refactor(github): rename bot-inactivity workflow files #1340
Conversation
Remove "-phase" suffix from bot-inactivity workflow files since the process no longer uses phased execution. - .github/scripts/bot-inactivity-unassign-phase.sh -> bot-inactivity-unassign.sh - .github/workflows/bot-inactivity-unassign-phase.yml -> bot-inactivity-unassign.yml
|
[commit-verification-bot] To achieve verified status, please read: Remember, you require a GPG key and each commit must be signed with: Thank you for contributing! From the Hiero Python SDK Team |
📝 WalkthroughWalkthroughThe workflow configuration file was renamed from Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Pre-merge checks✅ Passed checks (5 passed)
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro 📒 Files selected for processing (2)
🧰 Additional context used📓 Path-based instructions (1).github/workflows/**/*⚙️ CodeRabbit configuration file
Files:
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
🔇 Additional comments (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
.github/workflows/bot-inactivity-unassign.yml (2)
32-32: Update the step name and comment to reflect removal of phased execution.The comment still references "Phase 1 + Phase 2," which is inconsistent with this PR's objective of removing phase-related terminology since the workflow no longer uses phased execution.
🔎 Proposed fix
- - name: Run unified inactivity bot (Phase 1 + Phase 2) + - name: Run inactivity bot
19-22: Consider adding a concurrency group to prevent overlapping runs.This workflow mutates GitHub state (unassigning, commenting, closing issues/PRs). Without a concurrency group, scheduled runs could overlap or workflow_dispatch could run concurrently with a scheduled execution, potentially causing race conditions or duplicate actions.
🔎 Recommended addition
Add after the
permissions:block and beforejobs::concurrency: group: bot-inactivity-unassign cancel-in-progress: falseSetting
cancel-in-progress: falseensures that if a run is already in progress, new runs will queue rather than cancel the active run, preventing incomplete state mutations.As per coding guidelines: "Workflows that mutate state MUST define a deterministic concurrency group."
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
.github/scripts/bot-inactivity-unassign.sh.github/workflows/bot-inactivity-unassign.yml
🧰 Additional context used
📓 Path-based instructions (1)
.github/workflows/**/*
⚙️ CodeRabbit configuration file
.github/workflows/**/*: Review workflows as security-sensitive infrastructure.A good workflow is small, focused, and boring.
If a workflow is clever, generic, or overly flexible, it is a risk.
PRIORITY 0 — ABSOLUTE REQUIREMENTS
- All third-party actions MUST be pinned to full commit SHAs, similar to other workflows.
permissions:MUST be explicitly declared and minimally scoped.- Workflows MUST behave safely when executed from forks.
- YAML MUST orchestrate steps, not implement business logic.
- Any workflow that mutates GitHub state MUST support dry-run mode.
- Dry-run behavior must be explicit and visible in logs.
- Workflows MUST NOT modify repository source code outside
.github/.
PRIORITY 1 — SCOPE, FOCUS & RESTRAINT
- The title of each workflow must be relevant, match similar naming schemes, and match its script filename.
- Each workflow MUST have a single, clearly defined objective and SHOULD document this in a top-level comment.
- Flag workflows that:
- Attempt to be generic “frameworks”
- Include speculative or future-facing logic
- Perform actions unrelated to the stated goal
- Over-abstraction and excess flexibility are maintenance risks.
PRIORITY 2 — INPUT HARDENING
- Treat ALL GitHub event data as potentially hostile input, including:
- issue titles, bodies, and comments
- labels, usernames, branch names
- Free-form user input MUST NOT be passed directly into:
- shell commands
- gh CLI arguments
- Node.js exec / spawn calls
- Require strict allowlists or exact string matches.
- Flag any use of:
- eval or bash -c
- backticks or $(...) with user-controlled input
------------------...
Files:
.github/workflows/bot-inactivity-unassign.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Codacy Static Code Analysis
🔇 Additional comments (1)
.github/workflows/bot-inactivity-unassign.yml (1)
41-41: LGTM! Script path correctly updated.The script reference has been properly updated to match the renamed file, removing the "-phase" suffix as intended. The change aligns with the PR objectives.
exploreriii
left a comment
exploreriii
left a comment
There was a problem hiding this comment.
Hi @cxhello
We need a changelog entry and your commits to be signed please 👍
It can be the most difficult part of getting started, so please do let me know if you need help and ask @hiero-ledger/hiero-sdk-good-first-issue-support if you need additional help
2 participants
Summary
Remove "-phase" suffix from bot-inactivity workflow files since the process no longer uses phased execution.
.github/scripts/bot-inactivity-unassign-phase.sh→bot-inactivity-unassign.sh.github/workflows/bot-inactivity-unassign-phase.yml→bot-inactivity-unassign.ymlRelated Issue
Closes #1339
Test plan
git mv