OWASP/wrongsecrets

Feature for workflow: Remove users from issues after 3 months of inactivity

commjoen opened this issue ยท 13 comments

We currently have some issues that are reserved by very inactive people. We would love to make sure that all people have a fair windows to implement/resolve an issue in. Therefore this issue is to fix the following:

@za can i leave the completion of this issue with you sir :) ?

za commented

Hi there @commjoen I'll try to complete the task within 3 months ;-)
For a start, please assign this issue to me.

Hi @za thank you so much for picking this up!
@bendehaan do we prefer https://github.com/HarshCasper/Rotten-Scripts/pull/557/files or https://github.com/marketplace/actions/unassign-contributor-after-days-of-inactivity for automation? or @za do you have a good alternative? I rather want to depend on an existing Github Action if we can ;-) .

@commjoen worryingly they both haven't made any changes since July. Hopefully that is just due to them being very mature and straightforward.

I saw on this example https://github.com/BoundfoxStudios/fairy-tale-defender/blob/develop/.github/workflows/project-management.yml#L105 the unassign action is mixed with a stale action. e.g. after a month it could be marked as stale as a warning and then after 3 months it could unassign. What do you think?

Also, is it still the case that we don't use real secrets on this project? e.g. no PAT allowed. Ive seen some of the actions are asking for it to avoid rate limiting

Good questions altogether! I am not sure, awaiting first results from @za so we can see if the action can be used as such.
Given the size of our project and the frequency of updates I am fine with being rate-limitted I guess :) .

za commented

Hi @commjoen still WIP: https://github.com/OWASP/wrongsecrets/pull/1019/files Currently I am testing with issues that I created on my account za#1

Any luck on za#1 so far :-)?

za commented

Hi @commjoen I am still debugging why somehow the actions is not executed https://github.com/za/wrongsecrets/actions/workflows/project-management.yml

I am trying to run a simple scheduled actions https://github.com/OWASP/wrongsecrets/pull/1019/files#diff-56c90529f7856eb163d7d81281b81d20c631080d3aa454d41103a06caa2bae04 but it's not being executed too.

za commented

Hi @commjoen I put github-actions on my personal git project and it's being executed https://github.com/za/ketapang/actions/runs/6610008766/job/17951105761 I'll check tomorrow (after 1 day) whether the un-assign works or not.

As the github-actions is not being executed on OWASP wrongsecrets, am I missing something?

@za scheduled actions only work once they are merged. hence I was waiting for your PR to be ready for review/testing(E.g. merge and trigger)/implementation sir :) .

za commented

Ah, I didn't know that. That explains why I never see it running :-)

Please wait, I'll clean up and test my PR. I'll tell you once it's ready for review, sir @commjoen

za commented

Hi @commjoen

I've tested the gh-actions on my personal gh repo. It's working fine[1] using this action[2].

I'll clean up and finalize the PR. Please wait.

[1]za/ketapang#1 (comment)
[2]https://github.com/za/ketapang/blob/main/.github/workflows/project-management.yml

za commented

Hi @commjoen as the PR has been merged, I believe we can close/resolve this issue.