ci: auto-assign PR to its author#6538
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review infoConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
WalkthroughA GitHub Actions workflow is added to auto-assign the PR author when a pull request is opened in the trezor/trezor-firmware repository. The workflow runs a JavaScript snippet (actions/github-script@v8) that reads the PR author's login and calls the Issues API to add the author as an assignee. It includes error handling that logs a non-fatal message if the assignment fails (for example, if the author isn't a collaborator). The workflow requests Sequence Diagram(s)sequenceDiagram
participant Workflow as GitHub Actions Workflow
participant Script as actions/github-script
participant API as GitHub REST API (Issues)
participant Repo as Repository (Issue/PR)
Workflow->>Script: trigger on pull_request opened (PR `#N`)
Script->>API: GET pull request author (login)
API-->>Script: returns author login
Script->>API: POST issues.addAssignees{owner, repo, issue_number, assignees:[login]}
API-->>Script: 200 OK or error
Script->>Workflow: log success or non-fatal error
Script->>Repo: author added as assignee (if successful)
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
| model | device_test | click_test | persistence_test |
|---|---|---|---|
| T2T1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
| T3B1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
| T3T1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
| T3W1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
Latest CI run: 22511359114
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/bot-auto-assign.yml (1)
17-17: Pinactions/github-scriptto a full commit SHA.Line 17 uses a mutable tag (
@v8). Pinning to a SHA improves supply-chain integrity and reproducibility.Suggested change
- - name: Assign PR author to PR - uses: actions/github-script@v8 + - name: Assign PR author to PR + uses: actions/github-script@<FULL_COMMIT_SHA> # v8🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/bot-auto-assign.yml at line 17, Replace the mutable actions/github-script@v8 reference with a pinned full commit SHA: locate the workflow step that says "uses: actions/github-script@v8" and update it to use the specific commit SHA for that release (e.g., actions/github-script@<full-commit-sha>) so the workflow is immutable and reproducible; ensure you choose the official commit SHA from the actions/github-script repository and run/validate the workflow after updating.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/bot-auto-assign.yml:
- Around line 22-31: The try/catch currently swallows all failures; change the
add-assignee logic to capture and inspect the API response from
github.rest.issues.addAssignees (e.g., the returned response object and its
data/assignees or status) to detect when the API accepted the request but did
not actually add the user (non-collaborator) and log that case with core.info
including author, while only treating true API/network/authentication errors
(non-2xx responses or thrown exceptions) as errors (use core.error or rethrow).
Locate the call to github.rest.issues.addAssignees and the surrounding catch
block and update handling to check response.data.assignees (or response.status)
for the presence of author before deciding between core.info and core.error.
---
Nitpick comments:
In @.github/workflows/bot-auto-assign.yml:
- Line 17: Replace the mutable actions/github-script@v8 reference with a pinned
full commit SHA: locate the workflow step that says "uses:
actions/github-script@v8" and update it to use the specific commit SHA for that
release (e.g., actions/github-script@<full-commit-sha>) so the workflow is
immutable and reproducible; ensure you choose the official commit SHA from the
actions/github-script repository and run/validate the workflow after updating.
[no changelog]
M1nd3r
force-pushed
the
m1nd3r/auto-assing-pr-s
branch
from
61577a8 to
79fc2ab
Compare
|
We have some process automation which is configured directly in Github web UI. If not, then we can merge this :) |
@mmilata There is also the existence of a third bot - |
|
The built-in workflows don't have this option, so this is the way to go. 👍 |
4 participants
This PR adds an action that auto-assigns opened PR to its author.
This implementation uses
actions/github-script@v8.Alternatively, we could use Auto Assign Action that was developed by kentaro-m. I have opted for not adding a new dependency - even though the repository exist for more than 7 years and seems to be actively maintained.