reminder-bot test

[prajeeta15]

PR Type

Enhancement

---

Description

• Add Issue Reminder Bot to detect stale assigned issues

• Automatically post reminders for issues without linked PRs

• Implement scheduled workflow running every 5 minutes

• Add repository information documentation for Zencoder

• Update CHANGELOG with new bot feature details

---

Diagram Walkthrough

flowchart LR
  A["GitHub Issues"] -->|"Fetch open issues"| B["issue_reminder_no_pr.sh"]
  B -->|"Check assignment time"| C["Calculate days since assignment"]
  C -->|"Verify no open PRs"| D["Post reminder comment"]
  E["Scheduled Workflow"] -->|"Trigger every 5 min"| B
  D -->|"Update CHANGELOG"| F["Documentation"]

Loading

File Walkthrough

	Relevant files
Enhancement	issue_reminder_no_pr.sh Issue Reminder Bot shell script implementation                      .github/scripts/issue_reminder_no_pr.sh New bash script implementing the Issue Reminder Bot functionality Fetches open issues with assignees and checks assignment duration Verifies no open PRs are linked before posting reminder comments Supports cross-platform timestamp parsing for Linux and macOS Includes dry-run mode for safe testing without posting comments +147/-0  bot-issue-reminder-no-pr.yml GitHub Actions workflow for issue reminder bot                      .github/workflows/bot-issue-reminder-no-pr.yml New GitHub Actions workflow for scheduled issue reminder execution Configured to run every 5 minutes via cron schedule Supports manual trigger with dry-run option via workflow_dispatch Sets appropriate permissions for reading issues and pull requests Includes security hardening with step-security/harden-runner +38/-0
Documentation	repo.md Repository information documentation for Zencoder                .zencoder/rules/repo.md New repository information documentation file for Zencoder Documents SDK structure, language version, and dependencies Includes build, installation, testing, and validation instructions Provides comprehensive overview of hiero-sdk-python project +67/-0    CHANGELOG.md Update CHANGELOG with Issue Reminder Bot feature                  CHANGELOG.md Added entry documenting the new Issue Reminder Bot feature References issue Create inactivity reminder bot for assigned issues with no pull requests hiero-ledger/hiero-sdk-python#951 and links to bot script and workflow files Removed empty line in previous changelog entry for formatting Documents automatic detection of stale assigned issues +1/-1

