From 90acbccd80a85a2178b4039c77e99182524dcf39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 15:39:21 -0300 Subject: [PATCH 01/17] refactor(workflows): simplify Composer caching in reports, tests, and wiki workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/reports.yml | 15 +++++---------- .github/workflows/tests.yml | 14 +++++--------- .github/workflows/wiki.yml | 11 ++++------- 3 files changed, 14 insertions(+), 26 deletions(-) diff --git a/.github/workflows/reports.yml b/.github/workflows/reports.yml index 8f71b6473e..4ce0f2691c 100644 --- a/.github/workflows/reports.yml +++ b/.github/workflows/reports.yml @@ -22,23 +22,18 @@ jobs: steps: - uses: actions/checkout@v6 - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - - name: Cache Composer dependencies uses: actions/cache@v5 with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} - restore-keys: | - ${{ runner.os }}-composer- - + path: /tmp/composer-cache + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-composer- - name: Install dependencies uses: php-actions/composer@v6 env: COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ github.token }}"} }' + COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b31c681d49..b9b08609a1 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -38,23 +38,19 @@ jobs: steps: - uses: actions/checkout@v6 - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - - name: Cache Composer dependencies uses: actions/cache@v5 with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} - restore-keys: | - ${{ runner.os }}-composer- + path: /tmp/composer-cache + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: | + ${{ runner.os }}-composer- - name: Install dependencies uses: php-actions/composer@v6 env: COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ github.token }}"} }' + COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: ${{ matrix.php-version }} diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml index 5e2fda239e..6bdbd507c4 100644 --- a/.github/workflows/wiki.yml +++ b/.github/workflows/wiki.yml @@ -26,15 +26,11 @@ jobs: submodules: recursive fetch-depth: 0 - - name: Get Composer Cache Directory - id: composer-cache - run: echo "dir=$(composer config cache-files-dir)" >> "$GITHUB_OUTPUT" - - name: Cache Composer dependencies uses: actions/cache@v5 with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} + path: /tmp/composer-cache + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-composer- @@ -42,6 +38,7 @@ jobs: uses: php-actions/composer@v6 env: COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ github.token }}"} }' + COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' @@ -80,4 +77,4 @@ jobs: message: "Update wiki submodule pointer" default_author: github_actions pull: "--rebase --autostash" - push: true \ No newline at end of file + push: true From a6803ae51a0836718b15b647ea18255d4ccacd1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 15:53:12 -0300 Subject: [PATCH 02/17] feat(workflows): optimize Composer install arguments for reports, tests, and wiki workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/reports.yml | 2 ++ .github/workflows/tests.yml | 1 + .github/workflows/wiki.yml | 1 + 3 files changed, 4 insertions(+) diff --git a/.github/workflows/reports.yml b/.github/workflows/reports.yml index 4ce0f2691c..a4f81557c0 100644 --- a/.github/workflows/reports.yml +++ b/.github/workflows/reports.yml @@ -29,6 +29,7 @@ jobs: key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-composer- + - name: Install dependencies uses: php-actions/composer@v6 env: @@ -36,6 +37,7 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' + args: 'install --prefer-dist --no-progress --no-suggest --no-interaction --no-plugins --no-scripts' - name: Generate reports uses: php-actions/composer@v6 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b9b08609a1..be860daed5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -53,6 +53,7 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: ${{ matrix.php-version }} + args: 'install --prefer-dist --no-progress --no-suggest --no-interaction --no-plugins --no-scripts' - name: Resolve minimum coverage id: minimum-coverage diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml index 6bdbd507c4..638b15e010 100644 --- a/.github/workflows/wiki.yml +++ b/.github/workflows/wiki.yml @@ -41,6 +41,7 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' + args: 'install --prefer-dist --no-progress --no-suggest --no-interaction --no-plugins --no-scripts' - name: Create Docs Markdown uses: php-actions/composer@v6 From e43c41e93af24b8aa63092e442f52c92a928c4db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 15:54:35 -0300 Subject: [PATCH 03/17] refactor(workflows): standardize Composer install arguments across reports, tests, and wiki workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/reports.yml | 2 +- .github/workflows/tests.yml | 2 +- .github/workflows/wiki.