Skip to content

Auto-close duplicate effort PRs#5866

Draft
sentrivana wants to merge 1 commit intomasterfrom
ivana/action-to-close-unwanted-prs
Draft

Auto-close duplicate effort PRs#5866
sentrivana wants to merge 1 commit intomasterfrom
ivana/action-to-close-unwanted-prs

Conversation

@sentrivana
Copy link
Contributor

@sentrivana sentrivana commented Mar 25, 2026

Description

Issues

Reminders

@github-actions
Copy link
Contributor

github-actions bot commented Mar 25, 2026

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

Langchain

  • Set gen_ai.operation.name and gen_ai.pipeline.name on LLM spans by ericapisani in #5849
  • Broaden AI provider detection beyond OpenAI and Anthropic by ericapisani in #5707
  • Update LLM span operation to gen_ai.generate_text by ericapisani in #5796

Internal Changes 🔧

Langchain

  • Add text completion test by alexander-alderman-webb in #5740
  • Add tool execution test by alexander-alderman-webb in #5739
  • Add basic agent test with Responses call by alexander-alderman-webb in #5726
  • Replace mocks with httpx types by alexander-alderman-webb in #5724
  • Consolidate span origin assertion by alexander-alderman-webb in #5723
  • Consolidate available tools assertion by alexander-alderman-webb in #5721

Other

  • Temporarily stop running litellm tests by alexander-alderman-webb in #5851

Other

  • Auto-close duplicate effort PRs by sentrivana in #5866

🤖 This preview updates automatically when you update the PR.

sentry-warden[bot]
sentry-warden bot reviewed Mar 25, 2026
View reviewed changes
.github/workflows/close-duplicate-effort-prs.yml
Comment on lines +4 to +10
pull_request_target:
types: [opened]

jobs:
close-if-issue-assigned:
runs-on: ubuntu-latest
timeout-minutes: 5
Copy link

@sentry-warden sentry-warden bot Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing explicit permissions on pull_request_target workflow

The workflow uses pull_request_target trigger but doesn't specify explicit permissions. With pull_request_target, the workflow runs with the permissions of the base repository, not the fork. Without explicit permission restrictions, this workflow may have broader access than needed (e.g., contents: write, packages: write, etc.). While this specific workflow only needs pull-requests: write and issues: read, it may inherit broader default permissions.

Verification

Verified by reading the workflow file which shows no permissions: block. Compared to changelog-preview.yml in the same repo which does specify explicit permissions for its pull_request_target workflow. The GitHub documentation recommends always specifying minimal permissions for pull_request_target workflows.

Suggested fix: Add explicit permissions to limit the workflow's access to only what's needed

Suggested change
pull_request_target:
types: [opened]
jobs:
close-if-issue-assigned:
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
pull-requests: write
issues: read

Identified by Warden code-review · GZP-9D3

@github-actions
Copy link
Contributor

github-actions bot commented Mar 25, 2026
edited
Loading

Codecov Results 📊

13 passed | Total: 13 | Pass Rate: 100% | Execution Time: 10.29s

All tests are passing successfully.

✅ Patch coverage is 100.00%. Project has 14386 uncovered lines.

Generated by Codecov Action

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry-warden sentry-warden[bot] sentry-warden[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sentrivana