chore: rename missing linked issue files and enhance LinkBot with clickable links #1285
Conversation
…ckable links - Renamed .github/workflows/pr-missing-linked-issue.yml to bot-pr-missing-linked-issue.yml - Renamed .github/scripts/pr_missing_linked_issue.js to bot_pr_missing_linked_issue.js - Updated require statement to reference new script name - Converted documentation paths to clickable GitHub hyperlinks Signed-off-by: Danish Ali <[email protected]>
…issue files and enhance LinkBot with clickable links Signed-off-by: Danish Ali <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR renames the LinkBot workflow and script files to follow the "bot-" naming prefix convention, and enhances the bot's PR comment with clickable hyperlinks to documentation, improving user experience when linking issues to pull requests.
- Renamed workflow file from
pr-missing-linked-issue.ymltobot-pr-missing-linked-issue.yml - Renamed script file from
pr_missing_linked_issue.jstobot_pr_missing_linked_issue.js - Updated documentation references in bot comments to clickable GitHub URLs
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| CHANGELOG.md | Added entry documenting the file renames and enhancement to LinkBot comments |
| .github/workflows/bot-pr-missing-linked-issue.yml | Updated concurrency group name and script require path to reflect new naming |
| .github/scripts/bot_pr_missing_linked_issue.js | Enhanced bot message with clickable hyperlinks to documentation using GitHub URL format |
Comments suppressed due to low confidence (1)
.github/workflows/bot-pr-missing-linked-issue.yml:34
- The script filename uses underscores (bot_pr_missing_linked_issue.js), which is inconsistent with other bot scripts in the same directory that use dashes (bot-mentor-assignment.js and bot-merge-conflict.js). Consider renaming to bot-pr-missing-linked-issue.js to maintain consistency with the established naming pattern for bot scripts.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
📝 WalkthroughWalkthroughThe pull request renames GitHub workflow and script files for naming consistency, updates corresponding import references and configuration identifiers, enhances documentation links with Markdown hyperlinks, and documents these changes in the changelog. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Pre-merge checks and finishing touches✅ Passed checks (5 passed)
✨ Finishing touches
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro 📒 Files selected for processing (3)
🧰 Additional context used📓 Path-based instructions (2).github/workflows/**/*⚙️ CodeRabbit configuration file
Files:
.github/scripts/**/*.js⚙️ CodeRabbit configuration file
Files:
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
🔇 Additional comments (2)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (4)
.github/scripts/bot_pr_missing_linked_issue.js (2)
1-44: Add error handling for all async operations.The script lacks try/catch blocks around async GitHub API calls. If an API call fails (network issues, rate limits, permission errors), the workflow will fail without helpful context.
As per coding guidelines, all async operations MUST be wrapped in try/catch, and errors MUST include contextual metadata.
🔎 Proposed fix adding error handling
module.exports = async ({ github, context }) => { + try { const body = context.payload.pull_request.body || ""; const regex = /\bFixes\s*:?\s*(#\d+)(\s*,\s*#\d+)*/i; const comments = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.payload.pull_request.number, + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.payload.pull_request.number, }); const alreadyCommented = comments.data.some(comment => comment.body.includes("this is LinkBot") ); if (alreadyCommented) { return; } if (!regex.test(body)) { await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: context.payload.pull_request.number, body: [ `Hi @${context.payload.pull_request.user.login}, this is **LinkBot** 👋`, ``, `Linking pull requests to issues helps us significantly with reviewing pull requests and keeping the repository healthy.`, ``, `🚨 **This pull request does not have an issue linked.**`, ``, `Please link an issue using the following format:`, `- Fixes #123`, ``, `📖 Guide:`, `[docs/sdk_developers/training/workflow/how_to_link_issues.md](https://github.com/${context.repo.owner}/${context.repo.repo}/blob/main/docs/sdk_developers/training/workflow/how_to_link_issues.md)`, ``, `If no issue exists yet, please create one:`, `[docs/sdk_developers/creating_issues.md](https://github.com/${context.repo.owner}/${context.repo.repo}/blob/main/docs/sdk_developers/creating_issues.md)`, ``, `Thanks!` ].join('\n') }); } + } catch (error) { + console.error(`LinkBot error processing PR #${context.payload.pull_request?.number || 'unknown'}:`, error); + throw error; + } };
8-8: Validate payload fields before use.Line 8 (and Lines 23, 25) use
context.payload.pull_requestfields without validation. As per coding guidelines, allcontext.payloadfields MUST be validated before use to prevent runtime errors.🔎 Proposed fix adding validation
module.exports = async ({ github, context }) => { + // Validate required payload fields + if (!context.payload.pull_request) { + throw new Error('Missing pull_request in payload'); + } + if (!context.payload.pull_request.number) { + throw new Error('Missing pull_request.number in payload'); + } + if (!context.payload.pull_request.user?.login) { + throw new Error('Missing pull_request.user.login in payload'); + } + const body = context.payload.pull_request.body || ""; const regex = /\bFixes\s*:?\s*(#\d+)(\s*,\s*#\d+)*/i;.github/workflows/bot-pr-missing-linked-issue.yml (2)
1-35: Add dry-run support for safe testing.As per coding guidelines PRIORITY 3, workflows that mutate GitHub state (this workflow creates comments) MUST support dry-run mode. This allows safe testing without actually posting comments.
