From 8b552c11c57d78ef69212e9e8c6e89e7c334767d Mon Sep 17 00:00:00 2001 From: aRustyDev <36318507+aRustyDev@users.noreply.github.com> Date: Tue, 23 Dec 2025 14:06:18 -0500 Subject: [PATCH 1/4] Add auto-assign.yml from gist --- .github/workflows/auto-assign.yml | 95 +++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 .github/workflows/auto-assign.yml diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml new file mode 100644 index 0000000..0fde858 --- /dev/null +++ b/.github/workflows/auto-assign.yml @@ -0,0 +1,95 @@ +name: Auto Assign Owner + +on: + issues: + types: [opened] + pull_request_target: + types: [opened] + +permissions: + issues: write + pull-requests: write + contents: read + +jobs: + check-and-assign: + runs-on: ubuntu-latest + steps: + - name: Check collaborator count and assign owner + uses: actions/github-script@v7 + with: + script: | + const owner = context.repo.owner; + const repo = context.repo.repo; + + // Get collaborators with push or admin access + const { data: collaborators } = await github.rest.repos.listCollaborators({ + owner, + repo, + permission: 'push' + }); + + // Filter to only users with push or admin (not just read) + const pushCollaborators = collaborators.filter(c => + c.permissions?.push || c.permissions?.admin + ); + + console.log(`Found ${pushCollaborators.length} collaborators with push access`); + + // Only auto-assign if there's 1 or fewer collaborators with push access + if (pushCollaborators.length > 1) { + console.log('Multiple collaborators found, skipping auto-assign'); + return; + } + + // Determine the assignee (repo owner) + const assignee = owner; + + if (context.eventName === 'issues') { + const issue = context.payload.issue; + + // Skip if already assigned + if (issue.assignees && issue.assignees.length > 0) { + console.log('Issue already has assignees, skipping'); + return; + } + + // Skip if author is a bot + if (issue.user.type === 'Bot') { + console.log('Issue author is a bot, skipping'); + return; + } + + await github.rest.issues.addAssignees({ + owner, + repo, + issue_number: issue.number, + assignees: [assignee] + }); + + console.log(`Assigned issue #${issue.number} to ${assignee}`); + + } else if (context.eventName === 'pull_request_target') { + const pr = context.payload.pull_request; + + // Skip if already assigned + if (pr.assignees && pr.assignees.length > 0) { + console.log('PR already has assignees, skipping'); + return; + } + + // Skip if author is a bot + if (pr.user.type === 'Bot') { + console.log('PR author is a bot, skipping'); + return; + } + + await github.rest.issues.addAssignees({ + owner, + repo, + issue_number: pr.number, + assignees: [assignee] + }); + + console.log(`Assigned PR #${pr.number} to ${assignee}`); + } From e555e5c79d58e9f66fe36df722cdc9e80fa1d287 Mon Sep 17 00:00:00 2001 From: aRustyDev <36318507+aRustyDev@users.noreply.github.com> Date: Tue, 23 Dec 2025 14:06:19 -0500 Subject: [PATCH 2/4] Add dependabot-issue.yml from gist --- .github/workflows/dependabot-issue.yml | 63 ++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/workflows/dependabot-issue.yml diff --git a/.github/workflows/dependabot-issue.yml b/.github/workflows/dependabot-issue.yml new file mode 100644 index 0000000..4b07207 --- /dev/null +++ b/.github/workflows/dependabot-issue.yml @@ -0,0 +1,63 @@ +name: Create Issue for Dependabot PRs + +on: + pull_request_target: + types: [opened] + +permissions: + issues: write + pull-requests: read + +jobs: + create-tracking-issue: + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest + steps: + - name: Create tracking issue for Dependabot PR + uses: actions/github-script@v7 + with: + script: | + const pr = context.payload.pull_request; + const owner = context.repo.owner; + const repo = context.repo.repo; + + // Extract version info from PR title + // Typical format: "Bump actions/checkout from 3 to 4" + const title = pr.title; + + const issueTitle = `deps: ${title}`; + const issueBody = `## Dependabot Update + + ${pr.body || 'Automated dependency update.'} + + ## Pull Request + + - PR: #${pr.number} + - Author: @${pr.user.login} + - URL: ${pr.html_url} + + --- + This issue was automatically created to track the Dependabot update. + `; + + const { data: issue } = await github.rest.issues.create({ + owner, + repo, + title: issueTitle, + body: issueBody, + labels: ['dependencies', 'github-actions'] + }); + + console.log(`Created tracking issue #${issue.number} for PR #${pr.number}`); + + // Update PR body to reference the issue + const updatedBody = `${pr.body || ''}\n\n---\nCloses #${issue.number}`; + + await github.rest.pulls.update({ + owner, + repo, + pull_number: pr.number, + body: updatedBody + }); + + console.log(`Updated PR #${pr.number} to close issue #${issue.number}`); From 3e11739c6abefa20c561aee1b0a26689b9c3d8f5 Mon Sep 17 00:00:00 2001 From: aRustyDev <36318507+aRustyDev@users.noreply.github.com> Date: Tue, 23 Dec 2025 14:06:20 -0500 Subject: [PATCH 3/4] Add dependabot.yml from gist --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9818577 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + commit-message: + prefix: "ci" + labels: + - "dependencies" + - "github-actions" + open-pull-requests-limit: 5 From 3ba31c0cbcf28f22c6db7ae2f05812cb54f35e84 Mon Sep 17 00:00:00 2001 From: aRustyDev <36318507+aRustyDev@users.noreply.github.com> Date: Tue, 23 Dec 2025 16:47:05 -0500 Subject: [PATCH 4/4] fix(ci): remove PR body update from dependabot-issue workflow Dependabot PRs have restricted permissions that prevent modifying the PR body. --- .github/workflows/dependabot-issue.yml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/dependabot-issue.yml b/.github/workflows/dependabot-issue.yml index 4b07207..5c7d27f 100644 --- a/.github/workflows/dependabot-issue.yml +++ b/.github/workflows/dependabot-issue.yml @@ -50,14 +50,5 @@ jobs: console.log(`Created tracking issue #${issue.number} for PR #${pr.number}`); - // Update PR body to reference the issue - const updatedBody = `${pr.body || ''}\n\n---\nCloses #${issue.number}`; - - await github.rest.pulls.update({ - owner, - repo, - pull_number: pr.number, - body: updatedBody - }); - - console.log(`Updated PR #${pr.number} to close issue #${issue.number}`); + // Note: We don't update the PR body because Dependabot PRs have + // restricted permissions. The issue references the PR instead.