Add GitHub Actions workflow for smoke test issues #267111
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds a GitHub Actions workflow to automatically check for existing smoke test failure issues and create a new one if none exist. The workflow is designed to prevent duplicate smoke test issues by searching for open issues with "smoke test failure" in the title.
Key changes:
- Adds automated issue detection and creation for smoke test failures
- Implements conditional logic to avoid duplicate issues
- Uses GitHub's search API to query existing issues
| with: | ||
| title: "Automated Smoke Test Issue" | ||
| body: | | ||
| This issue was created automatically because no existing open issues about "smoke test" were found. |
There was a problem hiding this comment.
The automatically created issue title and body are not informative enough for maintainers. Consider including more context such as the triggering event, timestamp, or specific failure details to make the issue actionable.
| This issue was created automatically because no existing open issues about "smoke test" were found. | |
| This issue was created automatically because no existing open issues about "smoke test" were found. | |
| **Triggering Event:** ${{ github.event_name }} | |
| **Commit SHA:** ${{ github.sha }} | |
| **Workflow Run URL:** https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| **Timestamp:** ${{ github.run_started_at }} |
Copilot uses AI. Check for mistakes.
|
|
||
| - name: Print found issue | ||
| if: steps.search.outputs.count != '0' | ||
| run: echo "Found an existing smoke test issue" |
There was a problem hiding this comment.
The echo message doesn't provide the URL of the found issue, making it less useful for debugging. Consider using the first_issue_url output: echo \"Found existing issue: ${{ steps.search.outputs.first_issue_url }}\"
| run: echo "Found an existing smoke test issue" | |
| run: echo "Found existing issue: ${{ steps.search.outputs.first_issue_url }}" |
Copilot uses AI. Check for mistakes.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Search for "smoke test" issues | ||
| id: search | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const query = 'repo:${{ github.repository }} is:issue is:open in:title "smoke test failure"'; | ||
| const result = await github.rest.search.issuesAndPullRequests({ q: query }); | ||
| core.setOutput("count", result.data.total_count); | ||
| core.setOutput("first_issue_url", result.data.items.length > 0 ? result.data.items[0].html_url : ""); | ||
|
|
||
| - name: Condition to create issue | ||
| if: steps.search.outputs.count == '0' | ||
| uses: peter-evans/create-issue@v5 | ||
| with: | ||
| title: "Automated Smoke Test Issue" | ||
| body: | | ||
| This issue was created automatically because no existing open issues about "smoke test" were found. | ||
|
|
||
| - name: Print found issue | ||
| if: steps.search.outputs.count != '0' |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix this problem, it's necessary to explicitly set the permissions key in the workflow file. This can be done at the root level (applies to all jobs by default) or within an individual job. For this workflow, the two main operations are:
- Searching issues: Requires
contents: read, but to interact with issues more safelyissues: readcan be specified. - Creating an issue: Requires
issues: write.
The recommended approach is to set permissions: at the root of the workflow, granting only contents: read and issues: write. This restricts the GITHUB_TOKEN to just the scopes needed to search and create issues, following the principle of least privilege.
Concrete changes:
- Insert a
permissions:block after the workflowname:and beforeon:, in.github/workflows/main.yml. - The block should specify:
permissions: contents: read issues: write
No other code needs modification, as no additional steps or features are affected.
| @@ -1,4 +1,7 @@ | ||
| name: Check for Existing Smoke Test Issues | ||
| permissions: | ||
| contents: read | ||
| issues: write | ||
|
|
||
| on: | ||
| push: |
No description provided.