Feature/add grace period minutes#94
Merged
Kavirubc merged 5 commits intosimiligh:mainfrom Mar 3, 2026
Merged
Conversation
Signed-off-by: SachinduNethmin <108050026+Sachindu-Nethmin@users.noreply.github.com>
The built-in github.token already has issues:write via the workflow permissions block, so prefer it when GH_PAT is absent or misconfigured. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: SachinduNethmin <108050026+Sachindu-Nethmin@users.noreply.github.com>
GH_PAT is set but missing issues:write scope, causing 403 errors. The workflow already declares permissions: issues: write, so the built-in github.token has everything needed to close and label issues. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: SachinduNethmin <108050026+Sachindu-Nethmin@users.noreply.github.com>
Tests added: - TestGracePeriodFromConfig: validates minutes override > hours config > 72h default precedence in the grace period computation logic - TestGracePeriodMinutesExpiry: validates expiry checks across several minutes-based grace periods and label ages - TestGracePeriodMinutesCLIMapping: validates that CLI flag 0/negative maps to 1, positive values are stored as-is, and absent flag leaves override at 0 - TestRepoFlagParsing: validates owner/repo split for valid and invalid inputs Docs added: - README: new simili auto-close CLI section covering flags, grace period precedence table, simili.yaml config, human activity signals, and workflow_dispatch usage example Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: SachinduNethmin <108050026+Sachindu-Nethmin@users.noreply.github.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review infoConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds a configurable grace-period input to the auto-close GitHub Actions workflow, switches the workflow token to Changes
Sequence DiagramsequenceDiagram
actor User
participant "GitHub Actions" as GH_Action
participant "simili-cli" as Simili
participant "Repository" as Repo
User->>GH_Action: trigger workflow (optional grace_period_minutes)
GH_Action->>GH_Action: validate/construct GRACE_ARGS
GH_Action->>Simili: run `simili auto-close` with GRACE_ARGS
Simili->>Repo: list issues labeled potential-duplicate
Simili->>Simili: compute grace expiry per issue
Simili->>Repo: if expired and no human activity -> relabel & close
Simili-->>GH_Action: return status
GH_Action-->>User: workflow complete
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related issues
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/auto-close.yml:
- Around line 63-65: The workflow currently interpolates the input into
GRACE_FLAG allowing shell injection; instead, read the input into an environment
variable (e.g., GRACE_PERIOD_INPUT), validate it with a numeric regex (only
digits) and reject/ignore non-matching values, then build the kubectl/command
argument as a safe array/explicit argument (e.g., pass "--grace-period-minutes"
and the validated value as separate, quoted arguments) rather than expanding an
unquoted string in GRACE_FLAG; update handling around GRACE_FLAG and
inputs.grace_period_minutes to use the env var, the regex check, and pass the
argument safely to prevent word-splitting/command substitution.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
.github/workflows/auto-close.ymlREADME.mdcmd/simili/commands/auto_close_test.gointernal/steps/auto_closer_test.go
inputs.grace_period_minutes is a free-text string that was previously interpolated directly into the shell script body, allowing a crafted value (e.g. "1 $(malicious)") to execute arbitrary commands. Fix: - Assign the input to GRACE_PERIOD_INPUT env var so it never reaches the script body as a template expression. - Validate with ^[0-9]+$ before use; emit a ::warning:: and skip the flag if the value is non-numeric. - Build the argument as a bash array (GRACE_ARGS) so the flag name and value are always passed as two separate quoted tokens, eliminating word-splitting and command-substitution risks. Signed-off-by: SachinduNethmin <108050026+Sachindu-Nethmin@users.noreply.github.com>
Contributor
🧪 E2E Test✅ Bot responded: yes | Auto-closer (dry-run) | processed: 0 closed: 0 grace: 0 human: 0 | Test repo → gh-simili-bot/simili-e2e-22589098648 Auto-generated by E2E pipeline |
Kavirubc
approved these changes
Mar 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a
grace_period_minutesworkflow dispatch input to the auto-close workflow, allowing users to manually specify a grace period in minutes. Once the grace period expires, issues labelledpotential-duplicateare automatically labelledduplicateand closed.Also fixes a 403 permission error that occurred when
GH_PATwas set but lackedissues:writescope — the workflow now uses the built-ingithub.tokenwhich already has the correct permissions via thepermissionsblock.Type of Change
Related Issues
Relates to #12
Changes Made
grace_period_minutesinput toworkflow_dispatchinauto-close.yml— accepts a number of minutes; leave empty to use the configured default (72 h)--grace-period-minutesflag to the CLI when the input is setsecrets.GH_PATwithgithub.tokento fix 403 errors caused by an under-scoped PAT; the workflowpermissions: issues: writeblock already grants the built-in token everything it needsTesting
go build ./...successfullygo test ./...successfullygo vet ./...successfullyManually triggered the workflow with
grace_period_minutes=1— issues #15 and #16 were successfully labelledduplicateand closed within seconds.Screenshots (if applicable)
Workflow run output:
Checklist
Additional Notes
The
grace_period_minutesinput overrides thegrace_period_hoursvalue in.github/simili.yamlfor that specific run only. The daily scheduled run continues to use the config file value.Summary by CodeRabbit
New Features
Documentation
Tests