fix: resolve team UUID from metadata query for Linear issue creation

msukkari · claude · msukkari · commit b492a5028b4f · 2026-04-17T17:50:34.000-07:00
LINEAR_TEAM_ID may be a team key/slug rather than a UUID. The
team(id:) query accepts both, but issueCreate requires a UUID.
Now resolves the actual UUID via the metadata query and uses that.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/trivy-vulnerability-triage.yml b/.github/workflows/trivy-vulnerability-triage.yml
@@ -470,17 +470,24 @@ jobs:
           REPOSITORY: ${{ github.repository }}
         run: |
           # Look up the "CVE" label ID and "Triage" state ID for the team
-          METADATA_QUERY='query($teamId: String!) { team(id: $teamId) { labels(filter: { name: { eq: "CVE" } }) { nodes { id } } states(filter: { name: { eq: "Triage" } }) { nodes { id } } } }'
+          METADATA_QUERY='query($teamId: String!) { team(id: $teamId) { id labels(filter: { name: { eq: "CVE" } }) { nodes { id } } states(filter: { name: { eq: "Triage" } }) { nodes { id } } } }'
           METADATA_PAYLOAD=$(jq -n --arg query "$METADATA_QUERY" --arg teamId "$LINEAR_TEAM_ID" \
             '{query: $query, variables: {teamId: $teamId}}')
           METADATA_RESPONSE=$(curl -s -X POST https://api.linear.app/graphql \
             -H "Content-Type: application/json" \
             -H "Authorization: $LINEAR_API_KEY" \
             -d "$METADATA_PAYLOAD")
 
+          # Resolve the actual team UUID (LINEAR_TEAM_ID may be a slug/key, but issueCreate requires a UUID)
+          TEAM_UUID=$(echo "$METADATA_RESPONSE" | jq -r '.data.team.id // empty')
           LABEL_ID=$(echo "$METADATA_RESPONSE" | jq -r '.data.team.labels.nodes[0].id // empty')
           STATE_ID=$(echo "$METADATA_RESPONSE" | jq -r '.data.team.states.nodes[0].id // empty')
 
+          if [ -z "$TEAM_UUID" ]; then
+            echo "::error::Could not resolve team UUID from LINEAR_TEAM_ID. Check the secret value."
+            exit 1
+          fi
+
           if [ -z "$LABEL_ID" ]; then
             echo "::warning::Could not find 'CVE' label in Linear team. Creating issues without label."
           fi
@@ -529,7 +536,7 @@ jobs:
 
             # Build variables JSON with jq to handle all escaping properly
             VARIABLES=$(jq -n \
-              --arg teamId "$LINEAR_TEAM_ID" \
+              --arg teamId "$TEAM_UUID" \
               --arg title "$ISSUE_TITLE" \
               --arg desc "$DESCRIPTION" \
               --argjson priority "$PRIORITY" \
