Add GitHub Actions automation for project management#5686
Add GitHub Actions automation for project management#5686
Conversation
- Add stale issue/PR management with smart exemptions - Add auto-labeling for PRs (by area and size) and issues (triage) - Add welcome messages for first-time contributors - Add duplicate issue detection - Add dependency review for security and licensing - Add project board auto-add workflow (needs setup) - Add token expiry monitoring with OIDC recommendations - Add PR checklist reminder - Enhance dependabot with npm dependencies and grouped updates - Add comprehensive automation documentation Co-authored-by: mark-wiemer <7833360+mark-wiemer@users.noreply.github.com>
Co-authored-by: mark-wiemer <7833360+mark-wiemer@users.noreply.github.com>
- Update project URL to https://github.com/orgs/mochajs/projects/6 - Remove auto-close-duplicates workflow (risk of false positives) - Update all documentation to reflect these changes - Remove references to duplicate detection from AUTOMATION.md, AUTOMATION_PROPOSAL.md, and AUTOMATION_QUICKREF.md Co-authored-by: mark-wiemer <7833360+mark-wiemer@users.noreply.github.com>
- Update xs_max_size from 10 to 30 lines - Update m_max_size from 500 to 300 lines - Remove pr-checklist workflow (redundant with OctoGuide) - Update all documentation to reflect these changes Co-authored-by: mark-wiemer <7833360+mark-wiemer@users.noreply.github.com>
.github/AUTOMATION_QUICKREF.md
Outdated
| @@ -0,0 +1,85 @@ | |||
| # Quick Reference: Automation Workflows | |||
|
|
|||
| Quick reference for maintainers on the new automation workflows. | |||
There was a problem hiding this comment.
@copilot merge this with the AUTOMATION.md file and rename it to /.github/README.md
There was a problem hiding this comment.
Merged into .github/README.md in commit 875cf87. The new file combines content from both AUTOMATION.md and AUTOMATION_QUICKREF.md with the quick reference table at the top.
| - "minor" | ||
| - "patch" | ||
| # Ignore major updates - handle manually | ||
| ignore: |
There was a problem hiding this comment.
@copilot is there a way to open issues on the repo if there is a major version update available? if so, please do that, either in this workflow file or a new/different one
There was a problem hiding this comment.
Added .github/workflows/major-updates-check.yml in commit 875cf87. This workflow runs weekly and creates/updates a GitHub issue listing all available major npm updates. It uses npm-check-updates to detect major versions and creates an issue with a table of current vs. latest versions. The issue includes next steps and resources for maintainers.
- Disable automatic closing of stale issues and PRs (set to -1) - Add comments on how to enable auto-closing in the future - Remove token-expiry-monitor.yml (not needed, no PATs used) - Update all documentation to reflect these changes Co-authored-by: mark-wiemer <7833360+mark-wiemer@users.noreply.github.com>
AUTOMATION_PROPOSAL.md
Outdated
| @@ -0,0 +1,78 @@ | |||
| # Project Management Automation Improvements | |||
|
|
|||
| This PR adds several automation workflows to reduce manual work for maintainers. All workflows use `GITHUB_TOKEN` to avoid token rotation issues. | |||
There was a problem hiding this comment.
@copilot are you able to copy this into a PR comment discussion instead of a random committed file? I don't want more files in my repo, but I do want this information attached to the PR as justification and a summary of the changes
There was a problem hiding this comment.
Removed AUTOMATION_PROPOSAL.md in commit 875cf87. The summary information is already in the PR description above, so the file is no longer needed in the repository.
…ove AUTOMATION_PROPOSAL.md - Merge AUTOMATION.md and AUTOMATION_QUICKREF.md into .github/README.md - Remove old documentation files (AUTOMATION.md, AUTOMATION_QUICKREF.md, AUTOMATION_PROPOSAL.md) - Add major-updates-check.yml workflow to create issues for major npm updates - Update dependabot.yml to reference the new major updates workflow Co-authored-by: mark-wiemer <7833360+mark-wiemer@users.noreply.github.com>
Automates routine project management tasks and eliminates token rotation issues by using
GITHUB_TOKENand OIDC where possible.Workflows Added
Issue/PR Management
stale.yml- Marks inactive issues (90d) and PRs (60d) as stale. Auto-closing is disabled by default but can be enabled by settingdays-before-issue-closeanddays-before-pr-closeto positive values. Exempts assigned items and specific labels.auto-label.yml- Labels PRs by affected area (docs/tests/CLI/browser), size (XS: ≤30, S: ≤100, M: ≤300, L: ≤1000, XL: >1000 lines), and new issues as "needs: triage"welcome.yml- Greets first-time contributors with relevant linksadd-to-project.yml- Auto-adds items to GitHub Projects (configured for Maintenance Reboot)Security & Dependencies
dependency-review.yml- Blocks PRs with vulnerable dependencies (≥moderate severity) or incompatible licenses (GPL variants)major-updates-check.yml- Creates weekly issues listing available major npm dependency updates that Dependabot ignoresdependabot.yml- Added npm ecosystem with grouped updates, auto-labelsConfiguration
.github/labeler.yml- Path-to-label mappings for auto-labeler.github/README.md- Comprehensive automation documentation with quick referenceToken Management
All workflows use built-in
GITHUB_TOKENwith scoped permissions, eliminating rotation requirements. Documentation includes OIDC migration guidance for external services (npm, Codecov, etc.).Setup
No additional setup required - all workflows are configured and ready to use.
Original prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.