From 6515fedafc850c900fef9a63c325f67661744eb1 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 14:08:37 -0500 Subject: [PATCH 1/7] chore: add responded and stale issue/pr workflows Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 9 +++++++++ .github/workflows/stale_prs_and_issues.yml | 10 ++++++++++ 2 files changed, 19 insertions(+) create mode 100644 .github/workflows/responded.yml create mode 100644 .github/workflows/stale_prs_and_issues.yml diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml new file mode 100644 index 00000000..eb5edc90 --- /dev/null +++ b/.github/workflows/responded.yml @@ -0,0 +1,9 @@ +name: Contributor Responded +on: + issue_comment: + types: [created, edited] + +jobs: + label-new-prs: + uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml new file mode 100644 index 00000000..899ce1a4 --- /dev/null +++ b/.github/workflows/stale_prs_and_issues.yml @@ -0,0 +1,10 @@ +name: 'Check stale issues/PRs.' +on: + schedule: + # Run every hour on the hour + - cron: '0 * * * *' + +jobs: + label-new-prs: + uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline + secrets: inherit \ No newline at end of file From 7113d810eeceedd4386f332726665b2c82d71f95 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 14:44:31 -0500 Subject: [PATCH 2/7] chore: use explicit GITHUB_TOKEN instead of secrets inherit for security Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 3 ++- .github/workflows/stale_prs_and_issues.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index eb5edc90..592a16e5 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -6,4 +6,5 @@ on: jobs: label-new-prs: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline - secrets: inherit \ No newline at end of file + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 899ce1a4..6c448902 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -7,4 +7,5 @@ on: jobs: label-new-prs: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline - secrets: inherit \ No newline at end of file + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 2bbb6939a94a8538ba8acdc69a136f327f47e5dd Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 15:13:12 -0500 Subject: [PATCH 3/7] chore: improve job names in workflow files Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 2 +- .github/workflows/stale_prs_and_issues.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 592a16e5..7d5afcfa 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -4,7 +4,7 @@ on: types: [created, edited] jobs: - label-new-prs: + check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline secrets: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 6c448902..35b6d4c8 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -5,7 +5,7 @@ on: - cron: '0 * * * *' jobs: - label-new-prs: + check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline secrets: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From ea7e1c5b7c2781fc24fbeb3715a068b114b4fcb5 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 15:25:44 -0500 Subject: [PATCH 4/7] chore: add minimal required permissions to workflows Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 5 +++++ .github/workflows/stale_prs_and_issues.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 7d5afcfa..18c3b0cb 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -3,6 +3,11 @@ on: issue_comment: types: [created, edited] +permissions: + issues: write + pull-requests: write + contents: read + jobs: check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 35b6d4c8..eaf13b2f 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -4,6 +4,11 @@ on: # Run every hour on the hour - cron: '0 * * * *' +permissions: + issues: write + pull-requests: write + contents: read + jobs: check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline From 33098784da4498989d0e736f147920c76a606b5c Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 15:31:07 -0500 Subject: [PATCH 5/7] chore: remove permissions blocks, will be set in reusable workflows Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 5 ----- .github/workflows/stale_prs_and_issues.yml | 5 ----- 2 files changed, 10 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 18c3b0cb..7d5afcfa 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -3,11 +3,6 @@ on: issue_comment: types: [created, edited] -permissions: - issues: write - pull-requests: write - contents: read - jobs: check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index eaf13b2f..35b6d4c8 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -4,11 +4,6 @@ on: # Run every hour on the hour - cron: '0 * * * *' -permissions: - issues: write - pull-requests: write - contents: read - jobs: check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline From 5a142036fe4bdb99c19c4ed001c4f28aafb606ad Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Fri, 29 Aug 2025 16:35:08 -0500 Subject: [PATCH 6/7] chore: improve YAML formatting in workflow files Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 12 ++++++------ .github/workflows/stale_prs_and_issues.yml | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 7d5afcfa..10305b67 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -1,10 +1,10 @@ name: Contributor Responded on: - issue_comment: - types: [created, edited] + issue_comment: + types: [created, edited] jobs: - check-for-response: - uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + check-for-response: + uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index 35b6d4c8..e0463ad2 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -5,7 +5,7 @@ on: - cron: '0 * * * *' jobs: - check-for-stales: - uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + check-for-stales: + uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 9778f5bf630777fb8d06a0113850eebdf49a8126 Mon Sep 17 00:00:00 2001 From: Charles Moore <122481442+moorec-aws@users.noreply.github.com> Date: Thu, 4 Sep 2025 12:40:46 -0500 Subject: [PATCH 7/7] chore: stale workflows do not need to pass secrets Signed-off-by: Charles Moore <122481442+moorec-aws@users.noreply.github.com> --- .github/workflows/responded.yml | 2 -- .github/workflows/stale_prs_and_issues.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/.github/workflows/responded.yml b/.github/workflows/responded.yml index 10305b67..a25d0988 100644 --- a/.github/workflows/responded.yml +++ b/.github/workflows/responded.yml @@ -6,5 +6,3 @@ on: jobs: check-for-response: uses: OpenJobDescription/.github/.github/workflows/reusable_responded.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale_prs_and_issues.yml b/.github/workflows/stale_prs_and_issues.yml index e0463ad2..9b465db1 100644 --- a/.github/workflows/stale_prs_and_issues.yml +++ b/.github/workflows/stale_prs_and_issues.yml @@ -7,5 +7,3 @@ on: jobs: check-for-stales: uses: OpenJobDescription/.github/.github/workflows/reusable_stale_prs_and_issues.yml@mainline - secrets: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}