Skip to content

fix: align community submission workflows with bug-assess label trigger#3046

Merged
mnriem merged 1 commit into
mainfrom
mnriem/fix-community-submission-label-trigger
Jun 17, 2026
Merged

fix: align community submission workflows with bug-assess label trigger#3046
mnriem merged 1 commit into
mainfrom
mnriem/fix-community-submission-label-trigger

Conversation

@mnriem

@mnriem mnriem commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

Problem

The add-community-extension and add-community-preset agentic workflows never ran for real submissions, while bug-assess works fine.

Root cause is a trigger-timing mismatch:

  • Their issue templates auto-apply the extension-submission / preset-submission label at issue creation. Labels set by an issue template arrive inside the opened event payload — GitHub does not emit a separate labeled event for them. The workflows only subscribe to labeled, so they never trigger.
  • Even if a labeled event did fire at creation, the actor is the external submitter, who lacks admin/maintainer/write, so the is_team_member activation gate (GH_AW_REQUIRED_ROLES: admin,maintainer,write) blocks the run.
  • The .md also lacked a names: label filter (so the compiled lock had no label gate at all), and the lock files were stale (v0.78.1 / info 1.0.48).

bug-assess avoids all of this: its bug-assess label is maintainer-applied during triage, producing a real labeled event from a team member.

.github/workflows/catalog-assign.yml (a plain workflow handling the same label) already covers both opened and labeled, which is what masked the gap.

Fix — align with the bug-assess pattern

  • Add the label filter to the trigger: names: [extension-submission] / [preset-submission], so a job-level condition gates activation on the specific label.
  • Add github: min-integrity: none to allow reading external user issues (the fix bug-assess received in fix(bug-assess): set min-integrity: none to allow reading external user issues #3030).
  • Remove the trigger label from the issue-template auto-labels (now ["enhancement", "needs-triage"]) so a maintainer applies it during triage — emitting a real labeled event from a team member, which passes activation.
  • Recompile the lock files with gh aw v0.79.8.

New flow

  1. Submitter opens an issue → enhancement, needs-triage.
  2. Maintainer triages and adds extension-submission / preset-submission.
  3. That labeled event fires both catalog-assign (already handles labeled) and the agentic workflow, which now proceeds.

No changes needed outside these files — catalog-assign.yml already has a labeled branch for these labels.

@mnriem
fix: align community submission workflows with bug-assess label trigger
0e6c789 
The add-community-extension and add-community-preset agentic workflows
never ran for real submissions. Their issue templates auto-applied the
`extension-submission`/`preset-submission` label at creation, which lands
in the `opened` event (not `labeled`), and the external submitter fails
the team-membership activation gate.

Align both with the working bug-assess pattern:
- Add `names: [extension-submission]` / `[preset-submission]` so a
  job-level condition gates activation on the specific label.
- Add `github: min-integrity: none` to allow reading external user issues.
- Remove the trigger label from the issue-template auto-labels so a
  maintainer applies it during triage — emitting a real `labeled` event
  from a team member, which passes activation.
- Recompile lock files with gh aw v0.79.8.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 17, 2026 22:56
Copilot AI approved these changes Jun 17, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Ready to approve

The trigger/label-flow changes are consistent with the established bug-assess workflow approach and the compiled lock files reflect the intended gating and min-integrity: none policy.

Note: this review does not count toward required approvals for merging.

Pull request overview

This PR fixes community submission agentic workflows so they actually run on real extension/preset submissions by aligning their trigger and permissions behavior with the existing bug-assess workflow pattern (maintainer-applied triage label + external-issue readability).

Changes:

  • Add label gating (names: [...]) and tools.github.min-integrity: none to the add-community-extension and add-community-preset agentic workflow sources.
  • Recompile both generated lock workflows with gh aw v0.79.8 so the compiled jobs enforce the label gate and the updated GitHub MCP guard policy.
  • Update the issue templates to stop auto-applying extension-submission / preset-submission, ensuring the triggering label is applied during maintainer triage (emitting a real labeled event from a team member).
File summaries
File Description
.github/workflows/add-community-preset.md Adds label gating and min-integrity: none so the preset submission workflow can read external issues and only proceeds for preset-submission.
.github/workflows/add-community-preset.lock.yml Recompiled workflow implementing the label gate and updated guard/runtime behavior from gh aw v0.79.8.
.github/workflows/add-community-extension.md Adds label gating and min-integrity: none so the extension submission workflow can read external issues and only proceeds for extension-submission.
.github/workflows/add-community-extension.lock.yml Recompiled workflow implementing the label gate and updated guard/runtime behavior from gh aw v0.79.8.
.github/ISSUE_TEMPLATE/preset_submission.yml Removes auto-applied preset-submission label so maintainers apply it during triage.
.github/ISSUE_TEMPLATE/extension_submission.yml Removes auto-applied extension-submission label so maintainers apply it during triage.

Copilot's findings

  • Files reviewed: 6/6 changed files
  • Comments generated: 0

Note

Your feedback helps us improve the quality of this feature.
Please use 👍 or 👎 to tell us whether this assessment is correct.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mnriem mnriem merged commit 2dd1ca4 into main Jun 17, 2026
13 checks passed
@mnriem mnriem deleted the mnriem/fix-community-submission-label-trigger branch June 17, 2026 23:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mnriem