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reports.yml b/.github/workflows/reports.yml index a4f81557c0..e4637dac0d 100644 --- a/.github/workflows/reports.yml +++ b/.github/workflows/reports.yml @@ -37,7 +37,7 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' - args: 'install --prefer-dist --no-progress --no-suggest --no-interaction --no-plugins --no-scripts' + args: 'install --prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' - name: Generate reports uses: php-actions/composer@v6 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index be860daed5..434f05e827 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -53,7 +53,7 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: ${{ matrix.php-version }} - args: 'install --prefer-dist --no-progress --no-suggest --no-interaction --no-plugins --no-scripts' + args: 'install --prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' - name: Resolve minimum coverage id: minimum-coverage diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml index 638b15e010..df33aed6df 100644 --- a/.github/workflows/wiki.yml +++ b/.github/workflows/wiki.yml @@ -41,7 +41,7 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' - args: 'install --prefer-dist --no-progress --no-suggest --no-interaction --no-plugins --no-scripts' + args: 'install --prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' - name: Create Docs Markdown uses: php-actions/composer@v6 From d34f75f74768e863e82067c449561a2945e24976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 15:56:26 -0300 Subject: [PATCH 04/17] refactor(workflows): separate command and args for Composer installation in tests and wiki workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/reports.yml | 3 ++- .github/workflows/tests.yml | 3 ++- .github/workflows/wiki.yml | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reports.yml b/.github/workflows/reports.yml index e4637dac0d..6b312d49d9 100644 --- a/.github/workflows/reports.yml +++ b/.github/workflows/reports.yml @@ -37,7 +37,8 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' - args: 'install --prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' + command: 'install' + args: '--prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' - name: Generate reports uses: php-actions/composer@v6 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 434f05e827..ac4cb0a60a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -53,7 +53,8 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: ${{ matrix.php-version }} - args: 'install --prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' + command: 'install' + args: '--prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' - name: Resolve minimum coverage id: minimum-coverage diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml index df33aed6df..c2c750df5c 100644 --- a/.github/workflows/wiki.yml +++ b/.github/workflows/wiki.yml @@ -41,7 +41,8 @@ jobs: COMPOSER_CACHE_DIR: /tmp/composer-cache with: php_version: '8.3' - args: 'install --prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' + command: 'install' + args: '--prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' - name: Create Docs Markdown uses: php-actions/composer@v6 From 1a6ec26b375608982ab78bb3e5533a2405878b36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:14:23 -0300 Subject: [PATCH 05/17] feat(workflows): add auto-assign workflow for PR authors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/auto-assign.yml | 21 +++++++++++++++++++++ resources/github-actions/auto-assign.yml | 14 ++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 .github/workflows/auto-assign.yml create mode 100644 resources/github-actions/auto-assign.yml diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml new file mode 100644 index 0000000000..200d7635e1 --- /dev/null +++ b/.github/workflows/auto-assign.yml @@ -0,0 +1,21 @@ +name: Auto assign PR author + +on: + issues: + types: [ opened, reopened ] + pull_request_target: + types: [ opened, reopened ] + workflow_call: + +permissions: + issues: write + pull-requests: write + +jobs: + assign-author: + runs-on: ubuntu-latest + steps: + - name: Auto assign PR author + uses: toshimaru/auto-author-assign@v3.0.1 + with: + repo-token: ${{ github.token }} diff --git a/resources/github-actions/auto-assign.yml b/resources/github-actions/auto-assign.yml new file mode 100644 index 0000000000..3826d0c958 --- /dev/null +++ b/resources/github-actions/auto-assign.yml @@ -0,0 +1,14 @@ +name: Auto assign + +on: + pull_request_target: + types: [opened, reopened] + issues: + types: [opened, reopened] + +jobs: + auto-assign: + permissions: + issues: write + pull-requests: write + uses: php-fast-forward/dev-tools/.github/workflows/auto-assign.yml@main From 985aaddae74235a23d60682cd30fd2c0ebcdf678 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:15:35 -0300 Subject: [PATCH 06/17] feat(workflows): add workflow_dispatch trigger to auto-assign workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/auto-assign.