🔎 Proposed implementation of dry-run support
name: PR Missing Linked Issue Reminder on: pull_request: types: [opened, edited, reopened] + workflow_dispatch: + inputs: + dry_run: + description: 'Run in dry-run mode (no comments will be posted)' + required: false + default: 'true' + type: choice + options: + - 'true' + - 'false' permissions: pull-requests: write contents: read jobs: check-linked-issue: runs-on: ubuntu-latest concurrency: group: bot-pr-missing-linked-issue-${{ github.event.pull_request.number }} cancel-in-progress: true steps: - name: Harden the runner uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Check PR body for linked issue env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }} uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | + const isDryRun = process.env.DRY_RUN === 'true'; + if (isDryRun) { + console.log('🔍 DRY-RUN MODE: No comments will be posted'); + } const script = require('./.github/scripts/bot_pr_missing_linked_issue.js'); - await script({ github, context }); + await script({ github, context, isDryRun });Then update the script to check
isDryRunbefore callingcreateComment.
1-2: Add a top-level comment documenting the workflow objective.As per coding guidelines PRIORITY 1, each workflow should document its objective in a top-level comment for clarity and maintainability.
🔎 Proposed documentation comment
+# This workflow checks if pull requests have linked issues using the "Fixes #123" format. +# If no linked issue is found, LinkBot posts a comment with guidance and documentation links. +# The workflow runs on PR open, edit, and reopen events. + name: PR Missing Linked Issue Reminder on:
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.github/scripts/bot_pr_missing_linked_issue.js.github/workflows/bot-pr-missing-linked-issue.ymlCHANGELOG.md
🧰 Additional context used
📓 Path-based instructions (2)
.github/workflows/**/*
⚙️ CodeRabbit configuration file
.github/workflows/**/*: Review workflows as security-sensitive infrastructure.A good workflow is small, focused, and boring.
If a workflow is clever, generic, or overly flexible, it is a risk.
PRIORITY 0 — ABSOLUTE REQUIREMENTS
- All third-party actions MUST be pinned to full commit SHAs, similar to other workflows.
permissions:MUST be explicitly declared and minimally scoped.- Workflows MUST behave safely when executed from forks.
- YAML MUST orchestrate steps, not implement business logic.
- Any workflow that mutates GitHub state MUST support dry-run mode.
- Dry-run behavior must be explicit and visible in logs.
- Workflows MUST NOT modify repository source code outside
.github/.
PRIORITY 1 — SCOPE, FOCUS & RESTRAINT
- The title of each workflow must be relevant, match similar naming schemes, and match its script filename.
- Each workflow MUST have a single, clearly defined objective and SHOULD document this in a top-level comment.
- Flag workflows that:
- Attempt to be generic “frameworks”
- Include speculative or future-facing logic
- Perform actions unrelated to the stated goal
- Over-abstraction and excess flexibility are maintenance risks.
PRIORITY 2 — INPUT HARDENING
- Treat ALL GitHub event data as potentially hostile input, including:
- issue titles, bodies, and comments
- labels, usernames, branch names
- Free-form user input MUST NOT be passed directly into:
- shell commands
- gh CLI arguments
- Node.js exec / spawn calls
- Require strict allowlists or exact string matches.
- Flag any use of:
- eval or bash -c
- backticks or $(...) with user-controlled input
------------------...
