feat(ci): add @qwen /triage workflow for automated issue and PR triage#4768
Merged
Conversation
Adds a new GitHub Actions workflow that triggers triage on: - Issue opened - PR opened - Maintainer comment containing `@qwen /triage` (re-triage) - Manual workflow_dispatch Uses qwen-code-action to invoke the existing triage skill. Includes: - Repo checkout so the skill files are accessible - Bot self-comment exclusion to prevent infinite loops - Concurrency grouping to avoid parallel runs on the same target - Updated followup bot skip list with 3 new markers
2422835 to
ef04e48
Compare
Contributor
📋 Review SummaryThis PR introduces an automated triage workflow ( 🔍 General Feedback
🎯 Specific Feedback🔴 Critical
🟡 High
🟢 Medium
🔵 Low
✅ Highlights
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a new GitHub Actions workflow to run the repo-local .qwen/skills/triage/ automation for newly opened issues/PRs and for maintainer-invoked re-triage via @qwen /triage, and updates the existing follow-up bot to recognize additional triage/intake marker comments.
Changes:
- Add a new
qwen-triage.ymlworkflow to auto-triage issues and PRs and allow maintainer-triggered re-triage via comment or manual dispatch. - Extend the issue follow-up bot’s marker skip list to include additional triage/intake coordination markers.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/qwen-triage.yml | New workflow to run the /triage skill on issue/PR events and on maintainer-triggered re-triage. |
| .github/workflows/qwen-issue-followup-bot.yml | Adds new marker comments to the “already handled” skip list for coordination with triage/intake. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
Code Coverage Summary
CLI Package - Full Text ReportCore Package - Full Text ReportFor detailed HTML reports, please see the 'coverage-reports-22.x-ubuntu-latest' artifact from the main CI run. |
Collaborator
Author
Triage Report (Local Validation)Intake gate: ✅ passed — template complete, direction aligned, scope focused (+97 lines, 2 files) This PR adds a GitHub Actions workflow to invoke the existing triage skill (#4577) on issue/PR events. CI-only, no core code touched. Local Verification Results1. actionlint: ✅ zero errors 2. Trigger condition tests (act + shell simulation, 16 cases):
3. act dryrun (colima + Docker):
4. Gate model evaluation (PR #4768):
中文说明本地验证通过。actionlint 零错误,16 个触发条件测试全部通过,act dryrun 确认 job 级别的 if 条件正确。 两种触发方式验证:
— Qwen Code |
pomelo-nwu
approved these changes
Jun 4, 2026
pomelo-nwu
left a comment
Collaborator
There was a problem hiding this comment.
LGTM,Teacher Jinjing!
Contributor
|
Thanks for the PR! Template: All required headings present ✓ Direction: This adds automated triage infrastructure using the existing skill (#4577). CI-only change, no core code touched. The automation scope is appropriate — issue/PR opened events plus maintainer-triggered re-triage via Approach: Scope is focused (+97 lines, 2 files). The workflow correctly:
No concerns at this stage. Proceeding to code review. 中文说明PR 模板完整,方向正确(利用现有 skill 做自动化 triage),scope 聚焦(+97 行,2 个文件)。 工作流设计正确:
进入代码审查阶段。 — Qwen Code · qwen3.7-max |
Contributor
Code Review
|
| Aspect | Status | Notes |
|---|---|---|
| Event triggers | ✓ | issues.opened, pull_request_target.opened, issue_comment.created, workflow_dispatch |
| Concurrency | ✓ | Groups by issue/PR number, cancels in-progress runs |
| Permissions | ✓ | Least-privilege: contents: read, issues/pull-requests: write, actions: write (required for qwen-code-action) |
| Repository guard | ✓ | github.repository == 'QwenLM/qwen-code' |
| Fork PR handling | ✓ | Not explicitly blocked in if, but pull_request_target only triggers on base repo PRs — fork PRs won't have write permissions |
| Comment trigger | ✓ | contains(github.event.comment.body, '@qwen-code /triage') — exact match required |
| Author restriction | ✓ | OWNER, MEMBER, COLLABORATOR only; excludes github-actions[bot] |
| Checkout version | ✓ | Pinned to SHA de0fac2e4500dabe0009e67214ff5f5447ce83dd (v6.0.2) |
| Action version | ✓ | Pinned to SHA 5fd6818d04d64e87d255ee4d5f77995e32fbf4c2 |
| Secret handling | ✓ | All secrets passed via env/with, never logged |
| Target resolution | ✓ | Correctly handles all 4 event types |
Security considerations:
pull_request_targetruns in base repo context — safe because workflow only reads the PR number and invokes qwen-code-action with GITHUB_TOKEN (no write access to code)- No
actions: writepermission that could allow workflow manipulation - Comment trigger requires exact
@qwen-code /triagestring — prevents accidental triggers - Bot self-exclusion prevents infinite loops
.github/workflows/qwen-issue-followup-bot.yml (modified)
Change: Added 3 new marker comments to the skip list:
<!-- qwen-issue-bot:welcome-pr --><!-- qwen-maintain:welcome-pr --><!-- qwen-maintain:pr-intake -->
This ensures the follow-up bot skips PRs that already have intake/triage markers, preventing duplicate bot comments. ✓
No tmux screenshots — this is a CI-only change with no TUI impact.
中文说明
代码审查:
qwen-triage.yml 结构正确:
- 事件触发:issues.opened, pull_request_target.opened, issue_comment.created, workflow_dispatch
- concurrency 按 issue/PR 编号分组,取消进行中的运行
- 权限最小化
- 仓库保护:只响应 QwenLM/qwen-code
- 评论触发需要精确匹配
@qwen-code /triage - 作者限制:仅 OWNER/MEMBER/COLLABORATOR
- 所有 action 使用 SHA 固定版本
安全考虑:
pull_request_target在基础仓库上下文中运行,但只读取 PR 编号- 无
actions: write权限 - Bot 自我排除防止无限循环
qwen-issue-followup-bot.yml 变更:添加 3 个新的 marker 到跳过列表,防止重复 bot 评论。
无 tmux 截图 — 纯 CI 变更,无 TUI 影响。
— Qwen Code · qwen3.7-max
Contributor
Final Decision: PASS ✓This PR is ready to merge. Summary: What it does:
Why it's safe:
Verification path:
Labels: The existing labels ( 中文说明最终决定:通过 ✓ 变更内容:
安全原因:
验证路径:
标签: 现有标签已正确,无需更改。 — Qwen Code · qwen3.7-max |
This was referenced Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
qwen-triage.ymlworkflow for automated issue/PR triage via GitHub Actions.qwen/skills/triage/skill (feat(skills): add triage skill for issue/PR gatekeeping #4577)Triggers
@qwen /triagecommentworkflow_dispatchSafety
github-actions[bot]) prevents infinite loopspull_request_targetto prevent secret exfiltrationactions: write(not needed by any step)Changes
.github/workflows/qwen-triage.yml— new workflow.github/workflows/qwen-issue-followup-bot.yml— skip list +3 markersTest plan
@qwen /triageon an existing issue → verify re-triage