Skip to content

chore: pr workflows#727

Merged
edwinjosechittilappilly merged 31 commits into
mainfrom
pr-workflows
Feb 24, 2026
Merged

chore: pr workflows#727
edwinjosechittilappilly merged 31 commits into
mainfrom
pr-workflows

Conversation

@edwinjosechittilappilly

Copy link
Copy Markdown
Collaborator

This pull request introduces a comprehensive set of GitHub workflow and configuration files to automate and standardize pull request labeling, review, and release processes. The main changes include adding PR label automation, enforcing conventional commit standards, managing labels based on reviews, and improving release note generation. These enhancements aim to streamline CI/CD, improve code quality, and ensure consistent project management.

Pull Request and Label Automation:

  • Added .github/labeler.yml and .github/workflows/labeler.yml to automatically apply labels to PRs based on changed files, improving triage and review efficiency. [1] [2]
  • Introduced .github/changes-filter.yaml to define file path filters for categorizing changes by area (e.g., python, frontend, docs, docker, etc.), supporting advanced automation and reporting.

Conventional Commit and PR Standards:

  • Added .github/workflows/conventional-labels.yml to enforce conventional commit standards on PR titles and descriptions, validate PR descriptions for meaningful content, and automatically label PRs according to commit types.
  • Included .github/semantic.yml and .github/workflows/pr-checks.yml to further enforce semantic PR titles and provide user guidance on commit message conventions. [1] [2]

Release and Changelog Automation:

  • Added .github/release.yml to categorize and generate changelogs automatically based on PR labels, making release notes more informative and structured.

Review and Community Label Management:

  • Introduced .github/workflows/add-labels.yml to add or remove an "lgtm" label based on PR review status, improving visibility of approved changes.
  • Added .github/workflows/community-label.yml to automatically label PRs from external contributors as "community" for easier identification.

Branch Management:

  • Implemented .github/workflows/auto-delete-branch.yml to automatically delete merged branches (excluding protected branches), keeping the repository clean.

Configuration Files

1. .github/semantic.yml

Purpose: Configures the semantic PR bot to validate PR titles follow Conventional Commits format.

titleOnly: true
targetUrl: https://www.conventionalcommits.org/en/v1.0.0/#summary

Benefits:

  • Provides a link to contributors explaining the expected PR title format
  • Works with GitHub's semantic PR app (if installed)

2. .github/labeler.yml

Purpose: Configuration for actions/labeler - maps file paths to labels.

Files Changed Label Applied
frontend/** frontend
src/** backend
docs/** documentation
.github/** ci
tests/** tests
Dockerfile*, docker-compose*.yml docker

Benefits:

  • Auto-categorizes PRs by the area of code changed
  • Easy to filter PRs by component (e.g., "show me all frontend PRs")
  • Helps reviewers quickly identify what expertise is needed

3. .github/release.yml

Purpose: Configures GitHub's auto-generated release notes to group PRs by category.

Category Labels
🚨 Breaking Changes breaking
✨ New Features enhancement
🐛 Bug Fixes fix, bug
📝 Documentation documentation
🛠 Maintenance chore, refactor, style, performance, build
✅ Tests test

Benefits:

  • Auto-generated changelogs when you create a release
  • Users can quickly see what's new, fixed, or breaking
  • Professional release notes with zero manual effort

4. .github/changes-filter.yaml

Purpose: Configuration for dorny/paths-filter action - defines path groups for conditional CI triggers.

Benefits:

  • Run only relevant CI jobs based on what files changed
  • Example: Skip frontend tests if only backend files changed
  • Saves CI minutes and speeds up PR feedback

Workflow Files

5. .github/workflows/pr-checks.yml

Purpose: Validates PR titles follow Conventional Commits using amannn/action-semantic-pull-request@v5.

Allowed prefixes: feat:, fix:, docs:, style:, refactor:, perf:, test:, build:, ci:, chore:, revert:

Benefits:

  • Consistent PR titles across all contributors
  • Enables automated changelog generation
  • Clear communication of what each PR does at a glance
  • Blocks PRs with vague titles like "fix stuff" or "updates"

6. .github/workflows/conventional-labels.yml

Purpose: Two-part validation + labeling:

  1. Validates PR title follows Conventional Commits
  2. Validates PR description (min 10 chars, no placeholders)
  3. Auto-labels PR based on title prefix (feat:enhancement, fix:bug, etc.)

Benefits:

  • Ensures PRs have meaningful descriptions
  • Auto-applies labels that feed into release notes
  • Reduces manual labeling work for maintainers

7. .github/workflows/labeler.yml

Purpose: Auto-labels PRs based on which files were changed (uses .github/labeler.yml config).

