Skip to content

Comments

chore(automation): ensure status/need-triage is applied and never cleared automatically#16657

Merged
bdmorgan merged 11 commits intomainfrom
chore/status-need-triage-automation
Jan 15, 2026
Merged

chore(automation): ensure status/need-triage is applied and never cleared automatically#16657
bdmorgan merged 11 commits intomainfrom
chore/status-need-triage-automation

Conversation

@bdmorgan
Copy link
Collaborator

@bdmorgan bdmorgan commented Jan 14, 2026

Summary

This PR establishes a robust issue triage flow where all issues are labeled with status/need-triage and remain that way until a manual maintainer review.

Details

  • Automatic Labeling: Created .github/workflows/issue-opened-labeler.yml to apply status/need-triage to every new issue.
  • Backfill Script: Created .github/scripts/backfill-need-triage.cjs to apply the label to all existing open issues (excluding those with 🔒 maintainer only).
  • Persistence: Removed auto-clearing logic from gemini-automated-issue-triage.yml and gemini-scheduled-issue-triage.yml. Triage bots will now only classify issues, not remove their triage status.

Related Issues

N/A

@bdmorgan bdmorgan requested review from a team as code owners January 14, 2026 22:05
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Jan 14, 2026

Summary of Changes

Hello @bdmorgan, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the issue triage workflow by ensuring that all issues consistently receive and retain the status/need-triage label until a manual maintainer review. This is achieved through new automation for newly opened issues, a script to apply the label to existing issues, and modifications to prevent automated removal of the triage status.

Highlights

  • Automatic Labeling for New Issues: A new GitHub Actions workflow has been introduced to automatically apply the status/need-triage label to every new issue created, ensuring all incoming issues are marked for review.
  • Backfill Script for Existing Issues: A new Node.js script has been added to backfill the status/need-triage label to all existing open issues that do not already have it, excluding those marked with 🔒 maintainer only.
  • Enhanced Label Persistence: Logic that previously auto-cleared the status/need-triage label has been removed from existing automated triage workflows, ensuring the label remains until manually removed by a maintainer.
Ignored Files
  • Ignored by pattern: .github/workflows/** (3)
    • .github/workflows/gemini-automated-issue-triage.yml
    • .github/workflows/gemini-scheduled-issue-triage.yml
    • .github/workflows/issue-opened-labeler.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new workflow and a backfill script to ensure all issues are labeled with status/need-triage. However, a critical command injection vulnerability has been identified in the .github/scripts/backfill-need-triage.cjs script. This vulnerability arises from insecurely constructing shell commands with unvalidated data from an API, posing a risk of Remote Code Execution in the CI environment. A safer method for executing child processes is recommended. Additionally, the backfill script has potential issues related to a hardcoded limit of 1000 issues and insufficient error handling within the issue labeling loop, which could lead to an incomplete backfill process being reported as successful.

@gemini-cli gemini-cli bot added the status/need-issue Pull requests that need to have an associated issue. label Jan 14, 2026
@github-actions
Copy link

github-actions bot commented Jan 14, 2026
edited
Loading

Size Change: -2 B (0%)

Total Size: 23.1 MB

ℹ️ View Unchanged
Filename Size Change
./bundle/gemini.js 23 MB -2 B (0%)
./bundle/sandbox-macos-permissive-closed.sb 1.03 kB 0 B
./bundle/sandbox-macos-permissive-open.sb 890 B 0 B
./bundle/sandbox-macos-permissive-proxied.sb 1.31 kB 0 B
./bundle/sandbox-macos-restrictive-closed.sb 3.29 kB 0 B
./bundle/sandbox-macos-restrictive-open.sb 3.36 kB 0 B
./bundle/sandbox-macos-restrictive-proxied.sb 3.56 kB 0 B

compressed-size-action

@bdmorgan bdmorgan enabled auto-merge January 14, 2026 22:40
@bdmorgan bdmorgan force-pushed the chore/status-need-triage-automation branch from d374416 to f7f8d7d Compare January 15, 2026 01:28
@bdmorgan bdmorgan disabled auto-merge January 15, 2026 01:37
@bdmorgan bdmorgan enabled auto-merge January 15, 2026 01:45
@bdmorgan bdmorgan added this pull request to the merge queue Jan 15, 2026
Merged via the queue into main with commit 467e869 Jan 15, 2026
25 checks passed
@bdmorgan bdmorgan deleted the chore/status-need-triage-automation branch January 15, 2026 02:09
Kimsoo0119 added a commit to Kimsoo0119/gemini-cli that referenced this pull request Jan 18, 2026
@Kimsoo0119
fix(automation): fix jq quoting error in pr-triage.sh
cee8646 
The previous change incorrectly escaped quotes inside single-quoted
strings. In bash single quotes, backslash escapes are not processed,
so `\"null\"` is passed literally to jq, causing a syntax error:
"unexpected INVALID_CHARACTER (Unix shell quoting issues?)"

Fix by using jq's native `null` value with `tostring` instead of
trying to embed a quoted string literal.

Fixes the audit-prs workflow failure introduced in google-gemini#16657.
This was referenced Jan 18, 2026
Merged
Merged
Closed
Kimsoo0119 added a commit to Kimsoo0119/gemini-cli that referenced this pull request Jan 18, 2026
@Kimsoo0119
fix(automation): fix jq quoting error in pr-triage.sh
4e60b0d 
The previous change incorrectly escaped quotes inside single-quoted
strings. In bash single quotes, backslash escapes are not processed,
so `\"null\"` is passed literally to jq, causing a syntax error:
"unexpected INVALID_CHARACTER (Unix shell quoting issues?)"

Fix by using jq's native `null` value with `tostring` instead of
trying to embed a quoted string literal.

Fixes the audit-prs workflow failure introduced in google-gemini#16657.
Thomas-Shephard pushed a commit to Thomas-Shephard/gemini-cli that referenced this pull request Jan 21, 2026
@bdmorgan @Thomas-Shephard
chore(automation): ensure status/need-triage is applied and never cle…
123669d 
…ared automatically (google-gemini#16657)
thacio added a commit to thacio/auditaria that referenced this pull request Jan 24, 2026
@thacio
Merge(Auto) Commit '467e86932': chore(automation): ensure status/need…
696338a 
…-triage is applied and never cleared automatically (google-gemini#16657)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scidomino scidomino scidomino approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

status/need-issue Pull requests that need to have an associated issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bdmorgan @scidomino