NO-JIRA: fix notify-team-to-review-pr.yml by using on: pull_request_target: to resolve 403 error
#1914
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jiridanek
added
the
tide/merge-method-squash
WalkthroughChanged a GitHub Actions workflow to trigger on Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes ✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
Status, Documentation and Community
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…rget` to resolve 403 error
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🔭 Outside diff range comments (2)
.github/workflows/notify-team-to-review-pr.yml (2)
3-5: Use pull_request_target (and consider ready_for_review) to ensure base-repo contextSwitching the trigger to pull_request_target gives the workflow the base repository token, resolving the 403 without a PAT. Optionally include ready_for_review to catch draft-to-ready transitions.
-on: # yamllint disable-line rule:truthy - pull_request: - types: [opened] +on: # yamllint disable-line rule:truthy + pull_request_target: + types: [opened, ready_for_review]
7-10: Tighten permissions to least privilege (drop issues: write)Per our prior learning, labeling PRs only requires pull-requests: write. Remove issues: write to reduce scope. Note: this only governs GITHUB_TOKEN; PAT permissions are unaffected, another reason to avoid a PAT here.
permissions: contents: read - issues: write pull-requests: write
🧹 Nitpick comments (2)
.github/workflows/notify-team-to-review-pr.yml (2)
25-30: Optionally make label creation resilient (handle missing label gracefully)If the repository doesn’t have a pre-created “review-requested” label, addLabels may 404. You can create it on-the-fly if missing.
- await github.rest.issues.addLabels({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.payload.pull_request.number, - labels: ['review-requested'] - }); + const owner = context.repo.owner; + const repo = context.repo.repo; + const issue_number = context.payload.pull_request.number; + const labelName = 'review-requested'; + try { + await github.rest.issues.addLabels({ owner, repo, issue_number, labels: [labelName] }); + } catch (e) { + if (e.status === 404) { + // Ensure the label exists, then add it + try { + await github.rest.issues.getLabel({ owner, repo, name: labelName }); + } catch (e2) { + if (e2.status === 404) { + await github.rest.issues.createLabel({ + owner, repo, name: labelName, color: 'ededed', description: 'PR review requested' + }); + } else { + throw e2; + } + } + await github.rest.issues.addLabels({ owner, repo, issue_number, labels: [labelName] }); + } else { + throw e; + } + }
7-10: If you must keep a PAT, ensure it’s fine-grained and scoped minimallyIf organizational constraints require a PAT, use a fine-grained PAT restricted to this repo with only Pull requests: Read and write (and/or Issues: Read-only if you keep Issues APIs) and set an expiration. Rotate regularly.
Would you like me to open a follow-up issue outlining:
- Migration to pull_request_target with GITHUB_TOKEN
- Least-privilege permissioning
- Label existence enforcement and tests
- PAT rotation and scope guidelines (if PAT remains)?
