From 8a65521167bb5492f98fd94e6db48adc83ea358b Mon Sep 17 00:00:00 2001 From: Fadi George Date: Thu, 14 May 2026 15:01:50 -0700 Subject: [PATCH 1/3] chore: [SDK-4532] remove Asana and Claude GitHub workflows Removes the Asana sync workflows (asana-add-comment, asana-create-task, asana-update-issue) and the Claude workflows (claude, claude-code-review). The Asana update workflow contained a script-injection vulnerability via issue title interpolated into a shell `run:` block (SDK-4532). Rather than patch it, dropping these workflows since they are no longer needed. Co-authored-by: Cursor --- .github/workflows/asana-add-comment.yml | 47 ------- .github/workflows/asana-create-task.yml | 119 ---------------- .github/workflows/asana-update-issue.yml | 172 ----------------------- .github/workflows/claude-code-review.yml | 44 ------ .github/workflows/claude.yml | 50 ------- 5 files changed, 432 deletions(-) delete mode 100644 .github/workflows/asana-add-comment.yml delete mode 100644 .github/workflows/asana-create-task.yml delete mode 100644 .github/workflows/asana-update-issue.yml delete mode 100644 .github/workflows/claude-code-review.yml delete mode 100644 .github/workflows/claude.yml diff --git a/.github/workflows/asana-add-comment.yml b/.github/workflows/asana-add-comment.yml deleted file mode 100644 index 1235c8f14..000000000 --- a/.github/workflows/asana-add-comment.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Github --> Asana Add Comment Workflow - -on: - issue_comment: - types: [created] - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - permissions: - issues: read - steps: - - name: Get Asana Task Corresponding to Issue - env: - ISSUE_ID: ${{ github.event.issue.id }} - REPO_FULL_NAME: ${{ github.event.repository.full_name }} - WORKSPACE_ID: "780103692902078" - run: | - REPO_SCOPED_ISSUE_ID="$REPO_FULL_NAME#$ISSUE_ID" - - curl --request GET \ - --url "https://app.asana.com/api/1.0/workspaces/$WORKSPACE_ID/tasks/search?opt_fields=notes&text=$REPO_SCOPED_ISSUE_ID&sort_by=modified_at&sort_ascending=false" \ - --header 'accept: application/json' \ - --header 'authorization: Bearer ${{ secrets.ASANA_PAT }}' \ - --output response.json - TASK_GID=$(jq -r '.data[0].gid' response.json) - echo "TASK_GID=$TASK_GID" >> $GITHUB_ENV - - name: Comment on Asana Task - env: - ISSUE_COMMENT: ${{ github.event.comment.body }} - COMMENTER_NAME: ${{ github.event.comment.user.login }} - run: | - BODY_DATA=$(jq -n \ - --arg text "$ISSUE_COMMENT" \ - --arg commenter_name "$COMMENTER_NAME" \ - '{ - "data": { - "text": "\($commenter_name) left a comment:\n\n\($text)", - } - }') - curl --request POST \ - --url https://app.asana.com/api/1.0/tasks/$TASK_GID/stories \ - --header 'accept: application/json' \ - --header 'authorization: Bearer ${{ secrets.ASANA_PAT }}' \ - --header 'content-type: application/json' \ - --data "$BODY_DATA" \ No newline at end of file diff --git a/.github/workflows/asana-create-task.yml b/.github/workflows/asana-create-task.yml deleted file mode 100644 index 7b66212ba..000000000 --- a/.github/workflows/asana-create-task.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Github --> Asana Create Task Workflow - -on: - issues: - types: [opened] - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - permissions: - issues: read - steps: - - name: Create Asana task - env: - ISSUE_TITLE: ${{ github.event.issue.title }} - ISSUE_BODY: ${{ github.event.issue.body }} - ISSUE_HTML_URL: ${{ github.event.issue.html_url }} - ISSUE_ID: ${{ github.event.issue.id }} - ISSUE_NUMBER: ${{ github.event.issue.number }} - REPO_FULL_NAME: ${{ github.event.repository.full_name }} - SDK_PLATFORM_GROUP: "1208961704779581" - SDK_PLATFORM_GROUP_CROSS_PLATFORM: "1208961704779584" - SDK_PLATFORM: "1208961704779592" - SDK_PLATFORM_UNITY: "1208961704779603" - DSA_PRIORITY: "1208779519954980" - DSA_PRIORITY_NO_PRIORITY: "1208779521616959" - DSA_STATUS: "1210103546117753" - DSA_STATUS_TRIAGE: "1210103546117756" - DSA_REPO_TICKET_URL: "1210347857768758" - WORKSPACE_ID: "780103692902078" - PROJECT_ID_GITHUB_AND_IMPORTANT_SDK_ISSUES: "1208970714650308" - PROJECT_ID_SDK_BACKLOG: "1208777198342772" - run: | - DATA_BODY=$(jq -n \ - --arg title "$ISSUE_TITLE" \ - --arg body "$ISSUE_BODY" \ - --arg url "$ISSUE_HTML_URL" \ - --arg id "$ISSUE_ID" \ - --arg number "$ISSUE_NUMBER" \ - --arg repo_full_name "$REPO_FULL_NAME" \ - --arg sdk_platform_group "$SDK_PLATFORM_GROUP" \ - --arg sdk_platform_group_cross_platform "$SDK_PLATFORM_GROUP_CROSS_PLATFORM" \ - --arg sdk_platform "$SDK_PLATFORM" \ - --arg sdk_platform_unity "$SDK_PLATFORM_UNITY" \ - --arg dsa_priority "$DSA_PRIORITY" \ - --arg dsa_priority_no_priority "$DSA_PRIORITY_NO_PRIORITY" \ - --arg dsa_status "$DSA_STATUS" \ - --arg dsa_status_triage "$DSA_STATUS_TRIAGE" \ - --arg dsa_repo_ticket_url "$DSA_REPO_TICKET_URL" \ - --arg workspace_id "$WORKSPACE_ID" \ - --arg project_id_github_and_important_sdk_issues "$PROJECT_ID_GITHUB_AND_IMPORTANT_SDK_ISSUES" \ - --arg project_id_sdk_backlog "$PROJECT_ID_SDK_BACKLOG" \ - '{ - "data": { - "custom_fields": { - $sdk_platform_group: $sdk_platform_group_cross_platform, - $sdk_platform: $sdk_platform_unity, - $dsa_priority: $dsa_priority_no_priority, - $dsa_status: $dsa_status_triage, - $dsa_repo_ticket_url: $url - }, - "name": $title, - "workspace": $workspace_id, - "projects": [$project_id_github_and_important_sdk_issues, $project_id_sdk_backlog], - "notes": "Issue ID: \($repo_full_name)#\($id)\nIssue number: \($number)\nCreated via GitHub Actions\n----\n\n\($body)" - } - }') - - curl --request POST \ - --url https://app.asana.com/api/1.0/tasks?opt_pretty=true \ - --header 'accept: application/json' \ - --header 'authorization: Bearer ${{ secrets.ASANA_PAT }}' \ - --header 'content-type: application/json' \ - --data "$DATA_BODY" \ - --output response.json - - TASK_GID=$(jq -r '.data.gid' response.json) - echo "TASK_GID=$TASK_GID" >> $GITHUB_ENV - - name: Move to "0 Unclassified" section in "Github & Important SDK Issues" project - env: - SECTION_ID_GITHUB_AND_IMPORTANT_SDK_ISSUES: "1208970755434051" - run: | - DATA_BODY=$(jq -n \ - --arg task_gid "$TASK_GID" \ - --arg section_id "$SECTION_ID_GITHUB_AND_IMPORTANT_SDK_ISSUES" \ - '{ - "data": { - "task": $task_gid, - "insert_after": "null" - } - }') - - curl --request POST \ - --url https://app.asana.com/api/1.0/sections/$section_id/addTask \ - --header 'accept: application/json' \ - --header 'authorization: Bearer ${{ secrets.ASANA_PAT }}' \ - --header 'content-type: application/json' \ - --data "$DATA_BODY" - - name: Move to "Untriaged" section in "SDK / Backlog" project - env: - SECTION_ID_SDK_BACKLOG: "1208899729378982" - run: | - DATA_BODY=$(jq -n \ - --arg task_gid "$TASK_GID" \ - --arg section_id "$SECTION_ID_SDK_BACKLOG" \ - '{ - "data": { - "task": $task_gid, - "insert_after": "null" - } - }') - - curl --request POST \ - --url https://app.asana.com/api/1.0/sections/$section_id/addTask \ - --header 'accept: application/json' \ - --header 'authorization: Bearer ${{ secrets.ASANA_PAT }}' \ - --header 'content-type: application/json' \ - --data "$DATA_BODY" \ No newline at end of file diff --git a/.github/workflows/asana-update-issue.yml b/.github/workflows/asana-update-issue.yml deleted file mode 100644 index d9dcebe97..000000000 --- a/.github/workflows/asana-update-issue.yml +++ /dev/null @@ -1,172 +0,0 @@ -name: Github --> Asana Issue Updates Workflow - -on: - issues: - types: [edited, deleted, closed, reopened, assigned, unassigned, labeled, unlabeled, milestoned, demilestoned, pinned, unpinned, locked, unlocked, transferred] - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - permissions: - issues: read - steps: - - name: Get Asana Task Corresponding to Issue - env: - ISSUE_ID: ${{ github.event.issue.id }} - REPO_FULL_NAME: ${{ github.event.repository.full_name }} - WORKSPACE_ID: "780103692902078" - run: | - REPO_SCOPED_ISSUE_ID="$REPO_FULL_NAME#$ISSUE_ID" - - curl --request GET \ - --url "https://app.asana.com/api/1.0/workspaces/$WORKSPACE_ID/tasks/search?opt_fields=notes&text=$REPO_SCOPED_ISSUE_ID&sort_by=modified_at&sort_ascending=false" \ - --header 'accept: application/json' \ - --header 'authorization: Bearer ${{ secrets.ASANA_PAT }}' \ - --output response.json - TASK_GID=$(jq -r '.data[0].gid' response.json) - echo "TASK_GID=$TASK_GID" >> $GITHUB_ENV - - name: Determine Action and Post to Asana - env: - ACTION_TYPE: ${{ github.event.action }} - ACTOR_NAME: ${{ github.event.sender.login }} - ISSUE_TITLE: ${{ github.event.issue.title }} - ISSUE_NUMBER: ${{ github.event.issue.number }} - ISSUE_STATE: ${{ github.event.issue.state }} - run: | - # Map GitHub action types to human-readable descriptions - case "$ACTION_TYPE" in - "edited") - ACTION_DESC="edited the issue" - ;; - "deleted") - ACTION_DESC="deleted the issue" - ;; - "closed") - ACTION_DESC="closed the issue" - ;; - "reopened") - ACTION_DESC="reopened the issue" - ;; - "assigned") - ACTION_DESC="assigned the issue" - ;; - "unassigned") - ACTION_DESC="unassigned the issue" - ;; - "labeled") - ACTION_DESC="added labels to the issue" - ;; - "unlabeled") - ACTION_DESC="removed labels from the issue" - ;; - "milestoned") - ACTION_DESC="added the issue to a milestone" - ;; - "demilestoned") - ACTION_DESC="removed the issue from a milestone" - ;; - "pinned") - ACTION_DESC="pinned the issue" - ;; - "unpinned") - ACTION_DESC="unpinned the issue" - ;; - "locked") - ACTION_DESC="locked the issue" - ;; - "unlocked") - ACTION_DESC="unlocked the issue" - ;; - "transferred") - ACTION_DESC="transferred the issue" - ;; - *) - ACTION_DESC="performed an action on the issue" - ;; - esac - - # Add additional context for specific actions based on webhook payload - if [ "$ACTION_TYPE" = "assigned" ] && [ -n "${{ github.event.assignee.login }}" ]; then - ACTION_DESC="assigned the issue to ${{ github.event.assignee.login }}" - fi - - if [ "$ACTION_TYPE" = "unassigned" ] && [ -n "${{ github.event.assignee.login }}" ]; then - ACTION_DESC="unassigned the issue from ${{ github.event.assignee.login }}" - fi - - if [ "$ACTION_TYPE" = "labeled" ] && [ -n "${{ github.event.label.name }}" ]; then - LABEL_COLOR="${{ github.event.label.color }}" - ACTION_DESC="added label '${{ github.event.label.name }}' to the issue" - if [ -n "$LABEL_COLOR" ]; then - ACTION_DESC="$ACTION_DESC (color: #$LABEL_COLOR)" - fi - fi - - if [ "$ACTION_TYPE" = "unlabeled" ] && [ -n "${{ github.event.label.name }}" ]; then - LABEL_COLOR="${{ github.event.label.color }}" - ACTION_DESC="removed label '${{ github.event.label.name }}' from the issue" - if [ -n "$LABEL_COLOR" ]; then - ACTION_DESC="$ACTION_DESC (color: #$LABEL_COLOR)" - fi - fi - - if [ "$ACTION_TYPE" = "milestoned" ] && [ -n "${{ github.event.milestone.title }}" ]; then - MILESTONE_DUE_DATE="${{ github.event.milestone.due_on }}" - ACTION_DESC="added the issue to milestone '${{ github.event.milestone.title }}'" - if [ -n "$MILESTONE_DUE_DATE" ] && [ "$MILESTONE_DUE_DATE" != "null" ]; then - ACTION_DESC="$ACTION_DESC (due: $MILESTONE_DUE_DATE)" - fi - fi - - if [ "$ACTION_TYPE" = "demilestoned" ] && [ -n "${{ github.event.milestone.title }}" ]; then - ACTION_DESC="removed the issue from milestone '${{ github.event.milestone.title }}'" - fi - - if [ "$ACTION_TYPE" = "transferred" ] && [ -n "${{ github.event.changes.new_repository.full_name }}" ]; then - ACTION_DESC="transferred the issue to repository ${{ github.event.changes.new_repository.full_name }}" - fi - - if [ "$ACTION_TYPE" = "edited" ] && [ -n "${{ github.event.changes.title.from }}" ]; then - OLD_TITLE="${{ github.event.changes.title.from }}" - NEW_TITLE="${{ github.event.issue.title }}" - ACTION_DESC="edited the issue title from '$OLD_TITLE' to '$NEW_TITLE'" - fi - - echo "ACTION_DESC=$ACTION_DESC" >> $GITHUB_ENV - - # Only proceed if we found a task - if [ "$TASK_GID" != "null" ] && [ -n "$TASK_GID" ]; then - # Create a more detailed message with additional context - MESSAGE_TEXT="$ACTOR_NAME performed an action: $ACTION_DESC" - - # Add issue state information for state changes - if [ "$ACTION_TYPE" = "closed" ] || [ "$ACTION_TYPE" = "reopened" ]; then - MESSAGE_TEXT=$(printf "%s\nIssue state: %s" "$MESSAGE_TEXT" "$ISSUE_STATE") - fi - - # Add repository information for transferred issues - if [ "$ACTION_TYPE" = "transferred" ]; then - REPO_NAME="${{ github.event.repository.full_name }}" - MESSAGE_TEXT=$(printf "%s\nFrom repository: %s" "$MESSAGE_TEXT" "$REPO_NAME") - fi - - MESSAGE_TEXT=$(printf "%s\n\nIssue: #%s - %s" "$MESSAGE_TEXT" "$ISSUE_NUMBER" "$ISSUE_TITLE") - - BODY_DATA=$(jq -n \ - --arg text "$MESSAGE_TEXT" \ - '{ - "data": { - "text": $text - } - }') - - curl --request POST \ - --url https://app.asana.com/api/1.0/tasks/$TASK_GID/stories \ - --header 'accept: application/json' \ - --header 'authorization: Bearer ${{ secrets.ASANA_PAT }}' \ - --header 'content-type: application/json' \ - --data "$BODY_DATA" - else - echo "No corresponding Asana task found for issue ID: $ISSUE_ID" - fi \ No newline at end of file diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml deleted file mode 100644 index 4f6145beb..000000000 --- a/.github/workflows/claude-code-review.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Claude Code Review - -on: - pull_request: - types: [opened, synchronize, ready_for_review, reopened] - # Optional: Only run on specific file changes - # paths: - # - "src/**/*.ts" - # - "src/**/*.tsx" - # - "src/**/*.js" - # - "src/**/*.jsx" - -jobs: - claude-review: - # Optional: Filter by PR author - # if: | - # github.event.pull_request.user.login == 'external-contributor' || - # github.event.pull_request.user.login == 'new-developer' || - # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' - - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: read - issues: read - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code Review - id: claude-review - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' - plugins: 'code-review@claude-code-plugins' - prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' - # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://code.claude.com/docs/en/cli-reference for available options - diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml deleted file mode 100644 index 79fe05647..000000000 --- a/.github/workflows/claude.