github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-04-11 06:52:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f0c5a28fa05adcda89aebcb449d897245ab21fa4
langchain/.github/workflows/close_unchecked_issues.yml
Mason Daugherty 6443612fa3 ci: pin all actions to full-length commit SHAs (#36621) 
Pin all remaining GitHub Actions references to full-length commit SHAs,
matching the convention already established by third-party actions in
this repo. This is a prerequisite for enabling GitHub's "Require actions
to be pinned to a full-length commit SHA" repository ruleset, which
mitigates tag-hijacking supply chain attacks.
2026-04-08 19:02:58 -04:00

107 lines
3.7 KiB
YAML
Raw Blame History

# Auto-close issues that bypass or ignore the issue template checkboxes.
#
# GitHub issue forms enforce `required: true` checkboxes in the web UI,
# but the API bypasses form validation entirely — bots/scripts can open
# issues with every box unchecked or skip the template altogether.
#
# Rules:
# 1. Checkboxes present, none checked → close
# 2. No checkboxes at all → close unless author is an org member or bot
#
# Org membership check reuses the shared helper from pr-labeler.js and
# the same GitHub App used by tag-external-issues.yml.
name: Close Unchecked Issues
on:
issues:
types: [opened]
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.issue.number }}
cancel-in-progress: true
jobs:
check-boxes:
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3
with:
app-id: ${{ secrets.ORG_MEMBERSHIP_APP_ID }}
private-key: ${{ secrets.ORG_MEMBERSHIP_APP_PRIVATE_KEY }}
- name: Validate issue checkboxes
if: steps.app-token.outcome == 'success'
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
github-token: ${{ steps.app-token.outputs.token }}
script: |
const body = context.payload.issue.body ?? '';
const checked = (body.match(/- \[x\]/gi) || []).length;
if (checked > 0) {
console.log(`Found ${checked} checked checkbox(es) — OK`);
return;
}
const unchecked = (body.match(/- \[ \]/g) || []).length;
// No checkboxes at all — allow org members and bots, close everyone else
if (unchecked === 0) {
const { owner, repo } = context.repo;
const { h } = require('./.github/scripts/pr-labeler.js').loadAndInit(github, owner, repo, core);
const author = context.payload.sender.login;
const { isExternal } = await h.checkMembership(
author, context.payload.sender.type,
);
if (!isExternal) {
console.log(`No checkboxes, but ${author} is internal — OK`);
return;
}
console.log(`No checkboxes and ${author} is external — closing`);
} else {
console.log(`Found 0 checked and ${unchecked} unchecked checkbox(es) — closing`);
}
const { owner, repo } = context.repo;
const issue_number = context.payload.issue.number;
const reason = unchecked > 0
? 'none of the required checkboxes were checked'
: 'no issue template was used';
// Close before commenting — a closed issue without a comment is
// less confusing than an open issue with a false "auto-closed" message
// if the second API call fails.
await github.rest.issues.update({
owner,
repo,
issue_number,
state: 'closed',
state_reason: 'not_planned',
});
await github.rest.issues.createComment({
owner,
repo,
issue_number,
body: [
`This issue was automatically closed because ${reason}.`,
'',
`Please use one of the [issue templates](https://github.com/${owner}/${repo}/issues/new/choose) and complete the checklist.`,
].join('\n'),
});
Reference in New Issue View Git Blame Copy Permalink