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/notify-team-to-review-pr.yml(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-09T09:12:44.088Z
Learning: jiridanek requested GitHub issue creation for GitHub Actions artifact naming conflict during PR #1357 review, specifically for a failing actions/upload-artifactv4 step with 409 Conflict error. Issue was created with comprehensive problem description covering artifact naming conflicts, root cause analysis of duplicate names in concurrent workflows, four solution options (enhanced naming, overwriting, conditional uploads, matrix-aware naming) with code examples, detailed acceptance criteria, implementation guidance, testing approach, and proper context linking, continuing the established pattern of systematic CI/CD and code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .github/workflows/insta-merge.yaml:1-1
Timestamp: 2025-07-09T14:41:52.874Z
Learning: jiridanek requested GitHub issue creation for YAML linting problems caused by the new GitHub Actions workflow in PR #1365, specifically addressing failures in the repository's YAML linter due to the insta-merge.yaml workflow file. Issue #1370 was successfully created with comprehensive problem description covering potential indentation, quoting, line length, and structural issues, detailed root cause analysis, four solution options (fixing current file, implementing linting rules, automated formatting, repository-wide standardization), clear acceptance criteria, implementation guidance with testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-18T07:20:47.031Z
Learning: jiridanek requested GitHub issue creation for GOPATH preservation problem in GitHub Actions workflow template during PR #1407 review. Issue #1411 was successfully created with comprehensive problem description covering sudo --preserve-env=PATH dropping GOPATH environment variable causing Go toolchain to recompile binaries unnecessarily, detailed impact analysis of performance degradation and permission pollution, multiple solution options (preserving GOPATH, GOMODCACHE, or removing sudo), clear acceptance criteria for optimization validation, implementation guidance with testing recommendations, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .github/workflows/insta-merge.yaml:1-1
Timestamp: 2025-07-09T14:41:52.874Z
Learning: jiridanek requested GitHub issue creation for YAML linting problems caused by the new GitHub Actions workflow in PR #1365, specifically addressing failures in the repository's YAML linter due to the insta-merge.yaml workflow file. Issue was created with comprehensive problem description covering potential indentation, quoting, line length, and structural issues, detailed root cause analysis, four solution options (fixing current file, implementing linting rules, automated formatting, repository-wide standardization), clear acceptance criteria, implementation guidance with testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1425
File: .github/workflows/security.yaml:23-32
Timestamp: 2025-07-22T06:00:47.032Z
Learning: jiridanek requested GitHub issue creation for Trivy security scan enforcement during PR #1425 review, specifically addressing the exit-code: '0' configuration that prevents the security workflow from failing on detected vulnerabilities. Issue #1427 was successfully created with comprehensive problem description covering security gate bypass risks, multiple solution options (immediate, phased, critical-only enforcement), detailed phased acceptance criteria, implementation guidance with testing approach, risk mitigation strategies, and proper context linking, continuing the established pattern of systematic security improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1379
File: .tekton/odh-workbench-jupyter-datascience-cpu-py312-ubi9-push.yaml:14-17
Timestamp: 2025-07-11T11:15:47.424Z
Learning: jiridanek requested GitHub issue creation for CEL filter problem in datascience workbench Tekton pipelines during PR #1379 review. Issue #1383 was successfully created with comprehensive problem description covering both Python 3.11 and 3.12 pipelines incorrectly watching jupyter/minimal directories instead of jupyter/datascience directories, detailed impact analysis of pipeline execution failures, complete solution with before/after code examples, thorough acceptance criteria for path updates and pipeline triggering verification, implementation notes about repository structure alignment, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/test/test_notebook.ipynb:22-29
Timestamp: 2025-07-02T18:27:51.097Z
Learning: jiridanek consistently creates comprehensive follow-up GitHub issues from PR review comments in opendatahub-io/notebooks, turning specific code quality concerns into systematic improvements tracked with proper context, acceptance criteria, and cross-references. Issue #1266 demonstrates this pattern by expanding a specific error handling concern in load_expected_versions() into a repository-wide improvement initiative.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .tekton/odh-workbench-jupyter-pytorch-rocm-py311-ubi9-push.yaml:9-9
Timestamp: 2025-07-09T15:10:16.532Z
Learning: jiridanek requested GitHub issue creation for YAML syntax error in Tekton PipelineRun during PR #1365 review. Issue #1371 was successfully created with comprehensive problem description covering trailing backslash causing YAML parser failure, technical details with specific error messages, impact analysis of pipeline execution breakdown, clear solution with code examples, detailed acceptance criteria, and proper notification to riprasad about automation failure, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1306
File: jupyter/trustyai/ubi9-python-3.12/test/test_notebook.ipynb:71-88
Timestamp: 2025-07-04T06:05:30.580Z
Learning: jiridanek requested GitHub issue creation for TrustyAI test notebook URL configurability and network error handling improvements during PR #1306 review. Issue #1323 was created with ⚠️ emoji in title for visibility, comprehensive problem description covering incorrect hardcoded URLs (pointing to Python 3.11 instead of 3.12), missing network error handling, maintenance burden, multiple solution options with code examples, phased acceptance criteria, implementation guidance, testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/kustomize/base/service.yaml:5-15
Timestamp: 2025-07-02T18:59:15.788Z
Learning: jiridanek creates targeted GitHub issues for specific test quality improvements identified during PR reviews in opendatahub-io/notebooks. Issue #1268 demonstrates this by converting a review comment about insufficient tf2onnx conversion test validation into a comprehensive improvement plan with clear acceptance criteria, code examples, and ROCm-specific context.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1768
File: .github/workflows/notify-team-to-review-pr.yml:6-7
Timestamp: 2025-08-10T17:18:32.253Z
Learning: When using the `github.rest.issues.addLabels` API to add labels to pull requests in GitHub Actions workflows, either `issues: write` OR `pull-requests: write` permission is sufficient. For pull requests specifically, `pull-requests: write` is the preferred permission following the principle of least privilege, even though the API endpoint is part of the Issues API.