Files:
.github/workflows/bot-pr-missing-linked-issue.yml
.github/scripts/**/*.js
⚙️ CodeRabbit configuration file
.github/scripts/**/*.js: Review JavaScript scripts as long-lived automation code.Scripts must remain:
Focused
Readable
Purpose-built
All
context.payloadfields MUST be validatedFree-form text MUST NOT be trusted
Dynamic code execution is prohibited
Avoid
child_process.exec; preferexecFileif neededAll async operations MUST be wrapped in try/catch
Errors MUST include contextual metadata
Duplicate API calls MUST be avoided
Marker-based deduplication is required
Scripts MUST NOT assume write access
Permission failures MUST be handled gracefully
Files:
.github/scripts/bot_pr_missing_linked_issue.js
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: Agent
- GitHub Check: Codacy Static Code Analysis
- GitHub Check: StepSecurity Harden-Runner
🔇 Additional comments (4)
.github/workflows/bot-pr-missing-linked-issue.yml (2)
16-16: LGTM! Concurrency group naming is consistent.The concurrency group has been correctly updated to match the new workflow naming convention with the "bot-" prefix.
34-34: LGTM! Script path correctly updated.The require statement now correctly references the renamed script file
bot_pr_missing_linked_issue.js.CHANGELOG.md (1)
121-121: LGTM! Changelog entry is accurate and well-formatted.The changelog entry correctly documents both the file renaming and the LinkBot enhancement with clickable hyperlinks. It's properly placed in the "Changed" section and includes the issue reference.
.github/scripts/bot_pr_missing_linked_issue.js (1)
35-38: Both documentation files referenced in the hyperlinks exist and are accessible in the repository.
Signed-off-by: Danish Ali <[email protected]>
Codecov Report✅ All modified and coverable lines are covered by tests. @@ Coverage Diff @@
## main #1285 +/- ##
=======================================
Coverage 91.79% 91.79%
=======================================
Files 139 139
Lines 8466 8466
=======================================
Hits 7771 7771
Misses 695 695 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
.github/workflows/bot-pr-missing-linked-issue.yml (2)
1-1: Consider aligning the workflow title with the filename.The workflow filename is
bot-pr-missing-linked-issue.ymland the script isbot-pr-missing-linked-issue.js, but the title is "PR Missing Linked Issue Reminder" without the "bot" prefix. For consistency and easier identification, consider updating the title to match the naming scheme.🔎 Proposed change
-name: PR Missing Linked Issue Reminder +name: Bot - PR Missing Linked Issue ReminderBased on coding guidelines: "The title of each workflow must be relevant, match similar naming schemes, and match its script filename."
3-44: Add dry-run support for safe testing and operational flexibility.This workflow mutates GitHub state by creating comments. Per repository guidelines, workflows that mutate state must support dry-run mode with explicit logging and safe behavior.
🔎 Recommended implementation
Add a
workflow_dispatchinput with adry_runparameter and pass it to the script:on: pull_request: types: [opened, edited, reopened] + workflow_dispatch: + inputs: + dry_run: + description: 'Run in dry-run mode (no comments posted)' + required: false + default: 'true' + type: choice + options: + - 'true' + - 'false'Then pass the dry-run flag to the script:
- name: Check PR body for linked issue env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }} uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0Update the script to respect the
DRY_RUNenvironment variable by logging the intended action instead of posting comments whenDRY_RUN=true.Based on coding guidelines: "Any workflow that mutates GitHub state MUST support dry-run mode."
.github/scripts/bot-pr-missing-linked-issue.js (1)
1-44: Wrap async operations in try/catch for robust error handling.The script performs multiple async API calls without error handling. If any API call fails (due to network issues, rate limiting, or permission problems), the workflow will crash with an unhelpful error message.
🔎 Proposed error handling structure
module.exports = async ({ github, context }) => { + try { const body = context.payload.pull_request.body || ""; const regex = /\bFixes\s*:?\s*(#\d+)(\s*,\s*#\d+)*/i; const comments = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.payload.pull_request.number, + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.payload.pull_request.number, }); const alreadyCommented = comments.data.some(comment => comment.body.includes("this is LinkBot") ); if (alreadyCommented) { + console.log('LinkBot has already commented on this PR. Skipping.'); return; } if (!regex.test(body)) { await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: context.payload.pull_request.number, body: [ // ... comment body ... ].join('\n') }); + console.log(`LinkBot commented on PR #${context.payload.pull_request.number}`); + } else { + console.log('PR has a linked issue. No comment needed.'); } + } catch (error) { + console.error('LinkBot encountered an error:', { + message: error.message, + status: error.status, + pr_number: context.payload.pull_request?.number, + repo: `${context.repo.owner}/${context.repo.repo}` + }); + // Re-throw to fail the workflow with clear context + throw error; + } };Based on coding guidelines: "All async operations MUST be wrapped in try/catch. Errors MUST include contextual metadata."
