Skip to content

Issue-Bot: Emit GitHub Action annotation when issues are affected #4326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Sep 12, 2025
Merged

Issue-Bot: Emit GitHub Action annotation when issues are affected #4326

merged 10 commits into from
Sep 12, 2025

Conversation

staabm
Copy link
Contributor

@staabm staabm commented Sep 12, 2025
edited
Loading

with this PR we get a issue-bot 'pull request annotation' in the 'files changed' tab, which looks like:

grafik

this annotation is only visible when issue bot finds affected issues, otherwise no annotation is showing up.
intentionally I used a message type "notice" to get a gentle hint which distracts as less as possible.

Goal: make it more obvious when issue bot has helpful results. before this PR we sometimes missed to check the issue bot results as they are hidden deep in the github.com UI

triggered by a discussion in #4168 (comment)

@clxmstaab clxmstaab force-pushed the issue-bot branch 2 times, most recently from 49638aa to c442163 Compare September 12, 2025 13:09
@staabm
Copy link
Contributor Author

staabm commented Sep 12, 2025
edited
Loading

@ondrejmirtes @VincentLanglet any opinion on this? is it acceptable?

if so, I would cleanup the PR and we can give it a try.
if it doesn't work we can remove the annotation just by removing the commit.. so it does not cost much to test it

staabm
staabm commented Sep 12, 2025
View reviewed changes
issue-bot/src/Console/EvaluateCommand.php Outdated
Comment on lines 145 to 146
// XXX debug test
$exitCode = self::EXIT_AFFECTS_ISSUES;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

todo: remove this debug line, which atm enforce rendering of the github action annotation message

@VincentLanglet
Copy link
Contributor

Personally I like it

@ondrejmirtes
Copy link
Member

I like it too!

The reason why it's not safe to post a comment is because the only event that has access to secrets is pull_request_target. And you can't check out the repository if you want to be safe. There's a lot of attacks possible if you do that. There's a big warning here: https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target

@staabm staabm marked this pull request as ready for review September 12, 2025 14:19
@phpstan-bot
Copy link
Collaborator

This pull request has been marked as ready for review.

@staabm
Copy link
Contributor Author

staabm commented Sep 12, 2025

ok cool - lets give it a try then

@ondrejmirtes ondrejmirtes merged commit f6b6762 into phpstan:2.1.x Sep 12, 2025
277 of 281 checks passed
@ondrejmirtes
Copy link
Member

Awesome, thank you!

@staabm staabm deleted the issue-bot branch September 12, 2025 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@staabm @VincentLanglet @ondrejmirtes @phpstan-bot