Workflow to label new issues

[Kasinhou]

Problem description

https://github.com/dataquest-dev/dspace-customers/issues/439

Manual Testing (if applicable)

• Added to testing scenarios

Copilot review

• Requested review from Copilot

Summary by CodeRabbit

• Chores
  • Added automated labeling for newly created issues.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow file is added that triggers on issues: opened events. It runs a single job on ubuntu-latest with issues: write permissions, invoking dataquest-dev/gh-actions/start@main with secrets.GITHUB_TOKEN to auto-label new issues.

Changes

Auto Label New Issues Workflow

Layer / File(s)	Summary
Issue auto-label workflow definition .github/workflows/new_issue_label.yml	Adds a workflow triggered on issues: opened that grants issues: write permission and calls dataquest-dev/gh-actions/start@main with the repository GITHUB_TOKEN to automatically label new issues.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Workflow to label new issues' is concise, clear, and directly describes the main change—adding a GitHub Actions workflow for auto-labeling new issues.
Description check	✅ Passed	The PR description includes the required problem description section with a linked issue, but the Analysis, Problems, and Copilot review sections are either missing or incomplete.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/new_issue_label.yml (1)

7-18: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Consider adding concurrency control.

Without concurrency control, multiple issues opened simultaneously could trigger concurrent workflow runs that might create race conditions or attempt to apply labels in parallel.

⚙️ Proposed addition of concurrency control

 jobs:
   label-issue:
     runs-on: ubuntu-latest
+    concurrency:
+      group: label-issue-${{ github.event.issue.number }}
+      cancel-in-progress: false
     permissions:
       issues: write

This ensures each issue is processed independently without conflicts.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/new_issue_label.yml around lines 7 - 18, Add concurrency
control to the label-issue job to prevent race conditions when multiple issues
are opened simultaneously. Add a concurrency block at the job level (after the
permissions section) with a group identifier based on the issue context to
ensure sequential processing of label operations, preventing concurrent runs
from conflicting with each other.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/new_issue_label.yml:
- Line 15: The action reference dataquest-dev/gh-actions/start@main is using a
branch reference (`@main`) instead of a pinned commit SHA, which creates security
and stability risks. Replace `@main` with a specific commit SHA from the action
repository to pin the action to a known immutable version. Find the desired
version in the dataquest-dev/gh-actions repository, copy its full commit hash,
and update the uses field to reference that commit SHA instead of the branch.

---

Nitpick comments:
In @.github/workflows/new_issue_label.yml:
- Around line 7-18: Add concurrency control to the label-issue job to prevent
race conditions when multiple issues are opened simultaneously. Add a
concurrency block at the job level (after the permissions section) with a group
identifier based on the issue context to ensure sequential processing of label
operations, preventing concurrent runs from conflicting with each other.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d0dc24af-3b94-4c9a-bf3c-6d3b427c368b

📥 Commits

Reviewing files that changed from the base of the PR and between 22cfef5 and c1cec2a.

📒 Files selected for processing (1)

• .github/workflows/new_issue_label.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Pin the action to a specific commit SHA for security and stability.

Using @main references the latest version of the action, which poses security and stability risks:

• Security risk: If the action repository is compromised, malicious code could execute in your workflow.
• Stability risk: Breaking changes to the action will immediately affect this workflow without warning.

Pin to a specific commit SHA to ensure reproducible and secure builds.

🔒 Proposed fix to pin the action reference

-        uses: dataquest-dev/gh-actions/start@main
+        uses: dataquest-dev/gh-actions/start@<commit-sha>

Replace <commit-sha> with the full commit hash of the version you want to use. You can find this by visiting the repository and copying the commit SHA from the desired version.

🧰 Tools

🪛 zizmor (1.25.2)

[error] 15-15: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/new_issue_label.yml at line 15, The action reference
dataquest-dev/gh-actions/start@main is using a branch reference (`@main`) instead
of a pinned commit SHA, which creates security and stability risks. Replace
`@main` with a specific commit SHA from the action repository to pin the action to
a known immutable version. Find the desired version in the
dataquest-dev/gh-actions repository, copy its full commit hash, and update the
uses field to reference that commit SHA instead of the branch.

Source: Linters/SAST tools