📚 Learning: 2025-08-10T17:18:32.253Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1768
File: .github/workflows/notify-team-to-review-pr.yml:6-7
Timestamp: 2025-08-10T17:18:32.253Z
Learning: When using the `github.rest.issues.addLabels` API to add labels to pull requests in GitHub Actions workflows, either `issues: write` OR `pull-requests: write` permission is sufficient. For pull requests specifically, `pull-requests: write` is the preferred permission following the principle of least privilege, even though the API endpoint is part of the Issues API.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
🔇 Additional comments (2)
.github/workflows/notify-team-to-review-pr.yml (2)
14-14: Double-check gating logic by label nameYou’re adding label “review-requested” only when the PR does not already have label “konflux-nudge”. If that’s intentional policy, all good; otherwise consider gating on “review-requested” directly to avoid redundant API calls.
18-19: actions/github-script v7 is fineVersion selection looks good and current. No action needed.
jiridanek
force-pushed
the
jd_pat_label
branch
from
444b80c to
8b04aa2
Compare
jiridanek
changed the title
notify-team-to-review-pr.yml by using GH_ACCESS_TOKEN to resolve 403 errornotify-team-to-review-pr.yml by using on: pull_request_trigger: to resolve 403 error
jiridanek
changed the title
notify-team-to-review-pr.yml by using on: pull_request_trigger: to resolve 403 errornotify-team-to-review-pr.yml by using on: pull_request_target: to resolve 403 error
|
@coderabbitai ptal |
🧩 Analysis chainI'll review the changes in this PR that fixes the GitHub workflow authentication issue. 🏁 Script executed: Length of output: 1057 🏁 Script executed: Length of output: 263 🏁 Script executed: Length of output: 76 🏁 Script executed: Length of output: 3614 🏁 Script executed: Length of output: 2028 @jiridanek I've reviewed the changes in this PR. There appears to be some confusion in the AI summary about what was actually changed. Actual Changes MadeLooking at the workflow file, the real fix for the 403 error was not changing to
The workflow still uses
Why This Approach is CorrectThis is actually a better solution than switching to a custom
The security comment is important since RecommendationThe changes look good and correctly address the 403 authentication issue. The approach is secure and follows GitHub Actions best practices. ⛔ Permission issueThere was a permission issue. Please ask the repository administrator to refresh CodeRabbit's permissions at https://github.com/apps/coderabbitai/installations/65463290. 🧠 Learnings used✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
.github/workflows/notify-team-to-review-pr.yml (2)
19-21: Good security reminder; consider two small hardening tweaks
- Add a draft guard so draft PRs aren’t labeled prematurely.
- Tighten permissions to least-privilege at job scope (only pull-requests: write) since this job doesn’t need contents or issues permissions.
