chancloser: account for aux close outputs in initial coop close fee baseline #479
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Severity Classification | |
| on: | |
| # Use pull_request_target to allow running on fork PRs with access to secrets. | |
| # This is safe because we don't checkout or execute any code from the PR - | |
| # we only read PR metadata (changed files, labels) via the GitHub API. | |
| pull_request_target: | |
| types: [opened, synchronize, labeled] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| concurrency: | |
| group: pr-severity-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| classify: | |
| name: Classify PR Severity | |
| runs-on: ubuntu-latest | |
| # Skip if PR has skip-severity-check label. | |
| # For labeled events, only run if 'reclassify' label was added. | |
| if: | | |
| !contains(github.event.pull_request.labels.*.name, 'skip-severity-check') && | |
| (github.event.action != 'labeled' || github.event.label.name == 'reclassify') | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Classify PR with Claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| github_token: ${{ secrets.PR_SEVERITY_BOT_TOKEN }} | |
| # Allow any user since this workflow only reads PR metadata via API | |
| # and doesn't execute any code from the PR. Tool permissions are | |
| # restricted to gh pr commands only. | |
| allowed_non_write_users: "*" | |
| # Allow Claude to manage labels and post comments. | |
| # Keep permissions minimal to limit prompt injection risk. | |
| claude_args: --allowedTools "Bash(gh pr view:*)" "Bash(gh pr edit:*)" "Bash(gh pr comment:*)" | |
| prompt: | | |
| You are a PR severity classifier for the lnd (Lightning Network Daemon) repository. | |
| ## Tool Constraints | |
| You ONLY have access to these commands: | |
| - `gh pr view` - to read PR metadata | |
| - `gh pr edit` - to add/remove labels | |
| - `gh pr comment` - to post comments | |
| You do NOT have access to `gh api`, `gh label`, or any other | |
| `gh` subcommand. Do not attempt to use them. For ALL label | |
| operations, use `gh pr edit` with `--add-label` or | |
| `--remove-label`. | |
| ## Your Task | |
| Analyze PR #${{ github.event.pull_request.number }} and: | |
| 1. Determine its severity level based on the files changed | |
| 2. Apply the appropriate severity label | |
| 3. Post a detailed comment explaining your determination | |
| ## Severity Levels | |
| **CRITICAL** (severity-critical) - Requires expert review: | |
| - lnwallet/* - Wallet operations, channel funding, signing, commitment transactions | |
| - htlcswitch/* - HTLC forwarding, payment routing state machine | |
| - contractcourt/* - On-chain dispute resolution, breach handling | |
| - sweep/* - Output sweeping, fund recovery, fee bumping | |
| - peer/*, brontide/* - Encrypted peer connections, Noise protocol | |
| - keychain/* - Private key derivation and management | |
| - input/* - Script signing, witness generation, MuSig2 | |
| - channeldb/* - Channel state persistence, database migrations | |
| - funding/* - Channel funding workflow coordination | |
| - lnwire/* - Lightning wire protocol messages | |
| - server.go, rpcserver.go - Core server coordination | |
| **HIGH** (severity-high) - Requires knowledgeable engineer: | |
| - routing/* - Payment pathfinding algorithms | |
| - invoices/* - Invoice management and settlement | |
| - discovery/* - Gossip protocol | |
| - graph/* - Network graph maintenance | |
| - watchtower/* - Breach remediation | |
| - feature/* - Feature bit management | |
| - lnrpc/* - RPC/API definitions | |
| - macaroons/*, walletunlocker/*, cert/* - Auth/security | |
| - chainntnfs/*, chanacceptor/*, protofsm/*, sqldb/* | |
| **MEDIUM** (severity-medium) - Focused review: | |
| - cmd/* - CLI client commands (do NOT inherit severity from server-side packages with similar names) | |
| - payments/*, autopilot/*, lncfg/*, chanfitness/* | |
| - netann/*, kvdb/*, chanbackup/*, aezeed/*, tor/* | |
| - zpay32/*, tlv/*, fn/*, record/*, amp/* | |
| - *.proto files (API changes) | |
| - Other Go files not categorized above | |
| **LOW** (severity-low) - Best-effort review: | |
| - docs/*, release-notes/*, *.md files | |
| - scripts/*, tools/*, contrib/*, make/*, docker/* | |
| - itest/*, lntest/*, *_test.go (test-only changes) | |
| - .github/* (CI/CD configuration) | |
