Open
Conversation
Move issue triage automation into the org .github repository so target repositories can call one shared Flue workflow. Add the Sentry Intern persona, central repository allowlist, manual issue dispatch path, and focused validation coverage. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Validate the repository input before exporting a canonical owner/name value and pass that sanitized value through environment variables in shell steps. This avoids evaluating caller-controlled repository text while preserving the reusable workflow contract. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Subscribe the shared issue triage workflow to opened issue events directly from .github instead of exposing it as a reusable workflow. Resolve the target repository and issue number from either the issue event or manual dispatch before the feature allowlist and agent steps run. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Keep duplicate triage from crashing when GitHub mutations fail. Duplicate closure now records comment, label, and close failures in the result so the workflow can surface human-review context instead of throwing through the whole run. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Keep issue triage as a reusable workflow because GitHub Actions event triggers run in the repository where the event occurs. Document the required local caller workflow and require workflow_call invocations to target the caller repository before the feature allowlist and token creation steps run. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Check whether the installed gh CLI supports --duplicate-of before linking duplicate closures. Fall back to --reason duplicate on older runners so duplicate triage can still close the issue instead of degrading to human review. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Validate the reusable workflow against GitHub Actions and action input contracts. Keep the workflow scoped to getsentry, validate required secrets before token creation, and configure pnpm setup to read automation/package.json. Also reject cross-repository duplicate candidates before automatic closure so only same-repo duplicates can be closed without human review. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Member
Author
|
if this ends up too painful i going to just set it up as a service, and bind a workflow here that calls a custom action |
Return an unavailable repository context when the prepared checkout path is missing or not a git checkout. This keeps the diagnosis stage from trusting a checkout path that cannot be inspected. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Install Prettier, lint-staged, simple-git-hooks, and a repo-local actionlint wrapper so workflow linting can run through pnpm. Format existing supported files once so the new lint gate starts green. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit debb181. Configure here.
Derive the current repository from the issue URL when the payload omits it, and fall back to human review if either side of the duplicate comparison cannot be validated. This preserves the same-repository auto-close invariant for direct CLI invocations too. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a reusable Flue issue triage workflow in getsentry/.github so target repositories can call one shared Sentry Intern triage implementation instead of carrying local Flue code. The workflow also keeps a manual workflow_dispatch path that points at a specific issue for a real smoke test.
Sentry Intern Triage
The Flue agent enforces a first-sentence Sentry Intern identity in comments, keeps the casually professional triage voice in the skill, and inherits not-planned closure when the canonical duplicate was closed that way. Automatic duplicate closure is limited to same-repository candidates; cross-repository matches now fall back to human review.
Repository Gate
A central feature registry enables issue triage for getsentry/cli, getsentry/dotagents, getsentry/junior, getsentry/sentry-mcp, getsentry/vitest-evals, and getsentry/warden. Reusable workflow calls must target their own getsentry repository, and the workflow checks the feature registry before creating the GitHub App token or checking out the target repository.
Workflow Contracts
The workflow validates required Flue secrets and variables before creating the Sentry Intern token, scopes the app token to issues write on the target repository, and uses the caller GITHUB_TOKEN for source checkout. pnpm setup reads automation/package.json so the pinned action can resolve the packageManager field from the checked-out automation repo, and the Flue agent now treats missing or invalid prepared checkouts as unavailable instead of trusted.
Local Tooling
Adds repo-local Prettier, actionlint, lint-staged, and simple-git-hooks wiring so workflow and formatting checks can run with pnpm before commit. The actionlint wrapper handles both full-repo runs and lint-staged file lists.
Validation
Validated with pnpm run lint, lint-staged against the PR diff, focused Vitest coverage, Flue node build, YAML parsing, allowlist accept and reject checks, pinned action tag checks, git diff whitespace checks, and the PR check suite.