Example:
on: pull_request_target: types: [opened, reopened, ready_for_review] # optional broader coverage jobs: add-label: if: contains(github.event.pull_request.labels.*.name, 'konflux-nudge') == false permissions: pull-requests: write steps: - name: Add review-requested label if: github.event.pull_request.draft == false uses: actions/github-script@v7 with: github-token: ${{ github.token }} # ...
25-25: Using GITHUB_TOKEN is correct; consider label existence handling (defense-in-depth)actions/github-script defaults to using the workflow token, so the explicit github-token is fine but optional. One edge case: if the label doesn’t exist, addLabels may fail depending on repo settings. If that’s possible here, add a lightweight existence check and create-if-missing.
Proposed script for the same step:
with: github-token: ${{ github.token }} script: | const labelName = 'review-requested'; // Ensure label exists try { await github.rest.issues.getLabel({ owner: context.repo.owner, repo: context.repo.repo, name: labelName, }); } catch (e) { if (e.status === 404) { await github.rest.issues.createLabel({ owner: context.repo.owner, repo: context.repo.repo, name: labelName, color: '0366d6', description: 'Automatically applied when a PR is opened for review', }); } else { throw e; } } // Add the label to the PR await github.rest.issues.addLabels({ owner: context.repo.owner, repo: context.repo.repo, issue_number: context.payload.pull_request.number, labels: [labelName], });If the label is guaranteed to exist in this repo, feel free to keep the current simpler version.
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/notify-team-to-review-pr.yml(2 hunks)
🧰 Additional context used
🧠 Learnings (14)
📓 Common learnings
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-09T09:12:44.088Z
Learning: jiridanek requested GitHub issue creation for GitHub Actions artifact naming conflict during PR #1357 review, specifically for a failing actions/upload-artifactv4 step with 409 Conflict error. Issue was created with comprehensive problem description covering artifact naming conflicts, root cause analysis of duplicate names in concurrent workflows, four solution options (enhanced naming, overwriting, conditional uploads, matrix-aware naming) with code examples, detailed acceptance criteria, implementation guidance, testing approach, and proper context linking, continuing the established pattern of systematic CI/CD and code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .github/workflows/insta-merge.yaml:1-1
Timestamp: 2025-07-09T14:41:52.874Z
Learning: jiridanek requested GitHub issue creation for YAML linting problems caused by the new GitHub Actions workflow in PR #1365, specifically addressing failures in the repository's YAML linter due to the insta-merge.yaml workflow file. Issue #1370 was successfully created with comprehensive problem description covering potential indentation, quoting, line length, and structural issues, detailed root cause analysis, four solution options (fixing current file, implementing linting rules, automated formatting, repository-wide standardization), clear acceptance criteria, implementation guidance with testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .github/workflows/insta-merge.yaml:1-1
Timestamp: 2025-07-09T14:41:52.874Z
Learning: jiridanek requested GitHub issue creation for YAML linting problems caused by the new GitHub Actions workflow in PR #1365, specifically addressing failures in the repository's YAML linter due to the insta-merge.yaml workflow file. Issue was created with comprehensive problem description covering potential indentation, quoting, line length, and structural issues, detailed root cause analysis, four solution options (fixing current file, implementing linting rules, automated formatting, repository-wide standardization), clear acceptance criteria, implementation guidance with testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1425
File: .github/workflows/security.yaml:23-32
Timestamp: 2025-07-22T06:00:47.032Z
Learning: jiridanek requested GitHub issue creation for Trivy security scan enforcement during PR #1425 review, specifically addressing the exit-code: '0' configuration that prevents the security workflow from failing on detected vulnerabilities. Issue #1427 was successfully created with comprehensive problem description covering security gate bypass risks, multiple solution options (immediate, phased, critical-only enforcement), detailed phased acceptance criteria, implementation guidance with testing approach, risk mitigation strategies, and proper context linking, continuing the established pattern of systematic security improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-18T07:20:47.031Z
