When a PR is opened as draft and later marked ready for review, the
check-requirements job's if filter excluded the ready_for_review action,
so the screening workflow never ran and unmet-requirements was never
applied. Add ready_for_review to the action filter so screening runs
when a draft PR transitions to requesting review.
Companion fix in desktop/gh-cli-and-desktop-shared-workflows updates the
called workflow's own filters to handle ready_for_review consistently.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
https://github.com/actions/attest-build-provenance#usage
> As of version 4, actions/attest-build-provenance is simply a wrapper
> on top of actions/attest.
>
> Existing applications may continue to use the attest-build-provenance
> action, but new implementations should use actions/attest instead.
Opts in to the new PR screening features in the shared triage workflow:
- Instantly closes PRs with zero file changes
- Detects same-author resubmissions of recently closed PRs
- Fast-tracks small, well-described fixes to ready-for-review
- Accelerates closure of large unsolicited PRs (3 days vs 7)
Depends on desktop/gh-cli-and-desktop-shared-workflows#17
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This ensures that an approval from @cli/code-reviewers can satisfy the
CODEOWNERS requirement for any path, not just the catch-all wildcard.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Clarify that a dependency having a CVE does not mean gh has a
vulnerability. We use govulncheck for reachability analysis and
ask reporters to demonstrate impact before we act on dependency CVE
reports.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The bug_report, submit-a-request, and submit-a-design-proposal issue
templates currently auto-apply 'bug' and 'enhancement' labels. This
causes issues to arrive pre-labeled with types that may not be accurate,
making triage harder since the template-applied labels can't be trusted.
Removing auto-labels ensures all type classification happens during
triage, giving the team confidence that labeled issues have been
reviewed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Prevents no-response from accidentally closing issues when manually
dispatching the workflow for pitch surfacing.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
golangci-lint v2.6.0 was built with Go 1.25 and cannot lint code targeting
Go 1.26.1. Go 1.26 support was added in golangci-lint v2.9.0.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace prauto.yml and pr-help-wanted.yml with a single
triage-pull-requests.yml that calls shared reusable workflows from
desktop/gh-cli-and-desktop-shared-workflows:
- triage-label-external-pr: labels external PRs with external,needs-triage
- triage-close-from-default-branch: closes PRs opened from trunk
- triage-pr-requirements: enforces body length + help-wanted issue linkage
- triage-close-no-help-wanted: closes PRs labeled no-help-wanted-issue
- triage-ready-for-review: removes needs-triage on ready-for-review label
Also adds a daily schedule to auto-close PRs with unmet requirements
after 7 days.
Deletes:
- prauto.yml
- pr-help-wanted.yml
- scripts/check-help-wanted.sh
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Rename .github/workflows/triage.yml to .github/workflows/triage-discussion-label.yml and update the workflow name from "Discussion Triage" to "Process Discuss Label" to better reflect its intent.
The `environment` property cannot be set at the job level when using
`uses:` to call a reusable workflow. Pass it as a workflow input instead.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Enable manual runs of the Bump Go workflow by adding the workflow_dispatch trigger alongside the existing scheduled cron. This allows maintainers to trigger the bump process on-demand while keeping the daily 3 AM UTC schedule intact.
We need to tag the HEAD commit to make sure the right version is baked
into the built binaries.
See for more details:
- https://github.com/cli/cli/issues/12263
Signed-off-by: Babak K. Shandiz <babakks@github.com>
