diff --git a/.github/workflows/gh-aw-issue-fixer.yml b/.github/workflows/gh-aw-issue-fixer.yml index 6fe5ecb..4bbcfe0 100644 --- a/.github/workflows/gh-aw-issue-fixer.yml +++ b/.github/workflows/gh-aw-issue-fixer.yml @@ -1,6 +1,12 @@ name: Issue Fixer on: workflow_call: + inputs: + allowed-bot-users: + description: Comma-separated GitHub logins (from load-allowed-authors allowed_issue_authors_csv) + required: false + type: string + default: github-actions[bot] permissions: actions: read @@ -21,6 +27,7 @@ jobs: !contains(join(github.event.issue.labels.*.name, ','), 'oblt-aw/triage/res-not-accessible-by-integration') uses: elastic/ai-github-actions/.github/workflows/gh-aw-issue-fixer.lock.yml@main with: + allowed-bot-users: ${{ inputs.allowed-bot-users }} additional-instructions: | Your task is to fix issues requested through `/ai implement` comments. diff --git a/.github/workflows/gh-aw-issue-triage.yml b/.github/workflows/gh-aw-issue-triage.yml index 1910a98..6aa067f 100644 --- a/.github/workflows/gh-aw-issue-triage.yml +++ b/.github/workflows/gh-aw-issue-triage.yml @@ -2,6 +2,12 @@ name: Issue Triage on: workflow_call: + inputs: + allowed-bot-users: + description: Comma-separated GitHub logins (from load-allowed-authors allowed_issue_authors_csv) + required: false + type: string + default: github-actions[bot] secrets: COPILOT_GITHUB_TOKEN: required: true @@ -16,5 +22,7 @@ permissions: jobs: issue-triage: uses: elastic/ai-github-actions/.github/workflows/gh-aw-issue-triage.lock.yml@main + with: + allowed-bot-users: ${{ inputs.allowed-bot-users }} secrets: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} diff --git a/.github/workflows/oblt-aw-ingress.yml b/.github/workflows/oblt-aw-ingress.yml index 296e71c..7b2740f 100644 --- a/.github/workflows/oblt-aw-ingress.yml +++ b/.github/workflows/oblt-aw-ingress.yml @@ -31,7 +31,10 @@ jobs: uses: ./.github/workflows/get-enabled-workflows.yml load-allowed-authors: - if: github.event_name == 'pull_request' || github.event_name == 'issues' + if: >- + github.event_name == 'pull_request' || + github.event_name == 'issues' || + github.event_name == 'issue_comment' uses: ./.github/workflows/load-allowed-authors.yml agent-suggestions: @@ -91,17 +94,19 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} issue-triage: - needs: dashboard-enabled-workflows + needs: [dashboard-enabled-workflows, load-allowed-authors] if: >- github.event_name == 'issues' && github.event.action == 'opened' && (needs['dashboard-enabled-workflows'].outputs['effective-raw'] == '' || contains(fromJSON(needs['dashboard-enabled-workflows'].outputs['enabled-workflows']), 'obs:issue-triage')) uses: ./.github/workflows/gh-aw-issue-triage.yml + with: + allowed-bot-users: ${{ needs['load-allowed-authors'].outputs['allowed_issue_authors_csv'] }} secrets: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} issue-fixer: - needs: dashboard-enabled-workflows + needs: [dashboard-enabled-workflows, load-allowed-authors] if: >- github.event_name == 'issue_comment' && github.event.action == 'created' && @@ -112,6 +117,8 @@ jobs: !contains(join(github.event.issue.labels.*.name, ','), 'oblt-aw/triage/res-not-accessible-by-integration') && (needs['dashboard-enabled-workflows'].outputs['effective-raw'] == '' || contains(fromJSON(needs['dashboard-enabled-workflows'].outputs['enabled-workflows']), 'obs:issue-fixer')) uses: ./.github/workflows/gh-aw-issue-fixer.yml + with: + allowed-bot-users: ${{ needs['load-allowed-authors'].outputs['allowed_issue_authors_csv'] }} secrets: inherit mention-in-issue: diff --git a/config/obs/allowed_issue_authors.json b/config/obs/allowed_issue_authors.json index 2af0819..160de71 100644 --- a/config/obs/allowed_issue_authors.json +++ b/config/obs/allowed_issue_authors.json @@ -1,4 +1,5 @@ [ + "github-actions", "github-actions[bot]", "elastic-vault-github-plugin-prod[bot]" ]