Learning: jiridanek requested GitHub issue creation for GOPATH preservation problem in GitHub Actions workflow template during PR #1407 review. Issue #1411 was successfully created with comprehensive problem description covering sudo --preserve-env=PATH dropping GOPATH environment variable causing Go toolchain to recompile binaries unnecessarily, detailed impact analysis of performance degradation and permission pollution, multiple solution options (preserving GOPATH, GOMODCACHE, or removing sudo), clear acceptance criteria for optimization validation, implementation guidance with testing recommendations, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1379
File: .tekton/odh-workbench-jupyter-datascience-cpu-py312-ubi9-push.yaml:14-17
Timestamp: 2025-07-11T11:15:47.424Z
Learning: jiridanek requested GitHub issue creation for CEL filter problem in datascience workbench Tekton pipelines during PR #1379 review. Issue #1383 was successfully created with comprehensive problem description covering both Python 3.11 and 3.12 pipelines incorrectly watching jupyter/minimal directories instead of jupyter/datascience directories, detailed impact analysis of pipeline execution failures, complete solution with before/after code examples, thorough acceptance criteria for path updates and pipeline triggering verification, implementation notes about repository structure alignment, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/test/test_notebook.ipynb:22-29
Timestamp: 2025-07-02T18:27:51.097Z
Learning: jiridanek consistently creates comprehensive follow-up GitHub issues from PR review comments in opendatahub-io/notebooks, turning specific code quality concerns into systematic improvements tracked with proper context, acceptance criteria, and cross-references. Issue #1266 demonstrates this pattern by expanding a specific error handling concern in load_expected_versions() into a repository-wide improvement initiative.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1230
File: jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm:43-55
Timestamp: 2025-07-01T06:48:21.070Z
Learning: When jiridanek encounters security feedback during PR reviews in opendatahub-io/notebooks, he creates dedicated GitHub issues to track them as follow-up improvements rather than blocking the current PR. This demonstrates effective project management by separating immediate deliverables from security enhancements that require dedicated testing and validation.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .tekton/odh-workbench-jupyter-pytorch-rocm-py311-ubi9-push.yaml:9-9
Timestamp: 2025-07-09T15:10:16.532Z
Learning: jiridanek requested GitHub issue creation for YAML syntax error in Tekton PipelineRun during PR #1365 review. Issue #1371 was successfully created with comprehensive problem description covering trailing backslash causing YAML parser failure, technical details with specific error messages, impact analysis of pipeline execution breakdown, clear solution with code examples, detailed acceptance criteria, and proper notification to riprasad about automation failure, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1333
File: runtimes/pytorch/ubi9-python-3.12/Dockerfile.cuda:17-25
Timestamp: 2025-07-09T08:07:30.628Z
Learning: jiridanek requested GitHub issue creation for oc client installation permission problem in PyTorch CUDA runtime Dockerfile during PR #1333 review. Issue #1356 was created with comprehensive problem description covering USER 1001 permission conflicts with root-owned /opt/app-root/bin directory, detailed impact analysis of build failures and non-executable binaries, current problematic code snippet, complete solution with user switching approach, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1768
File: .github/workflows/notify-team-to-review-pr.yml:6-7
Timestamp: 2025-08-10T17:18:32.253Z
Learning: When using the `github.rest.issues.addLabels` API to add labels to pull requests in GitHub Actions workflows, either `issues: write` OR `pull-requests: write` permission is sufficient. For pull requests specifically, `pull-requests: write` is the preferred permission following the principle of least privilege, even though the API endpoint is part of the Issues API.