Benefits:

  • PRs automatically tagged with frontend, backend, docker, etc.
  • Easy to filter and assign reviewers by expertise area
  • No manual labeling needed

8. .github/workflows/add-labels.yml

Purpose: Manages the lgtm (Looks Good To Me) label based on review status:

  • Approved → Adds lgtm label
  • Changes Requested → Removes lgtm label

Benefits:

  • Visual indicator of PR approval status
  • Can be used as a merge requirement
  • Easy to see which PRs are ready to merge

9. .github/workflows/community-label.yml

Purpose: Auto-adds community label to PRs from external contributors (non-members, non-collaborators).

Benefits:

  • Identify community contributions for recognition
  • Track external contributions for reporting
  • Prioritize community PRs for timely reviews

10. .github/workflows/auto-delete-branch.yml

Purpose: Automatically deletes feature branches after PRs are merged.

Benefits:

  • Keeps repository clean (no stale branches)
  • Reduces clutter in branch list
  • Protects main, master, develop from accidental deletion

@github-actions github-actions Bot added the ci ⬛ CI/CD, build, and infrastructure issues label Dec 23, 2025
@edwinjosechittilappilly edwinjosechittilappilly marked this pull request as ready for review December 23, 2025 19:03
Copilot AI review requested due to automatic review settings December 23, 2025 19:03

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a comprehensive GitHub Actions automation suite to standardize and streamline pull request workflows. It adds automated labeling, conventional commit validation, review management, and release note generation to improve development velocity and code quality.

Key Changes:

  • Automated PR labeling based on file changes and conventional commit types
  • PR title and description validation with conventional commit enforcement
  • Review-based label management (LGTM) and community contributor identification
  • Automatic branch cleanup after merge

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
.github/workflows/pr-checks.yml Validates PR titles follow conventional commits format using semantic-pull-request action
.github/workflows/labeler.yml Automatically applies labels based on changed file paths
.github/workflows/conventional-labels.yml Multi-stage validation: PR title, description, and automatic labeling by commit type
.github/workflows/community-label.yml Tags PRs from external contributors with 'community' label
.github/workflows/auto-delete-branch.yml Cleans up merged feature branches automatically
.github/workflows/add-labels.yml Manages 'lgtm' label based on review approvals/changes requested
.github/semantic.yml Configuration for semantic PR validation bot
.github/release.yml Defines changelog categories for auto-generated release notes
.github/labeler.yml Maps file path patterns to labels (frontend, backend, docs, etc.)
.github/changes-filter.yaml Defines path filters for conditional CI triggering with dorny/paths-filter

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/conventional-labels.yml Outdated
Comment thread .github/workflows/community-label.yml
console.log(`Skipping deletion of protected branch: ${branchName}`);
return;
}

Copilot AI Dec 23, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow only checks if the branch name is in the protected branches list, but it doesn't verify if the branch is from a fork. For PRs from forks, the branch deletion will fail because the workflow doesn't have permission to delete branches in the fork repository. Consider adding a check to skip deletion for fork PRs: if (context.payload.pull_request.head.repo.fork) { console.log('Skipping deletion for fork PR'); return; }

Suggested change
// Skip deletion for branches coming from forked repositories
const headRepo = context.payload.pull_request.head.repo;
if (headRepo && headRepo.fork) {
console.log('Skipping deletion for branch from forked repository');
return;
}

Copilot uses AI. Check for mistakes.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good suggestion

Comment thread .github/changes-filter.yaml Outdated
Comment thread .github/changes-filter.yaml Outdated
Comment thread .github/workflows/conventional-labels.yml Outdated
Comment thread .github/workflows/conventional-labels.yml Outdated
Comment thread .github/workflows/conventional-labels.yml

@msmygit msmygit left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've left comments to pin down at major.minor versions, otherwise, LGTM

Comment thread .github/workflows/labeler.yml Outdated
Comment thread .github/workflows/community-label.yml Outdated
Comment thread .github/workflows/conventional-labels.yml Outdated
Comment thread .github/workflows/conventional-labels.yml Outdated
Comment thread .github/workflows/pr-checks.yml Outdated
Comment thread .github/workflows/add-labels.yml Outdated
Comment thread .github/workflows/auto-delete-branch.yml Outdated
Comment thread .github/workflows/conventional-labels.yml Outdated

@aimurphy aimurphy left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mpawlow mpawlow left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@edwinjosechittilappilly

Code Review 1

  • See PR comments: (a) to (m)

