refactor(github): rename bot-inactivity workflow files

[cxhello]

Summary

Remove "-phase" suffix from bot-inactivity workflow files since the process no longer uses phased execution.

Changes

• Renamed .github/scripts/bot-inactivity-unassign-phase.sh → bot-inactivity-unassign.sh
• Renamed .github/workflows/bot-inactivity-unassign-phase.yml → bot-inactivity-unassign.yml
• Updated workflow step name to remove phase reference
• Added CHANGELOG.md entry

Test Plan

• Files renamed successfully
• Workflow file references updated script path correctly
• CHANGELOG.md entry added
• Commit includes DCO signature (Signed-off-by)
• CI checks should pass (DCO, verify-commits, etc.)

Fixes #1339

[cxhello]

@exploreriii Thank you for your patience in directing this, I have resolved the problems I encountered submitting it.

[coderabbitai]

📝 Walkthrough

Walkthrough

Two files were renamed to remove the "-phase" suffix from the bot inactivity workflow and script, reflecting that the process no longer uses phased execution. The workflow file reference to the script was updated accordingly, and a changelog entry was added documenting the change.

Changes

Cohort / File(s)	Summary
Workflow Configuration .github/workflows/bot-inactivity-unassign.yml	Job name updated from "Run unified inactivity bot (Phase 1 + Phase 2)" to "Run inactivity bot"; script reference changed from bot-inactivity-unassign-phase.sh to bot-inactivity-unassign.sh
Documentation CHANGELOG.md	Added entry under Unreleased → Changed documenting the rename of bot-inactivity workflow files to remove "-phase" suffix

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: renaming bot-inactivity workflow files by removing the '-phase' suffix, which is the primary objective of this PR.
Linked Issues check	✅ Passed	The PR addresses all coding requirements from issue #1339: both files are renamed correctly, workflow references are updated, and a CHANGELOG.md entry is added. However, DCO/GPG signing and CI test passage are pending.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the requirements in issue #1339. The modifications only include the two file renames, workflow reference updates, and changelog entry with no additional unrelated changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description directly relates to the changeset by clearly explaining the removal of '-phase' suffix from bot-inactivity workflow files and the specific files affected.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/bot-inactivity-unassign.yml (1)

32-41: LGTM! Rename successfully aligns workflow and script names.

The changes correctly update the step name and script reference to remove the "-phase" suffix. The workflow name (bot-inactivity-unassign) now matches the script filename (bot-inactivity-unassign.sh), satisfying PRIORITY 1 coding guidelines for .github/workflows files.

All security requirements are met:

• Actions pinned to full commit SHAs ✓
• Permissions explicitly scoped ✓
• Dry-run support with safe defaults ✓

---

Optional improvement for future consideration:

Consider adding a concurrency group to prevent overlapping executions:

concurrency:
  group: inactivity-unassign
  cancel-in-progress: false

This would ensure that scheduled runs or manual dispatches don't process the same issues/PRs simultaneously. (This is a pre-existing gap, not introduced by this PR.)

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7f35aef and 21a6dd1.

📒 Files selected for processing (3)

• .github/scripts/bot-inactivity-unassign.sh
• .github/workflows/bot-inactivity-unassign.yml
• CHANGELOG.md

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*

⚙️ CodeRabbit configuration file

.github/workflows/**/*: Review workflows as security-sensitive infrastructure.

A good workflow is small, focused, and boring.
If a workflow is clever, generic, or overly flexible, it is a risk.

---

PRIORITY 0 — ABSOLUTE REQUIREMENTS

• All third-party actions MUST be pinned to full commit SHAs, similar to other workflows.
• permissions: MUST be explicitly declared and minimally scoped.
• Workflows MUST behave safely when executed from forks.
• YAML MUST orchestrate steps, not implement business logic.
• Any workflow that mutates GitHub state MUST support dry-run mode.
• Dry-run behavior must be explicit and visible in logs.
• Workflows MUST NOT modify repository source code outside .github/.

---

PRIORITY 1 — SCOPE, FOCUS & RESTRAINT

• The title of each workflow must be relevant, match similar naming schemes, and match its script filename.
• Each workflow MUST have a single, clearly defined objective and SHOULD document this in a top-level comment.
• Flag workflows that:
  • Attempt to be generic “frameworks”
  • Include speculative or future-facing logic
  • Perform actions unrelated to the stated goal
• Over-abstraction and excess flexibility are maintenance risks.

---

PRIORITY 2 — INPUT HARDENING

• Treat ALL GitHub event data as potentially hostile input, including:
  • issue titles, bodies, and comments
  • labels, usernames, branch names
• Free-form user input MUST NOT be passed directly into:
  • shell commands
  • gh CLI arguments
  • Node.js exec / spawn calls
• Require strict allowlists or exact string matches.
• Flag any use of:
  • eval or bash -c
  • backticks or $(...) with user-controlled input

------------------...

Files:

• .github/workflows/bot-inactivity-unassign.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (1)

CHANGELOG.md (1)

86-86: LGTM! Changelog entry is clear and well-formatted.

The changelog entry accurately describes the refactoring, references the issue, and is properly placed in the "Changed" section under "Unreleased."

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@           Coverage Diff           @@
##             main    #1356   +/-   ##
=======================================
  Coverage   92.29%   92.29%           
=======================================
  Files         139      139           
  Lines        8515     8515           
=======================================
  Hits         7859     7859           
  Misses        656      656           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[exploreriii]

Congratulations! Thank you