📚 Learning: 2025-07-22T06:00:47.032Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1425
File: .github/workflows/security.yaml:23-32
Timestamp: 2025-07-22T06:00:47.032Z
Learning: jiridanek requested GitHub issue creation for Trivy security scan enforcement during PR #1425 review, specifically addressing the exit-code: '0' configuration that prevents the security workflow from failing on detected vulnerabilities. Issue #1427 was successfully created with comprehensive problem description covering security gate bypass risks, multiple solution options (immediate, phased, critical-only enforcement), detailed phased acceptance criteria, implementation guidance with testing approach, risk mitigation strategies, and proper context linking, continuing the established pattern of systematic security improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-08-12T08:36:45.281Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1909
File: rstudio/c9s-python-3.11/Dockerfile.cpu:15-18
Timestamp: 2025-08-12T08:36:45.281Z
Learning: jiridanek requested GitHub issue creation for adding ticket references to upgrade block markers during PR #1909 review, specifically noting that scripts/dockerfile_fragments.py script can be used to update code within labeled begin/end blocks and care must be taken not to break the script. Issue was created with comprehensive problem description covering traceability enhancement across 30+ Dockerfiles, critical automation compatibility warnings, multiple implementation options, detailed acceptance criteria including script testing requirements, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-09T09:12:44.088Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-09T09:12:44.088Z
Learning: jiridanek requested GitHub issue creation for GitHub Actions artifact naming conflict during PR #1357 review, specifically for a failing actions/upload-artifactv4 step with 409 Conflict error. Issue was created with comprehensive problem description covering artifact naming conflicts, root cause analysis of duplicate names in concurrent workflows, four solution options (enhanced naming, overwriting, conditional uploads, matrix-aware naming) with code examples, detailed acceptance criteria, implementation guidance, testing approach, and proper context linking, continuing the established pattern of systematic CI/CD and code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-08-12T08:36:45.281Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1909
File: rstudio/c9s-python-3.11/Dockerfile.cpu:15-18
Timestamp: 2025-08-12T08:36:45.281Z
Learning: jiridanek requested GitHub issue creation for adding ticket references to upgrade block markers during PR #1909 review, specifically noting that scripts/dockerfile_fragments.py script can be used to update code within labeled begin/end blocks and care must be taken not to break the script. Analysis revealed the script uses exact string matching for begin/end markers, making compatibility a critical concern. Issue #1912 was created with comprehensive problem description covering traceability enhancement across multiple Dockerfiles, critical automation compatibility warnings with technical details about exact string matching, multiple implementation options prioritizing script-first approach, detailed acceptance criteria including script testing requirements, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-09T14:41:52.874Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .github/workflows/insta-merge.yaml:1-1
Timestamp: 2025-07-09T14:41:52.874Z
Learning: jiridanek requested GitHub issue creation for YAML linting problems caused by the new GitHub Actions workflow in PR #1365, specifically addressing failures in the repository's YAML linter due to the insta-merge.yaml workflow file. Issue was created with comprehensive problem description covering potential indentation, quoting, line length, and structural issues, detailed root cause analysis, four solution options (fixing current file, implementing linting rules, automated formatting, repository-wide standardization), clear acceptance criteria, implementation guidance with testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-09T14:41:52.874Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .github/workflows/insta-merge.yaml:1-1
Timestamp: 2025-07-09T14:41:52.874Z
Learning: jiridanek requested GitHub issue creation for YAML linting problems caused by the new GitHub Actions workflow in PR #1365, specifically addressing failures in the repository's YAML linter due to the insta-merge.yaml workflow file. Issue #1370 was successfully created with comprehensive problem description covering potential indentation, quoting, line length, and structural issues, detailed root cause analysis, four solution options (fixing current file, implementing linting rules, automated formatting, repository-wide standardization), clear acceptance criteria, implementation guidance with testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-11T11:15:47.424Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1379
File: .tekton/odh-workbench-jupyter-datascience-cpu-py312-ubi9-push.yaml:14-17
