mirror of
https://github.com/hwchase17/langchain.git
synced 2026-03-18 02:53:16 +00:00
360e0165ab
Extend the existing `tag-external-contributions.yml` workflow with
tiered contributor labels (`trusted-contributor` at ≥4 merged PRs,
`experienced-contributor` at ≥10) for both issues and PRs, and add a new
`pr_size_labeler.yml` workflow. The tier step piggybacks on the existing
org membership check — no additional API call for that — and the
backfill job reuses the same membership + search logic with a per-author
cache to avoid redundant calls.
## Changes
- Add a consolidated `Apply contributor tier label` step to the
`tag-external` job that handles both `pull_request_target` and `issues`
events, querying the search API for merged PR count and applying the
appropriate tier label
- Add `workflow_dispatch` trigger with `backfill_type` (prs/issues/both)
and `max_items` inputs, gated to a separate `backfill` job that iterates
open PRs and issues, applies `external`/`internal` + tier + size labels,
and uses a `contributorCache` Map to deduplicate org membership and
search API calls per author
- Add `pr_size_labeler.yml` — standalone workflow on
`pull_request_target` (opened/synchronize/reopened) that computes
changed lines excluding `docs/`, `poetry.lock`, and `uv.lock`, then
applies `size: XS`/`S`/`M`/`L`/`XL` labels (auto-created on first run
with color `b76e79`), removing stale size labels before applying the new
one
## Security notes
Both workflows use `pull_request_target` but neither checks out PR code
— all operations are GitHub API calls via `actions/github-script@v8`.
The `${{ inputs.max_items }}` interpolation is a `workflow_dispatch`
input restricted to users with write access (equivalent or greater
privilege than the workflow token). `${{ inputs.backfill_type }}` is a
`choice` type with server-side enforcement. Author values in search
queries come from GitHub API responses with restricted character sets.
No high-confidence vulnerabilities identified.