| ## Classification Rules | |
| 1. The HIGHEST severity file determines the PR severity | |
| 2. Classify files by their actual package path, NOT by filename keywords. | |
| Files under cmd/* are CLI client code and should always be MEDIUM, | |
| even if the filename contains a server-side package name (e.g. | |
| cmd/commands/cmd_walletunlocker.go is MEDIUM, not HIGH). | |
| 3. Bump severity UP one level if: | |
| - PR touches >20 files (excluding tests and auto-generated files) | |
| - PR has >500 lines changed (excluding tests and auto-generated files) | |
| - PR touches multiple distinct critical packages | |
| 4. Check for override labels first (severity-override-*). If present, respect the override. | |
| 5. Database migrations (channeldb/migration*, sqldb/*, wtdb/*) are always CRITICAL | |
| ## Files to Exclude from Line/File Counting | |
| When calculating file count and lines changed for severity bumps, exclude: | |
| - Test files: *_test.go, itest/*, lntest/* | |
| - Auto-generated files: *.pb.go, *.pb.gw.go, *.pb.json.go, *.sql.go, *_generated.go | |
| - Mock files: mock_*.go, *_mock.go | |
| ## Steps | |
| 1. First, check for existing override labels AND existing severity labels: | |
| ``` | |
| gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name' | |
| ``` | |
| Note which `severity-*` label (if any) is currently applied. This is | |
| the "previous severity". | |
| 2. If an override label exists (severity-override-*), use that level and skip classification. | |
| 3. Check for existing bot comments. Look for the HTML marker `<!-- pr-severity-bot -->`: | |
| ``` | |
| gh pr view ${{ github.event.pull_request.number }} --json comments --jq '.comments[].body' | grep -c 'pr-severity-bot' || true | |
| ``` | |
| This tells you whether the bot has commented before. | |
| 4. Get the list of changed files: | |
| ``` | |
| gh pr view ${{ github.event.pull_request.number }} --json files,additions,deletions | |
| ``` | |
| 5. Classify each file and determine the new overall severity. | |
| 6. **Decide whether to comment.** Only post a comment if EITHER: | |
| - The bot has NOT commented before (no existing comment with `<!-- pr-severity-bot -->`), OR | |
| - The newly determined severity is DIFFERENT from the previous severity label. | |
| If the bot already commented AND the severity has NOT changed, just | |
| stop here — do NOT post another comment. Still update the label if | |
| needed (step 7-8), but skip the comment. | |
| 7. Remove any existing severity-* labels (not override labels): | |
| ``` | |
| gh pr edit ${{ github.event.pull_request.number }} --remove-label "severity-critical" 2>/dev/null || true | |
| gh pr edit ${{ github.event.pull_request.number }} --remove-label "severity-high" 2>/dev/null || true | |
| gh pr edit ${{ github.event.pull_request.number }} --remove-label "severity-medium" 2>/dev/null || true | |
| gh pr edit ${{ github.event.pull_request.number }} --remove-label "severity-low" 2>/dev/null || true | |
| ``` | |
| 8. Apply the new severity label: | |
| ``` | |
| gh pr edit ${{ github.event.pull_request.number }} --add-label "severity-<level>" | |
| ``` | |
| 9. If you determined in step 6 that a comment should be posted, post it | |
| with your analysis. Use this format: | |
| If this is a severity CHANGE (previous label existed but differs), | |
| prepend: `> ⚠️ Severity changed: **<OLD>** → **<NEW>** (files changed since last classification)` | |
| ```markdown | |
| ## <emoji> PR Severity: **<LEVEL>** | |
| > <source> | <N> files | <M> lines changed | |
| <details> | |
| <summary>🔴 <strong>Critical</strong> (N files)</summary> | |
| - `path/to/file1.go` - reason | |
| - `path/to/file2.go` - reason | |
| </details> | |
| [repeat for other tiers if applicable] | |
| ### Analysis | |
| <Your explanation of why this severity was chosen, any concerns, etc.> | |
| --- | |
| <sub>To override, add a `severity-override-{critical,high,medium,low}` label.</sub> | |
| <!-- pr-severity-bot --> | |
| ``` | |
| 10. Post the comment using `gh pr comment`: | |
| ``` | |
| gh pr comment ${{ github.event.pull_request.number }} --body "YOUR_COMMENT_HERE" | |
| ``` | |
| 11. If you decided in step 6 to SKIP commenting, do NOT post any comment. | |
| Just ensure the label is correct and exit. | |
| ## Emoji Mapping | |
| - critical: 🔴 | |
| - high: 🟠 | |
| - medium: 🟡 | |
| - low: 🟢 |