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index 200d7635e1..929b73c435 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -6,6 +6,7 @@ on: pull_request_target: types: [ opened, reopened ] workflow_call: + workflow_dispatch: permissions: issues: write From 7952368eacda72e039346f0c5ead8c5c78dd1330 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:17:03 -0300 Subject: [PATCH 07/17] feat(workflows): add 'synchronize' event to pull_request_target trigger for auto-assign MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/auto-assign.yml | 3 +-- resources/github-actions/auto-assign.yml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index 929b73c435..b761ff2bb1 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -4,9 +4,8 @@ on: issues: types: [ opened, reopened ] pull_request_target: - types: [ opened, reopened ] + types: [ opened, reopened, synchronize ] workflow_call: - workflow_dispatch: permissions: issues: write diff --git a/resources/github-actions/auto-assign.yml b/resources/github-actions/auto-assign.yml index 3826d0c958..14dfb4b3ff 100644 --- a/resources/github-actions/auto-assign.yml +++ b/resources/github-actions/auto-assign.yml @@ -2,7 +2,7 @@ name: Auto assign on: pull_request_target: - types: [opened, reopened] + types: [opened, reopened, synchronize] issues: types: [opened, reopened] From c7638bb0fcc5aa6503a31f35ef4c6ec1bb59994b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:34:45 -0300 Subject: [PATCH 08/17] feat(workflows): add Composer audit step to PHPUnit tests workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/tests.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ac4cb0a60a..288fb66a35 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -56,6 +56,12 @@ jobs: command: 'install' args: '--prefer-dist --no-progress --no-interaction --no-plugins --no-scripts' + - name: Composer Audit + uses: php-actions/composer@v6 + with: + php_version: ${{ matrix.php-version }} + command: 'audit' + - name: Resolve minimum coverage id: minimum-coverage run: echo "value=${INPUT_MIN_COVERAGE:-80}" >> "$GITHUB_OUTPUT" From 4f5041413a56d4e1f456681efaada93ce6044ddf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:39:26 -0300 Subject: [PATCH 09/17] Add label-sync workflow that copies issue labels to PRs --- .github/workflows/label-sync.yml | 50 +++++++++++++++++++++++++ resources/github-actions/label-sync.yml | 50 +++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 .github/workflows/label-sync.yml create mode 100644 resources/github-actions/label-sync.yml diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml new file mode 100644 index 0000000000..fb1aa7d1d1 --- /dev/null +++ b/.github/workflows/label-sync.yml @@ -0,0 +1,50 @@ +name: PR Label Sync + +on: + pull_request_target: + types: [opened, reopened, synchronize] + pull_request: + types: [opened, reopened, synchronize] + workflow_call: + inputs: + copy_issue_labels: + type: boolean + default: true + description: "Copy labels from linked issue" + +permissions: + contents: read + pull-requests: write + +jobs: + copy-issue-labels: + if: inputs.copy_issue_labels == true + runs-on: ubuntu-latest + steps: + - name: Extract issue number from PR + id: extract-issue + run: | + BODY='${{ github.event.pull_request.body }}' + TITLE='${{ github.event.pull_request.title }}' + + ISSUE=$(echo "$BODY $TITLE" | \ + grep -oE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \ + grep -oE '#[[:digit:]]+' | head -1 | tr -d '#') + + if [ -n "$ISSUE" ]; then + echo "issue_number=$ISSUE" >> "$GITHUB_OUTPUT" + fi + + - name: Copy labels from issue to PR + if: steps.extract-issue.outputs.issue_number != '' + run: | + ISSUE_NUM=${{ steps.extract-issue.outputs.issue_number }} + PR_NUM=${{ github.event.pull_request.number }} + + LABELS=$(gh issue view "$ISSUE_NUM" --json labels --jq '.labels[].name') + + for label in $LABELS; do + gh pr edit "$PR_NUM" --add-label "$label" 2>/dev/null || true + done + env: + GH_TOKEN: ${{ github.token }} \ No newline at end of file diff --git a/resources/github-actions/label-sync.yml b/resources/github-actions/label-sync.yml new file mode 100644 index 0000000000..fb1aa7d1d1 --- /dev/null +++ b/resources/github-actions/label-sync.yml @@ -0,0 +1,50 @@ +name: PR Label Sync + +on: + pull_request_target: + types: [opened, reopened, synchronize] + pull_request: + types: [opened, reopened, synchronize] + workflow_call: + inputs: + copy_issue_labels: + type: boolean + default: true + description: "Copy labels from linked issue" + +permissions: + contents: read + pull-requests: write + +jobs: + copy-issue-labels: + if: inputs.copy_issue_labels == true + runs-on: ubuntu-latest + steps: + - name: Extract issue number from PR + id: extract-issue + run: | + BODY='${{ github.event.pull_request.body }}' + TITLE='${{ github.event.pull_request.title }}' + + ISSUE=$(echo "$BODY $TITLE" | \ + grep -oE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \ + grep -oE '#[[:digit:]]+' | head -1 | tr -d '#') + + if [ -n "$ISSUE" ]; then + echo "issue_number=$ISSUE" >> "$GITHUB_OUTPUT" + fi + + - name: Copy labels from issue to PR + if: steps.extract-issue.outputs.issue_number != '' + run: | + ISSUE_NUM=${{ steps.extract-issue.outputs.issue_number }} + PR_NUM=${{ github.event.pull_request.number }} + + LABELS=$(gh issue view "$ISSUE_NUM" --json labels --jq '.labels[].name') + + for label in $LABELS; do + gh pr edit "$PR_NUM" --add-label "$label" 2>/dev/null || true + done + env: + GH_TOKEN: ${{ github.token }} \ No newline at end of file From d68a0882dac4e18b79fe31f8b55db4db9b66e8b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:40:51 -0300 Subject: [PATCH 10/17] Fix label-sync reusable workflow to match other resources patterns --- resources/github-actions/label-sync.yml | 51 ++++--------------------- 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/resources/github-actions/label-sync.yml b/resources/github-actions/label-sync.yml index fb1aa7d1d1..e99f9bb703 100644 --- a/resources/github-actions/label-sync.yml +++ b/resources/github-actions/label-sync.yml @@ -1,50 +1,13 @@ -name: PR Label Sync +name: Label sync on: pull_request_target: types: [opened, reopened, synchronize] - pull_request: - types: [opened, reopened, synchronize] - workflow_call: - inputs: - copy_issue_labels: - type: boolean - default: true - description: "Copy labels from linked issue" - -permissions: - contents: read - pull-requests: write + issues: + types: [opened, reopened] jobs: - copy-issue-labels: - if: inputs.copy_issue_labels == true - runs-on: ubuntu-latest - steps: - - name: Extract issue number from PR - id: extract-issue - run: | - BODY='${{ github.event.pull_request.body }}' - TITLE='${{ github.event.pull_request.title }}' - - ISSUE=$(echo "$BODY $TITLE" | \ - grep -oE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \ - grep -oE '#[[:digit:]]+' | head -1 | tr -d '#') - - if [ -n "$ISSUE" ]; then - echo "issue_number=$ISSUE" >> "$GITHUB_OUTPUT" - fi - - - name: Copy labels from issue to PR - if: steps.extract-issue.outputs.issue_number != '' - run: | - ISSUE_NUM=${{ steps.extract-issue.outputs.issue_number }} - PR_NUM=${{ github.event.pull_request.number }} - - LABELS=$(gh issue view "$ISSUE_NUM" --json labels --jq '.labels[].name') - - for label in $LABELS; do - gh pr edit "$PR_NUM" --add-label "$label" 2>/dev/null || true - done - env: - GH_TOKEN: ${{ github.token }} \ No newline at end of file + label-sync: + permissions: + pull-requests: write + uses: php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main \ No newline at end of file From 02052b3a41829e9183ebf65a453b2158e8d646c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:42:38 -0300 Subject: [PATCH 11/17] feat(workflows): update condition for label sync job to include non-workflow calls MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/label-sync.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index fb1aa7d1d1..b7ea41ab38 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -18,7 +18,7 @@ permissions: jobs: copy-issue-labels: - if: inputs.copy_issue_labels == true + if: inputs.copy_issue_labels == true || github.event_name != 'workflow_call' runs-on: ubuntu-latest steps: - name: Extract issue number from PR @@ -26,11 +26,11 @@ jobs: run: | BODY='${{ github.event.pull_request.body }}' TITLE='${{ github.event.pull_request.title }}' - + ISSUE=$(echo "$BODY $TITLE" | \ grep -oE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \ grep -oE '#[[:digit:]]+' | head -1 | tr -d '#') - + if [ -n "$ISSUE" ]; then echo "issue_number=$ISSUE" >> "$GITHUB_OUTPUT" fi @@ -40,11 +40,11 @@ jobs: run: | ISSUE_NUM=${{ steps.extract-issue.outputs.issue_number }} PR_NUM=${{ github.event.pull_request.number }} - + LABELS=$(gh issue view "$ISSUE_NUM" --json labels --jq '.labels[].name') - + for label in $LABELS; do gh pr edit "$PR_NUM" --add-label "$label" 2>/dev/null || true done env: - GH_TOKEN: ${{ github.token }} \ No newline at end of file + GH_TOKEN: ${{ github.token }} From e00250d4f2b378599862b86d291db3de75398b34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:44:12 -0300 Subject: [PATCH 12/17] Potential fix for pull request finding 'CodeQL / Code injection' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/label-sync.