From c383ba7728277ca1bdaaf2832861f7e341be3e5e Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 14:08:34 -0500 Subject: [PATCH 1/7] chore: add responded and stale issue/pr workflows Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 9 +++++++++ .github/workflows/stale_prs_and_issues.yml | 10 ++++++++++ 2 files changed, 19 insertions(+) create mode 100644 .github/workflows/responded.yml create mode 100644 .github/workflows/stale_prs_and_issues.yml diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml new file mode 100644 index 0000000..eb5edc9 --- /dev/null +++ b/.github/workflows/responded.yml @@ -0,0 +1,9 @@ +name: Contributor Responded +on: + issue_comment: + types: [created, edited] + +jobs: + label-new-prs: + uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml new file mode 100644 index 0000000..899ce1a --- /dev/null +++ b/.github/workflows/stale_prs_and_issues.yml @@ -0,0 +1,10 @@ +name: 'Check stale issues/PRs.' +on: + schedule: + # Run every hour on the hour + - cron: '0 * * * *' + +jobs: + label-new-prs: + uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline + secrets: inherit \ No newline at end of file From 3fc34d313ae02f1bdefde1bc6f3a1611b39d7726 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 14:44:29 -0500 Subject: [PATCH 2/7] chore: use explicit GITHUB_TOKEN instead of secrets inherit for security Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 3 ++- .github/workflows/stale_prs_and_issues.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index eb5edc9..592a16e 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -6,4 +6,5 @@ on: jobs: label-new-prs: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline - secrets: inherit \ No newline at end of file + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 899ce1a..6c44890 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -7,4 +7,5 @@ on: jobs: label-new-prs: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline - secrets: inherit \ No newline at end of file + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From e5c3e77ec3945e26dd8e785b5c64ccf4ff42d5f0 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 15:13:09 -0500 Subject: [PATCH 3/7] chore: improve job names in workflow files Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 2 +- .github/workflows/stale_prs_and_issues.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 592a16e..7d5afcf 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -4,7 +4,7 @@ on: types: [created, edited] jobs: - label-new-prs: + check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline secrets: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 6c44890..35b6d4c 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -5,7 +5,7 @@ on: - cron: '0 * * * *' jobs: - label-new-prs: + check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline secrets: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 25513feb15eb74a10df4b7d0e85d262facabf687 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 15:25:41 -0500 Subject: [PATCH 4/7] chore: add minimal required permissions to workflows Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 5 +++++ .github/workflows/stale_prs_and_issues.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 7d5afcf..18c3b0c 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -3,6 +3,11 @@ on: issue_comment: types: [created, edited] +permissions: + issues: write + pull-requests: write + contents: read + jobs: check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 35b6d4c..eaf13b2 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -4,6 +4,11 @@ on: # Run every hour on the hour - cron: '0 * * * *' +permissions: + issues: write + pull-requests: write + contents: read + jobs: check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline From d8b8ea14e2dddebb0392af7774c962a315bfdb01 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 15:31:04 -0500 Subject: [PATCH 5/7] chore: remove permissions blocks, will be set in reusable workflows Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 5 ----- .github/workflows/stale_prs_and_issues.yml | 5 ----- 2 files changed, 10 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 18c3b0c..7d5afcf 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -3,11 +3,6 @@ on: issue_comment: types: [created, edited] -permissions: - issues: write - pull-requests: write - contents: read - jobs: check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index eaf13b2..35b6d4c 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -4,11 +4,6 @@ on: # Run every hour on the hour - cron: '0 * * * *' -permissions: - issues: write - pull-requests: write - contents: read - jobs: check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline From 257f4d97a185cbe5343d1b4d4ca6470859f7b0c9 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 16:35:05 -0500 Subject: [PATCH 6/7] chore: improve YAML formatting in workflow files Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 12 ++++++------ .github/workflows/stale_prs_and_issues.yml | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 7d5afcf..10305b6 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -1,10 +1,10 @@ name: Contributor Responded on: - issue_comment: - types: [created, edited] + issue_comment: + types: [created, edited] jobs: - check-for-response: - uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + check-for-response: + uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 35b6d4c..e0463ad 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -5,7 +5,7 @@ on: - cron: '0 * * * *' jobs: - check-for-stales: - uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + check-for-stales: + uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 7d1d232cc2b55eae28c10829161537a44fe2c106 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Thu, 4 Sep 2025 12:40:36 -0500 Subject: [PATCH 7/7] chore: stale workflows do not need to pass secrets Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 2 -- .github/workflows/stale_prs_and_issues.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 10305b6..a25d098 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -6,5 +6,3 @@ on: jobs: check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index e0463ad..9b465db 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -7,5 +7,3 @@ on: jobs: check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}