Comment thread .github/workflows/conventional-labels.yml Outdated
Comment thread .github/workflows/pr-checks.yml
Comment thread .github/workflows/labeler.yml Outdated
Comment thread .github/workflows/add-labels.yml Outdated
Comment thread .github/workflows/add-labels.yml
Comment thread .github/changes-filter.yaml Outdated
console.log('PR description validation passed!');

label:
needs: [validate-pr-title]

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(j) [Minor] Label job not gated on description validation

  • If validate-pr-description fails, the label is still applied (i.e. PRs with bad descriptions still get auto-labeled).
  • Note: This is a Minor severity issue. Please feel free to ignore or optionally implement

steps:
- name: Validate PR title follows Conventional Commits
id: validate
uses: Namchee/[email protected]

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(k) [Minor] Security: Actions should be pinned to a commit SHA rather than a tag

  • For workflows using pull_request_target (which runs with elevated base-repo permissions), actions should ideally be pinned to commit SHAs rather than tags to prevent supply-chain attacks:
  • e.g.
 # Before (tag):
  - uses: bcoe/conventional-release-labels@v1
  # After (SHA-pinned):
  - uses: bcoe/conventional-release-labels@7b0c7d4b6c5b1e8a5c3c6d3e1b1a4f4b8a7e5c1d  # v1.0.0
  • This is a best practice
  • Same issue for bcoe/conventional-release-labels@v1
  • Same issue for actions/github-script@v8.
  • Note: This is a Minor severity issue. Please feel free to ignore or optionally implement

Comment thread .github/workflows/community-label.yml Outdated
steps:
- name: Add community label
if: github.event.pull_request.author_association != 'MEMBER' && github.event.pull_request.author_association != 'OWNER' && github.event.pull_request.author_association != 'COLLABORATOR'
uses: actions/[email protected]

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(l) [Minor] Security: Actions should be pinned to a commit SHA rather than a tag

  • For workflows using pull_request_target (which runs with elevated base-repo permissions), actions should ideally be pinned to commit SHAs rather than tags to prevent supply-chain attacks:
  • Note: This is a Minor severity issue. Please feel free to ignore or optionally implement

issues: write
steps:
- name: Manage LGTM Review Label
uses: actions/[email protected]

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(m) [Minor] Security: Actions should be pinned to a commit SHA rather than a tag

  • For workflows using pull_request_target (which runs with elevated base-repo permissions), actions should ideally be pinned to commit SHAs rather than tags to prevent supply-chain attacks:
  • Note: This is a Minor severity issue. Please feel free to ignore or optionally implement

Add guards so PR validation jobs only run for pull_request_target events. The validate-pr-title and validate-pr-description jobs now include `if: github.event_name == 'pull_request_target'`, and the Label PR job's condition was updated to `if: github.event_name == 'pull_request_target' && github.event.pull_request.user.type != 'Bot'`. This prevents duplicate or unintended runs on standard pull_request events and preserves the existing check to skip bot-created PRs.
Delete .github/semantic.yml and remove the validate-pr-title job from the conventional-labels workflow. Update the label job to depend on validate-pr-description instead of the removed title validation. This simplifies the PR validation flow by removing enforced Conventional Commit title checks and associated config.
Switch the workflow trigger from pull_request to pull_request_target so the action has write permissions to add labels on PRs from forks. Added inline note warning not to check out or run untrusted PR code because this workflow runs with base-repo permissions. Trigger types remain [opened, synchronize].
Update .github/workflows/add-labels.yml to listen for pull_request_review 'dismissed' events and treat a 'dismissed' review like 'changes_requested'. This ensures the LGTM label is removed when a review is dismissed and keeps PR labels in sync with review state.
Wrap the GitHub Actions github-script in a try/catch to make label management more resilient. Adds explicit handling for 404 (log and skip) and calls core.setFailed for other errors, plus clearer logs when adding/removing the 'lgtm' label. Changes are in .github/workflows/add-labels.yml to improve error reporting and avoid noisy failures when labels are concurrently removed.
Delete the redundant `description` fields for changelog categories in .github/release.yml to simplify the config. This relies on titles and labels for category identification and should not affect release generation behavior. Also trims a trailing blank line.
Replace floating action versions with exact commit SHAs in workflow files to ensure reproducible runs. Updated .github/workflows/community-label.yml and conventional-labels.yml to use a specific actions/github-script SHA (kept version comment), replaced bcoe/conventional-release-labels@v1 with its SHA, and updated actions/labeler reference in .github/workflows/labeler.yml to a specific SHA.

@mpawlow mpawlow left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review 2

Comment thread .github/workflows/conventional-labels.yml Outdated
@edwinjosechittilappilly edwinjosechittilappilly merged commit d4fa07e into main Feb 24, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci ⬛ CI/CD, build, and infrastructure issues

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants