Skip to content

PM: Add checks for author association in first-time contributor label… #73965

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SirLouen wants to merge 2 commits into
base: trunk
Choose a base branch
from
Open

PM: Add checks for author association in first-time contributor label… #73965

SirLouen wants to merge 2 commits into from
+8 −0

Conversation

@SirLouen
Copy link
Member

@SirLouen SirLouen commented Dec 12, 2025

Following the troubles with First Time Contribution triggering wrongly

Like in:
#73961 (comment).

I'm proposing here adding the author_association to check for more trustworthy references.

More info: https://michaelheap.com/github-actions-check-permission/

@github-actions
Copy link

github-actions bot commented Dec 12, 2025
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: SirLouen <sirlouen@git.wordpress.org>
Co-authored-by: talldan <talldanwp@git.wordpress.org>
Co-authored-by: mcsf <mcsf@git.wordpress.org>
Co-authored-by: Mamaduka <mamaduka@git.wordpress.org>
Co-authored-by: desrosj <desrosj@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@SirLouen SirLouen added the [Type] Project Management Meta-issues related to project management of Gutenberg label Dec 12, 2025
@SirLouen SirLouen added the GitHub Actions Pull requests that update GitHub Actions code label Dec 12, 2025
@SirLouen SirLouen requested a review from talldan December 12, 2025 12:42
@SirLouen
Copy link
Member Author

SirLouen commented Dec 12, 2025

cc @talldan

@Mamaduka
Copy link
Member

Mamaduka commented Dec 12, 2025

It looks like the core repo is using wow-actions/welcome action for similar messages, maybe we should do the same. cc @desrosj

https://github.com/WordPress/wordpress-develop/blob/trunk/.github/workflows/pull-request-comments.yml

@SirLouen SirLouen force-pushed the gha/first-time-contributor branch from 9b65bf2 to 54cb6d8 Compare December 15, 2025 14:38
@SirLouen SirLouen requested a review from talldan December 15, 2025 14:39
mcsf
mcsf reviewed Dec 15, 2025
View reviewed changes
packages/project-management-automation/lib/tasks/first-time-contributor-label/index.js
`first-time-contributor: Author association is ${ authorAssociation }. Aborting`
);
return;
}
Copy link
Contributor

@mcsf mcsf Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this in place, do we still need the older check based on octokit.rest.repos.listCommits?

Copy link
Member Author

@SirLouen SirLouen Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've left it for legacy purposes or failover... but technically not.

SirLouen
SirLouen commented Dec 15, 2025
View reviewed changes
packages/project-management-automation/lib/tasks/first-time-contributor-label/index.js
Comment on lines 35 to 50
debug(
`first-time-contributor: Searching for commits in ${ owner }/${ repo } by @${ author }`
);

const { data: commits } = await octokit.rest.repos.listCommits( {
owner,
repo,
author,
} );

if ( commits.length > 0 ) {
debug(
`first-time-contributor-label: Not the first commit for author. Aborting`
);
return;
}
Copy link
Member Author

@SirLouen SirLouen Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mcsf your idea is removing this block?

@desrosj
Copy link
Member

desrosj commented Dec 16, 2025

It looks like the core repo is using wow-actions/welcome action for similar messages, maybe we should do the same. cc @desrosj

https://github.com/WordPress/wordpress-develop/blob/trunk/.github/workflows/pull-request-comments.yml

I just wanted to mention that I don't love having to rely on this third-party action for a simple comment. Especially with the pull_request_target requirement (even though wordpress-develop uses it in a safe way). Using github.event.pull_request.author_association directly in the workflow is interesting, but it only fixes the first part of the problem and not the need to use a more privileged event.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcsf mcsf mcsf left review comments

@Mamaduka Mamaduka Awaiting requested review from Mamaduka

@t-hamano t-hamano Awaiting requested review from t-hamano

@talldan talldan Awaiting requested review from talldan

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

GitHub Actions Pull requests that update GitHub Actions code [Type] Project Management Meta-issues related to project management of Gutenberg

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@SirLouen @Mamaduka @desrosj @mcsf @talldan