Skip to content

Auto-assign broken link issues to code owners#775

Merged
elisabethpatterson merged 3 commits into
NOAA-RDHPCS:mainfrom
underwoo:774-auto-assign-broken-link-issues
Jun 23, 2026
Merged

Auto-assign broken link issues to code owners#775
elisabethpatterson merged 3 commits into
NOAA-RDHPCS:mainfrom
underwoo:774-auto-assign-broken-link-issues

Conversation

@underwoo

Copy link
Copy Markdown
Contributor

Summary

Fixes #774

Enhances the weekly link check workflow to automatically assign created issues to the code owners of the files containing broken links.

Related to #772 and PR #773, which fix duplicate issue creation for broken links.

Changes

1. Hash-pinned dependencies for supply chain security

  • requirements.in (new): Direct dependencies list
  • requirements.txt (regenerated): Fully pinned with SHA256 hashes via pip-compile --generate-hashes
  • codeowners package added for parsing CODEOWNERS files
  • .github/workflows/check_requirements_sync.yml (new): CI check to verify requirements stay in sync
  • CONTRIBUTING.md (updated): Documents how to manage dependencies

2. Automatic issue assignment to code owners

  • .github/scripts/resolve_assignees.py (new): Parses issue body to extract file paths, resolves owners from CODEOWNERS
  • .github/workflows/weekly_check_all_links.yml (updated): Assigns issues to code owners after creation

Assignment Logic

  1. Parse the issue body markdown table to extract file paths
  2. For each file, look up owners in .github/CODEOWNERS
  3. If no specific owner exists, use the fallback owner (@elisabethpatterson)
  4. Collect all unique owners across all affected files
  5. If more than 10 owners (GitHub's limit), ensure at least one owner per file is included
  6. Assign the selected owners to the created issue

Testing

Tested locally with mock issue bodies:

Test Case Result
Files with specific owners (jet, gaea) Returns all 4 owners correctly
Files with fallback only Returns fallback owners
Multiple files with overlapping owners Deduplicates correctly

Dependency Security

The new requirements.txt includes SHA256 hashes for all packages and their transitive dependencies. This protects against:

  • Supply chain attacks via compromised packages
  • Silent package modifications on PyPI
  • Mirror tampering

Developers must run pip-compile --generate-hashes requirements.in when updating dependencies.

underwoo added 2 commits June 16, 2026 10:56
- Create requirements.in with direct dependencies
- Generate requirements.txt with pip-compile --generate-hashes
- Add codeowners package for CODEOWNERS file parsing
- Add CI workflow to verify requirements stay in sync
- Document dependency management process in CONTRIBUTING.md
- Add resolve_assignees.py to parse CODEOWNERS and select assignees
- Update weekly link check workflow to assign issues after creation
- Ensures at least one owner per affected file is assigned
- Respects GitHub's 10-assignee limit
- Uses fallback owner when no specific owner exists

Related to NOAA-RDHPCS#772 and PR NOAA-RDHPCS#773
@elisabethpatterson elisabethpatterson merged commit 50034a8 into NOAA-RDHPCS:main Jun 23, 2026
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Auto-assign broken link issues to code owners

3 participants