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Unverified action pin Description: The harden-runner step uses a pinned commit SHA without a provenance-verified digest or version pin strategy, which could allow a compromised or force-pushed reference; prefer a trusted, versioned release with verification (e.g., v2 with security digest) or a Sigstore-verifiable pin. bot-issue-reminder-no-pr.yml [25-27] Referred Code uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 with: egress-policy: audit
	Spoofable bot detection Description: Comment-existence check relies solely on body containing the string "ReminderBot" from user "github-actions[bot]", which is spoofable by other actors posting similar text; use more robust markers (e.g., hidden HTML comment token) or author+app_id metadata to prevent spoofing-induced suppression. issue_reminder_no_pr.sh [67-75] Referred Code EXISTING_COMMENT=$(gh api "repos/$REPO/issues/$ISSUE/comments" \ --jq ".[] | select(.user.login == \"github-actions[bot]\") | select(.body | contains(\"ReminderBot\")) | .id" \ | head -n1) if [ -n "$EXISTING_COMMENT" ]; then echo "[INFO] Reminder comment already posted on this issue." echo continue fi
	Incomplete PR linkage check Description: Linked PR detection depends on timeline cross-references which can miss associations (e.g., closing keywords in descriptions or external refs), potentially causing incorrect reminders that may leak issue status to unauthorized forks if permissions change; consider using search/GraphQL for PRs referencing the issue and stricter permission checks. issue_reminder_no_pr.sh [94-111] Referred Code PR_NUMBERS=$(gh api \ -H "Accept: application/vnd.github.mockingbird-preview+json" \ "repos/$REPO/issues/$ISSUE/timeline" \ --jq ".[] | select(.event == \"cross-referenced\") | select(.source.issue.pull_request != null) | .source.issue.number" 2>/dev/null || true) OPEN_PR_FOUND="" if [ -n "$PR_NUMBERS" ]; then for PR_NUM in $PR_NUMBERS; do PR_STATE=$(gh pr view "$PR_NUM" --repo "$REPO" --json state --jq '.state' 2>/dev/null || true) if [ "$PR_STATE" = "OPEN" ]; then OPEN_PR_FOUND="$PR_NUM" break fi done fi
	Misconfigured schedule Description: The cron string "/5 * * * " is nonstandard and may be misinterpreted or unsupported by GitHub Actions leading to unintended run cadence; incorrect frequency can cause notification spam or rate-limit exhaustion—use "/5 * * * *". bot-issue-reminder-no-pr.yml [5-5] Referred Code - cron: "/5 * * * *" workflow_dispatch:
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Action Logging: The script performs critical actions (posting comments and skipping due to existing PRs) but only echoes minimal context without structured logs that include actor, timestamp, and outcomes for full auditability. Referred Code echo "[RESULT] No OPEN PRs linked to this issue." # Check if threshold has been reached if [ "$DIFF_DAYS" -lt "$DAYS" ]; then echo "[WAIT] Only $DIFF_DAYS days (< $DAYS) → not yet time for reminder." echo continue fi echo "[REMIND] Issue #$ISSUE assigned for $DIFF_DAYS days, posting reminder." # Post reminder comment MESSAGE="Hi, this is ReminderBot. This issue has been assigned but has had no pull request created. Are you still planning on working on the issue? From the Python SDK Team" if [ "$DRY_RUN" = "true" ]; then echo "[DRY RUN] Would post comment on issue #$ISSUE:" echo "$MESSAGE" else gh issue comment "$ISSUE" --repo "$REPO" --body "$MESSAGE" ... (clipped 2 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Error Handling: The script relies on set -euo and plain echoes while gh/jq/date parsing failures, empty API responses, and pagination edge cases may not be surfaced with actionable context or retries. Referred Code NOW_TS=$(date +%s) # Cross-platform timestamp parsing (Linux + macOS/BSD) parse_ts() { local ts="$1" if date --version >/dev/null 2>&1; then date -d "$ts" +%s # GNU date (Linux) else date -j -f "%Y-%m-%dT%H:%M:%SZ" "$ts" +"%s" # macOS/BSD fi } # Fetch open ISSUES (not PRs) that have assignees ISSUES=$(gh api "repos/$REPO/issues" \ --paginate \ --jq '.[] | select(.state=="open" and (.assignees | length > 0) and (.pull_request | not)) | .number') if [ -z "$ISSUES" ]; then echo "No open issues with assignees found." exit 0 fi ... (clipped 64 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Reduce scheduling frequency to avoid API rate limits The workflow's 5-minute execution schedule is too frequent and risks hitting GitHub API rate limits. It is recommended to reduce the frequency to once per day to ensure reliable operation. Examples: .github/workflows/bot-issue-reminder-no-pr.yml [5] - cron: "/5 * * * *" Solution Walkthrough: Before: # .github/workflows/bot-issue-reminder-no-pr.yml name: bot-issue-reminder-no-pr on: schedule: - cron: "/5 * * * *" workflow_dispatch: ... jobs: ... After: # .github/workflows/bot-issue-reminder-no-pr.yml name: bot-issue-reminder-no-pr on: schedule: # Run once a day at midnight UTC - cron: "0 0 * * *" workflow_dispatch: ... jobs: ... Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical operational flaw; running the script every 5 minutes will almost certainly exceed the GitHub API rate limit for the repository, rendering the bot non-functional.	High
Possible issue	Avoid suppressing critical API errors Remove error suppression (2>/dev/null || true) from the gh api command. This will ensure the script fails fast on critical errors like authentication or network issues, preventing incorrect reminders. .github/scripts/issue_reminder_no_pr.sh [94-100] PR_NUMBERS=$(gh api \ -H "Accept: application/vnd.github.mockingbird-preview+json" \ "repos/$REPO/issues/$ISSUE/timeline" \ --jq ".[] | select(.event == \"cross-referenced\") | select(.source.issue.pull_request != null) - | .source.issue.number" 2>/dev/null || true) + | .source.issue.number") Apply / Chat Suggestion importance[1-10]: 8 __ Why: This suggestion correctly points out a critical flaw in error handling. Suppressing API errors could lead the script to operate on incomplete data and post incorrect reminders. Allowing the script to fail on API errors improves its reliability and correctness.	Medium
	Avoid suppressing critical command errors Remove error suppression (2>/dev/null || true) from the gh pr view command. This ensures the script exits on failure, preventing it from posting incorrect reminders when it cannot determine a PR's state. .github/scripts/issue_reminder_no_pr.sh [105] -PR_STATE=$(gh pr view "$PR_NUM" --repo "$REPO" --json state --jq '.state' 2>/dev/null || true) +PR_STATE=$(gh pr view "$PR_NUM" --repo "$REPO" --json state --jq '.state') Apply / Chat Suggestion importance[1-10]: 8 __ Why: This suggestion correctly identifies a critical flaw in error handling. Suppressing command errors could lead the script to misinterpret a PR's state and post an unnecessary reminder. Allowing the script to fail when it cannot verify a PR's state improves its overall correctness.	Medium
	Use a safer default value Change the default value for the DAYS variable from 0 to a safer value like 7. This prevents the script from sending reminders for all issues if the environment variable is not set. .github/scripts/issue_reminder_no_pr.sh [11] -DAYS="${DAYS:-0}" +DAYS="${DAYS:-7}" Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that a default of 0 for DAYS would cause reminders to be sent for all issues if the variable is not set, which is undesirable. Changing the default to 7 makes the script more robust and safer for standalone execution.	Low
More

[github-actions]

Hi, this is WorkflowBot.
Your pull request cannot be merged as it is not passing all our workflow checks.
Please click on each check to review the logs and resolve issues so all checks pass.
To help you:

• DCO signing guide
• Changelog guide
• Merge conflicts guide
• Rebase guide
• Testing guide
• Discord
• Community Calls
  Thank you for contributing!
  From the Hiero Python SDK Team