mirror of
https://github.com/fleetdm/fleet
synced 2026-05-18 22:49:19 +00:00
b7440e8d7f
Automates bug triage by tagging issues based on age: `~old bug` for bugs ≥180 days, `~aging bug` for bugs ≥90 days. Relates to #39155. ## Changes **New workflow: `.github/workflows/tag-aging-bugs.yml`** - Runs daily at 8:06 UTC via cron, supports manual dispatch - Dry run mode (default: false) logs actions without modifying labels - Two-pass processing: 1. Bugs ≥180 days: adds `~old bug`, removes `~aging bug` if present 2. Bugs ≥90 days without either label: adds `~aging bug` - Uses github-script with pagination for scalability - Follows repo patterns (harden-runner, proper permissions) # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) ## Testing - [x] QA'd all new/changed functionality manually <!-- START COPILOT CODING AGENT SUFFIX --> <!-- START COPILOT ORIGINAL PROMPT --> <details> <summary>Original prompt</summary> > Add a GitHub Actions workflow that runs daily at 8:06am UTC, and can be manually dispatched. In that workflow, retrieve all issues labelled `bug` created >= 180 days ago that don't include the `~old bug` tag, then for each bug add the `~old bug` tag and remove `~aging bug` if it is applied. Then retrieve all issues labelled `bug` created >= 90 days ago that has neither `~aging bug` nor `~old bug` tags, and add the `~aging bug` tag. Include a dry run workflow parameter, default off, that logs rather than setting the label. </details> <!-- START COPILOT CODING AGENT TIPS --> --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey). --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: iansltx <472804+iansltx@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| config | ||
| auto-tag-unreleased-bugs.yml | ||
| build-binaries.yaml | ||
| build-fleetd-base-msi.yml | ||
| build-fleetd-base-pkg.yml | ||
| build-fleetd_tables.yaml | ||
| build-fleetdm-fleetctl-check-vulnerabilities.yml | ||
| build-orbit.yaml | ||
| check-automated-doc.yml | ||
| check-bomutils-vulnerabilities.yml | ||
| check-ms-protocol-feeds.yml | ||
| check-script-diff.yml | ||
| check-tuf-timestamps.yml | ||
| check-updates-timestamps.yml | ||
| check-vulnerabilities-in-released-docker-images.yml | ||
| check-wix-vulnerabilities.yml | ||
| close-stale-eng-initiated-issues.yml | ||
| code-sign-windows.yml | ||
| codeql-analysis.yml | ||
| collect-eng-metrics-test.yml | ||
| collect-eng-metrics.yml | ||
| db-upgrade-test.yml | ||
| dependency-review.yml | ||
| deploy-fleet-website.yml | ||
| deploy-vulnerability-dashboard.yml | ||
| docs.yml | ||
| dogfood-automated-policy-updates.yml | ||
| dogfood-deploy.yml | ||
| dogfood-gitops.yml | ||
| dogfood-signoz-deploy.yml | ||
| dogfood-update-testing-qa-apps.yml | ||
| fleet-and-orbit.yml | ||
| fleetctl-preview-latest.yml | ||
| fleetctl-preview.yml | ||
| fleetd-tuf.yml | ||
| generate-desktop-targets.yml | ||
| generate-nudge-targets.yml | ||
| generate-osqueryd-targets.yml | ||
| generate-swift-dialog-targets.yml | ||
| golangci-lint.yml | ||
| goreleaser-fleet.yaml | ||
| goreleaser-orbit.yaml | ||
| goreleaser-snapshot-fleet.yaml | ||
| ingest-maintained-apps.yml | ||
| integration.yml | ||
| loadtest-infra.yml | ||
| loadtest-osquery-perf.yml | ||
| loadtest-shared.yml | ||
| pr-helm.yaml | ||
| publish-go-module.yml | ||
| randokiller-go.yml | ||
| README.md | ||
| release-fleetctl-docker-deps.yaml | ||
| release-fleetd-base.yml | ||
| release-fleetd-chrome-beta.yml | ||
| release-fleetd-chrome.yml | ||
| release-helm.yaml | ||
| render-deploy.yml | ||
| scorecards-analysis.yml | ||
| secrets-to-confidential.yml | ||
| tag-aging-bugs.yml | ||
| test-android.yml | ||
| test-bulk-operations-dashboard-changes.yml | ||
| test-db-changes.yml | ||
| test-fleetd-chrome.yml | ||
| test-fma-darwin-pr-only.yml | ||
| test-fma-darwin.yml | ||
| test-fma-windows-pr-only.yml | ||
| test-fma-windows.yml | ||
| test-go.yaml | ||
| test-js.yml | ||
| test-mock-changes.yml | ||
| test-native-tooling-packaging.yml | ||
| test-packaging-build-docker-deps.yml | ||
| test-packaging.yml | ||
| test-puppet.yml | ||
| test-vulnerability-dashboard-changes.yml | ||
| test-website.yml | ||
| test-yml-specs.yml | ||
| tfvalidate.yml | ||
| trivy-scan.yml | ||
| update-certs.yml | ||
| update-old-tuf-timestamp-signature.yaml | ||
| update-osquery-versions.yml | ||
| validate-maintained-apps-inputs.yml | ||
| verify-fleetd-base.yml | ||
Github Actions
Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.
Bash
By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write
safer bash scripts in run jobs and avoid common issues, override the default by adding the following
to the workflow file
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
By specifying the default shell to bash, some extra flags are set. The option pipefail changes
the behaviour when using the pipe | operator such that if any command in a pipeline fails, that
commands return code will be used a the return code for the whole pipeline. Consider the following
example in test-go.yaml
- name: Run Go Tests
run: |
# omitted ...
make test-go 2>&1 | tee /tmp/gotest.log
If the pipefail option was not set, this job would always succeed because tee would always
return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.
Concurrency
Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
cancel-in-progress: true
When a workflow is triggered via a pull request, it will cancel previous running workflows for that
pull request. This is especially useful when changes are pushed to a pull request frequently.
Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to
main are unaffected.