {Promise<{author: string|null, isTeamMember: boolean}>}
|
|
*/
|
|
async function checkTeamMembership({ github, context, core, teamSlug, issueNumber }) {
|
|
let author = context.payload.issue?.user?.login;
|
|
if (!author) {
|
|
const { data: issue } = await github.rest.issues.get({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: Number(issueNumber),
|
|
});
|
|
author = issue.user?.login;
|
|
}
|
|
|
|
if (!author) {
|
|
core.setFailed('Could not determine issue author (user may be deleted).');
|
|
return { author: null, isTeamMember: false };
|
|
}
|
|
|
|
try {
|
|
await github.rest.teams.getByName({
|
|
org: context.repo.owner,
|
|
team_slug: teamSlug,
|
|
});
|
|
} catch (error) {
|
|
core.setFailed(`Team lookup failed for ${teamSlug}: ${error.message}`);
|
|
throw error;
|
|
}
|
|
|
|
let isTeamMember = false;
|
|
try {
|
|
const teamMembership = await github.rest.teams.getMembershipForUserInOrg({
|
|
org: context.repo.owner,
|
|
team_slug: teamSlug,
|
|
username: author,
|
|
});
|
|
isTeamMember = teamMembership.data.state === 'active';
|
|
} catch (error) {
|
|
if (error.status === 404) {
|
|
core.info(`Author ${author} is not a member of team ${teamSlug}.`);
|
|
isTeamMember = false;
|
|
} else {
|
|
core.setFailed(`Team membership lookup failed for ${author}: ${error.message}`);
|
|
throw error;
|
|
}
|
|
}
|
|
|
|
return { author, isTeamMember };
|
|
}
|
|
|
|
module.exports = checkTeamMembership;
|