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Claude Code - -on: - issue_comment: - types: [created] - pull_request_review_comment: - types: [created] - issues: - types: [opened, assigned] - pull_request_review: - types: [submitted] - -jobs: - claude: - if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: read - issues: read - id-token: write - actions: read # Required for Claude to read CI results on PRs - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code - id: claude - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - - # This is an optional setting that allows Claude to read CI results on PRs - additional_permissions: | - actions: read - - # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. - # prompt: 'Update the pull request description to include a summary of changes.' - - # Optional: Add claude_args to customize behavior and configuration - # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://code.claude.com/docs/en/cli-reference for available options - # claude_args: '--allowed-tools Bash(gh pr:*)' - From da2dc5418410a087583dcde95dc8039192692817 Mon Sep 17 00:00:00 2001 From: Fadi George Date: Thu, 14 May 2026 15:02:44 -0700 Subject: [PATCH 2/3] chore: [SDK-4532] remove cursor PR conventions rule --- .cursor/rules/pr-conventions.mdc | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 .cursor/rules/pr-conventions.mdc diff --git a/.cursor/rules/pr-conventions.mdc b/.cursor/rules/pr-conventions.mdc deleted file mode 100644 index cd953b179..000000000 --- a/.cursor/rules/pr-conventions.mdc +++ /dev/null @@ -1,32 +0,0 @@ ---- -description: Conventions for pull request titles and body content -alwaysApply: true ---- - -# Pull Request Conventions - -## PR Title - -Use semantic/conventional commit prefixes in PR titles: - -- `fix:` for bug fixes -- `feat:` for new features -- `chore:` for maintenance tasks (deps, CI, tooling) -- `refactor:` for code restructuring without behavior changes -- `docs:` for documentation-only changes -- `test:` for test-only changes - -Example: `fix: resolve notification grouping on Android 14` - -## PR Body - -Follow the repo's PR template at `.github/pull_request_template.md`. Every PR body must include: - -1. **One Line Summary** (required) -2. **Motivation** (required) explaining why the change is being made -3. **Scope** (recommended) describing what is and isn't affected -4. **Testing** section with manual and/or unit testing details -5. **Affected code checklist** with relevant items checked -6. **Checklist** sections confirmed - -Remove the instructional header block (between `` and ``) before submitting. From e186fcbae7991c820415cc6dd05d93275f354f3d Mon Sep 17 00:00:00 2001 From: Fadi George Date: Thu, 14 May 2026 15:04:23 -0700 Subject: [PATCH 3/3] chore: [SDK-4532] remove unused Unity activation workflow The activation.yml workflow generates a Unity license activation request file (.alf), but no other workflow in this repo uses a Unity license (ci.yml only runs csharpier; cd.yml only publishes npm packages). It is also a manual workflow_dispatch and the underlying actions/upload-artifact@v2 is deprecated. Co-authored-by: Cursor --- .github/workflows/activation.yml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 .github/workflows/activation.yml diff --git a/.github/workflows/activation.yml b/.github/workflows/activation.yml deleted file mode 100644 index 0827bbd06..000000000 --- a/.github/workflows/activation.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Acquire activation file -on: - workflow_dispatch: {} -jobs: - activation: - name: Request manual activation file 🔑 - runs-on: ubuntu-latest - steps: - # Request manual activation file - - name: Request manual activation file - id: getManualLicenseFile - uses: game-ci/unity-request-activation-file@v2 - # Upload artifact (Unity_v20XX.X.XXXX.alf) - - name: Expose as artifact - uses: actions/upload-artifact@v2 - with: - name: ${{ steps.getManualLicenseFile.outputs.filePath }} - path: ${{ steps.getManualLicenseFile.outputs.filePath }}