Timestamp: 2025-07-11T11:15:47.424Z
Learning: jiridanek requested GitHub issue creation for CEL filter problem in datascience workbench Tekton pipelines during PR #1379 review. Issue #1383 was successfully created with comprehensive problem description covering both Python 3.11 and 3.12 pipelines incorrectly watching jupyter/minimal directories instead of jupyter/datascience directories, detailed impact analysis of pipeline execution failures, complete solution with before/after code examples, thorough acceptance criteria for path updates and pipeline triggering verification, implementation notes about repository structure alignment, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-09T15:10:16.532Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1365
File: .tekton/odh-workbench-jupyter-pytorch-rocm-py311-ubi9-push.yaml:9-9
Timestamp: 2025-07-09T15:10:16.532Z
Learning: jiridanek requested GitHub issue creation for YAML syntax error in Tekton PipelineRun during PR #1365 review. Issue #1371 was successfully created with comprehensive problem description covering trailing backslash causing YAML parser failure, technical details with specific error messages, impact analysis of pipeline execution breakdown, clear solution with code examples, detailed acceptance criteria, and proper notification to riprasad about automation failure, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-11T11:16:05.131Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-11T11:16:05.131Z
Learning: jiridanek requested GitHub issue creation for RStudio py311 Tekton push pipelines during PR #1379 review. Issue #1384 was successfully created covering two RStudio variants (CPU and CUDA) found in manifests/base/params-latest.env, with comprehensive problem description, implementation requirements following the same pattern as other workbench pipelines, clear acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-02T18:27:51.097Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/test/test_notebook.ipynb:22-29
Timestamp: 2025-07-02T18:27:51.097Z
Learning: jiridanek consistently creates comprehensive follow-up GitHub issues from PR review comments in opendatahub-io/notebooks, turning specific code quality concerns into systematic improvements tracked with proper context, acceptance criteria, and cross-references. Issue #1266 demonstrates this pattern by expanding a specific error handling concern in load_expected_versions() into a repository-wide improvement initiative.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-11T11:15:25.572Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1379
File: .tekton/odh-workbench-jupyter-pytorch-cuda-py312-ubi9-push.yaml:40-44
Timestamp: 2025-07-11T11:15:25.572Z
Learning: jiridanek requested GitHub issue creation for critical Tekton array parameter syntax error during PR #1379 review, affecting all 32 pipeline files with additional-tags parameter. Issue #1382 was created with comprehensive problem description covering both Python 3.11 and 3.12 pipeline files (16 each), detailed root cause analysis of value: vs values: syntax error, critical impact assessment of complete pipeline execution failure, complete list of all affected files across workbench and runtime types, implementation commands with sed scripts, detailed acceptance criteria, implementation notes about systematic copy-paste error propagation, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-07-02T18:59:15.788Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/kustomize/base/service.yaml:5-15
Timestamp: 2025-07-02T18:59:15.788Z
Learning: jiridanek creates targeted GitHub issues for specific test quality improvements identified during PR reviews in opendatahub-io/notebooks. Issue #1268 demonstrates this by converting a review comment about insufficient tf2onnx conversion test validation into a comprehensive improvement plan with clear acceptance criteria, code examples, and ROCm-specific context.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
📚 Learning: 2025-08-10T17:18:32.253Z
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1768
File: .github/workflows/notify-team-to-review-pr.yml:6-7
Timestamp: 2025-08-10T17:18:32.253Z
Learning: When using the `github.rest.issues.addLabels` API to add labels to pull requests in GitHub Actions workflows, either `issues: write` OR `pull-requests: write` permission is sufficient. For pull requests specifically, `pull-requests: write` is the preferred permission following the principle of least privilege, even though the API endpoint is part of the Issues API.
Applied to files:
.github/workflows/notify-team-to-review-pr.yml
🔇 Additional comments (1)
.github/workflows/notify-team-to-review-pr.yml (1)
4-6: Correct fix: switching to pull_request_target resolves the 403Running in the base-repo context with GITHUB_TOKEN is the right approach for labeling PRs from forks. Looks good.
|
/lgtm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
the regular
secrets.GITHUB_TOKENresults in a 403 error HttpError: Resource not accessible by integrationHow Has This Been Tested?
Merge criteria:
Summary by CodeRabbit
Bug Fixes
Chores