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
.github/scripts/bot-pr-missing-linked-issue.js.github/workflows/bot-pr-missing-linked-issue.ymlCHANGELOG.md
🧰 Additional context used
📓 Path-based instructions (2)
.github/workflows/**/*
⚙️ CodeRabbit configuration file
.github/workflows/**/*: Review workflows as security-sensitive infrastructure.A good workflow is small, focused, and boring.
If a workflow is clever, generic, or overly flexible, it is a risk.
PRIORITY 0 — ABSOLUTE REQUIREMENTS
- All third-party actions MUST be pinned to full commit SHAs, similar to other workflows.
permissions:MUST be explicitly declared and minimally scoped.- Workflows MUST behave safely when executed from forks.
- YAML MUST orchestrate steps, not implement business logic.
- Any workflow that mutates GitHub state MUST support dry-run mode.
- Dry-run behavior must be explicit and visible in logs.
- Workflows MUST NOT modify repository source code outside
.github/.
PRIORITY 1 — SCOPE, FOCUS & RESTRAINT
- The title of each workflow must be relevant, match similar naming schemes, and match its script filename.
- Each workflow MUST have a single, clearly defined objective and SHOULD document this in a top-level comment.
- Flag workflows that:
- Attempt to be generic “frameworks”
- Include speculative or future-facing logic
- Perform actions unrelated to the stated goal
- Over-abstraction and excess flexibility are maintenance risks.
PRIORITY 2 — INPUT HARDENING
- Treat ALL GitHub event data as potentially hostile input, including:
- issue titles, bodies, and comments
- labels, usernames, branch names
- Free-form user input MUST NOT be passed directly into:
- shell commands
- gh CLI arguments
- Node.js exec / spawn calls
- Require strict allowlists or exact string matches.
- Flag any use of:
- eval or bash -c
- backticks or $(...) with user-controlled input
------------------...
Files:
.github/workflows/bot-pr-missing-linked-issue.yml
.github/scripts/**/*.js
⚙️ CodeRabbit configuration file
.github/scripts/**/*.js: Review JavaScript scripts as long-lived automation code.Scripts must remain:
Focused
Readable
Purpose-built
All
context.payloadfields MUST be validatedFree-form text MUST NOT be trusted
Dynamic code execution is prohibited
Avoid
child_process.exec; preferexecFileif neededAll async operations MUST be wrapped in try/catch
Errors MUST include contextual metadata
Duplicate API calls MUST be avoided
Marker-based deduplication is required
Scripts MUST NOT assume write access
Permission failures MUST be handled gracefully
Files:
.github/scripts/bot-pr-missing-linked-issue.js
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Codacy Static Code Analysis
🔇 Additional comments (2)
CHANGELOG.md (1)
121-121: LGTM! Clear and accurate changelog entry.The changelog entry correctly documents the file renames and the hyperlink enhancement. The reference to issue #1264 is helpful for tracking context.
.github/scripts/bot-pr-missing-linked-issue.js (1)
35-35: Excellent enhancement! The clickable hyperlinks improve user experience.Converting the documentation paths to GitHub hyperlinks makes it much easier for contributors to access the guides directly from the bot comment.
Also applies to: 38-38
|
Thanks so much @DAShaikh10 ! |
|
Thanks for the opportunity to contribute! |
2 participants
Description:
Rename
pr-missing-linked-issue.ymlandpr_missing_linked_issue.jstobot-pr-missing-linked-issue.ymlandbot_pr_missing_linked_issue.jsrespectively. EnhanceLinkBotPR comment with clickable hyperlinks to documentation for linking issues and creating issues..github/workflows/pr-missing-linked-issue.ymltobot-pr-missing-linked-issue.yml.github/scripts/pr_missing_linked_issue.jstobot_pr_missing_linked_issue.jsRelated issue(s):
Fixes #1264
Notes for reviewer:
Checklist