Merge pull request #35 from parvninama/test/bot-intermediate-assignment-guard

fix: update intermediate assignment guard to use GraphQL counting

Author: parvninama

.github/scripts/bot-intermediate-assignment.js

@@ -7,6 +7,10 @@ const EXEMPT_PERMISSION_LEVELS = (process.env.INTERMEDIATE_EXEMPT_PERMISSIONS ||
   .filter(Boolean);
 const DRY_RUN = /^true$/i.test(process.env.DRY_RUN || '');
 
+function isSafeSearchToken(value) {
+  return typeof value === 'string' && /^[a-zA-Z0-9._/-]+$/.test(value);
+}
+
 function hasLabel(issue, labelName) {
   if (!issue?.labels?.length) {
     return false;
@@ -52,63 +56,53 @@ async function hasExemptPermission(github, owner, repo, username) {
 }
 
 async function countCompletedBeginnerIssues(github, owner, repo, username) {
+  if (
+    !isSafeSearchToken(owner) ||
+    !isSafeSearchToken(repo) ||
+    !isSafeSearchToken(username) ||
+    !isSafeSearchToken(BEGINNER_LABEL)
+  ) {
+    console.log('Invalid search inputs', {
+      owner,
+      repo,
+      username,
+      label: BEGINNER_LABEL,
+    });
+    return null;
+  }
+
   try {
-    console.log(`Checking closed '${BEGINNER_LABEL}' issues in ${owner}/${repo} for ${username}`);
-
-    const query = `
-      query ($owner: String!, $repo: String!) {
-        repository(owner: $owner, name: $repo) {
-          issues(
-            first: 10
-            states: CLOSED
-            labels: ["beginner"]
-            orderBy: { field: UPDATED_AT, direction: DESC }
-          ) {
-            nodes {
-              number
-              assignees(first: 10) {
-                nodes {
-                  login
-                }
-              }
-            }
-          }
+    const searchQuery = [
+      `repo:${owner}/${repo}`,
+      `label:${BEGINNER_LABEL}`,
+      'is:issue',
+      'is:closed',
+      `assignee:${username}`,
+    ].join(' ');
+
+    console.log('GraphQL search query:', searchQuery);
+
+    const result = await github.graphql(
+      `
+      query ($query: String!) {
+        search(type: ISSUE, query: $query) {
+          issueCount
         }
       }
-    `;
+      `,
+      { query: searchQuery }
+    );
 
-    const data = await github.graphql(query, { owner, repo });
-    const normalizedUsername = username.toLowerCase();
-    const issues = data?.repository?.issues?.nodes ?? [];
-    console.log(
-      `Retrieved ${issues.length} closed Beginner issue(s) for evaluation`);
-
-    for (const issue of issues) {
-      const assignees = issue.assignees?.nodes ?? [];
-      
-      const wasAssigned = assignees.some(
-        (assignee) =>
-          assignee?.login?.toLowerCase() === normalizedUsername
-      );
-
-      console.log(
-        `Issue #${issue.number}: assignees=[${assignees
-          .map(a => a.login)
-          .join(', ')}], matched=${wasAssigned}`
-      );
-
-      if (wasAssigned) {
-        console.log(`Found completed Beginner issue #${issue.number} for ${username}`);
-        return 1;
-      }
-    }
+    const count = result?.search?.issueCount ?? 0;
 
-    console.log(`No completed Beginner issues found for ${username}`);
-    return 0;
+    console.log(`Completed Beginner issues for ${username}: ${count}`);
 
+    return count;
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
-    console.log(`Unable to verify completed Beginner issues for ${username}: ${message}`);
+    console.log(
+      `Failed to count Beginner issues for ${username}: ${message}`
+    );
     return null;
   }
 }

CHANGELOG.md

@@ -160,7 +160,7 @@ This changelog is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.
 - Updated `.github/scripts/bot-office-hours.sh` to detect and skip PRs created by bot accounts when posting office hours reminders. (#1384)
 
 ### Fixed
-- Refined intermediate assignment guard to validate Beginner issue completion with improved logging and GraphQL-based counting.
+- Refined intermediate assignment guard to validate Beginner issue completion with improved logging and GraphQL-based counting. (#1424)
 - Good First Issue bot no longer posts `/assign` reminders for repository collaborators. (#1367)
 - GFI workflow casing 
 - Update `bot-workflows.yml` to trigger only on open PRs with failed workflows; ignore closed PRs and branches without open PRs.