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index b7ea41ab38..b974536224 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -23,10 +23,10 @@ jobs: steps: - name: Extract issue number from PR id: extract-issue + env: + BODY: ${{ github.event.pull_request.body }} + TITLE: ${{ github.event.pull_request.title }} run: | - BODY='${{ github.event.pull_request.body }}' - TITLE='${{ github.event.pull_request.title }}' - ISSUE=$(echo "$BODY $TITLE" | \ grep -oE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \ grep -oE '#[[:digit:]]+' | head -1 | tr -d '#') From a96f99baade6196d9464a405cad16defca02e9d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:45:18 -0300 Subject: [PATCH 13/17] Potential fix for pull request finding 'CodeQL / Code injection' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/label-sync.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index b974536224..ab5c3c4f7f 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -38,13 +38,12 @@ jobs: - name: Copy labels from issue to PR if: steps.extract-issue.outputs.issue_number != '' run: | - ISSUE_NUM=${{ steps.extract-issue.outputs.issue_number }} - PR_NUM=${{ github.event.pull_request.number }} - LABELS=$(gh issue view "$ISSUE_NUM" --json labels --jq '.labels[].name') for label in $LABELS; do gh pr edit "$PR_NUM" --add-label "$label" 2>/dev/null || true done env: + ISSUE_NUM: ${{ steps.extract-issue.outputs.issue_number }} + PR_NUM: ${{ github.event.pull_request.number }} GH_TOKEN: ${{ github.token }} From 4235118114c2c7d75bfcc2152002f58887d91ace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:47:00 -0300 Subject: [PATCH 14/17] fix(workflows): corrigir nome do workflow para 'Pull Request Label Sync' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/label-sync.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index ab5c3c4f7f..28bfc5fc26 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -1,4 +1,4 @@ -name: PR Label Sync +name: Pull Request Label Sync on: pull_request_target: From cc9143744e8847e4531ed16ad2600fc0453d4650 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:52:32 -0300 Subject: [PATCH 15/17] fix(workflows): simplify the extraction of the issue number in the label synchronization workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/label-sync.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 28bfc5fc26..c3ae448544 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -27,9 +27,7 @@ jobs: BODY: ${{ github.event.pull_request.body }} TITLE: ${{ github.event.pull_request.title }} run: | - ISSUE=$(echo "$BODY $TITLE" | \ - grep -oE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \ - grep -oE '#[[:digit:]]+' | head -1 | tr -d '#') + ISSUE=$(echo "$TITLE $BODY" | grep -oiE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+') if [ -n "$ISSUE" ]; then echo "issue_number=$ISSUE" >> "$GITHUB_OUTPUT" From 305a8fd13924bdb14fab6600cae370dcbc5c778b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:53:44 -0300 Subject: [PATCH 16/17] fix(workflows): improve the extraction of the issue number in the label synchronization workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felipe Sayão Lobato Abreu --- .github/workflows/label-sync.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index c3ae448544..c2f31dec85 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -27,7 +27,9 @@ jobs: BODY: ${{ github.event.pull_request.body }} TITLE: ${{ github.event.pull_request.title }} run: | - ISSUE=$(echo "$TITLE $BODY" | grep -oiE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+') + ISSUE=$(echo "$TITLE $BODY" | \ + grep -oiE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \ + grep -oE '#[[:digit:]]+' | head -1 | tr -d '#') if [ -n "$ISSUE" ]; then echo "issue_number=$ISSUE" >> "$GITHUB_OUTPUT" From 6c039dd878def0b83c0b931fad492ffd55d8f8f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Say=C3=A3o=20Lobato=20Abreu?= Date: Sat, 11 Apr 2026 16:54:54 -0300 Subject: [PATCH 17/17] Fix label-sync to specify repo and add checkout step --- .github/workflows/label-sync.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index c2f31dec85..def93c28ff 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -21,6 +21,9 @@ jobs: if: inputs.copy_issue_labels == true || github.event_name != 'workflow_call' runs-on: ubuntu-latest steps: + - name: Checkout + uses: actions/checkout@v6 + - name: Extract issue number from PR id: extract-issue env: @@ -38,12 +41,13 @@ jobs: - name: Copy labels from issue to PR if: steps.extract-issue.outputs.issue_number != '' run: | - LABELS=$(gh issue view "$ISSUE_NUM" --json labels --jq '.labels[].name') + LABELS=$(gh issue view "$ISSUE_NUM" --repo "$REPO" --json labels --jq '.labels[].name') for label in $LABELS; do - gh pr edit "$PR_NUM" --add-label "$label" 2>/dev/null || true + gh pr edit "$PR_NUM" --repo "$REPO" --add-label "$label" 2>/dev/null || true done env: ISSUE_NUM: ${{ steps.extract-issue.outputs.issue_number }} PR_NUM: ${{ github.event.pull_request.number }} + REPO: ${{ github.repository }} GH_TOKEN: ${{ github.token }}