fixed startup failure in CI

[SIDDHANTCOOKIE]

Addressed Issues:

Fixes #133

Screenshots/Recordings:

N/A

Additional Notes:

• Added a new fetch-pr-meta job (issue_comment path) to fetch PR metadata from GitHub API:
  • pr_author
  • pr_title
  • lines_changed (additions + deletions)
• Updated process-response to:
  • depend on fetch-pr-meta via needs
  • pass required inputs:
    • pr_author
    • pr_title
    • lines_changed
• Removed unsupported inputs from process-response call:
  • comment_body
  • commenter

Checklist

• My PR addresses a single issue, fixes a single bug or makes a single improvement.
• My code follows the project's code style and conventions.
• If applicable, I have made corresponding changes or additions to the documentation.
• If applicable, I have made corresponding changes or additions to tests.
• My changes generate no new warnings or errors.
• I have joined the Stability Nexus's Discord server and I will share a link to this PR with the project maintainers there.
• I have read the Contribution Guidelines.
• Once I submit my PR, CodeRabbit AI will automatically review it and I will address CodeRabbit's comments.

AI Usage Disclosure

Check one of the checkboxes below:

• This PR does not contain AI-generated code at all.
• This PR contains AI-generated code. I have tested the code locally and I am responsible for it.

I have used the following AI models and tools: Gemini to learn about CI/CD

⚠️ AI Notice - Important!

We encourage contributors to use AI tools responsibly when creating Pull Requests. While AI can be a valuable aid, it is essential to ensure that your contributions meet the task requirements, build successfully, include relevant tests, and pass all linters. Submissions that do not meet these standards may be closed without warning to maintain the quality and integrity of the project. Please take the time to understand the changes you are proposing and their impact.

Summary by CodeRabbit

• Chores
  • Onboarding workflow now retrieves pull request metadata (author, title, total lines changed) when a PR is referenced in an issue comment.
  • Downstream processing now consumes PR-level metadata instead of parsing comment content, improving accuracy and reliability.
  • Line-change calculation standardized to use PR additions+deletions and deserialized safely.
  • Workflow job permissions tightened for more secure execution.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Added a job that, for PR-linked issue comments containing discord:/Discord:, fetches PR metadata via the REST API (author, title, additions+deletions → lines_changed), exposes those outputs, and makes process-response depend on and forward that PR metadata to the reusable workflow. (34 words)

Changes

Cohort / File(s)	Summary
Contributor Onboarding workflow .github/workflows/contributor-onboarding.yml	Added fetch-pr-meta job (runs on PR-linked issue_comment containing discord:/Discord:) that calls github.rest.pulls.get, computes lines_changed = additions + deletions, and outputs pr_author, pr_title, lines_changed; updated process-response to needs: fetch-pr-meta, pass pr_author, pr_title, and lines_changed (coerced via fromJSON(...)) to the reusable workflow; added explicit job-level permissions (contents: write, pull-requests: write, issues: write).
Track contributor PRs workflow .github/workflows/track-contributor-prs.yml	Reworked calculate-changes step to use actions/github-script@v7 which returns additions + deletions (defaulting to 0), exposing it as steps.calc.outputs.result; downstream update-pr-count / reusable workflow input lines_changed now consumes that output with fromJSON(...) instead of raw string/shell arithmetic.

Sequence Diagram

sequenceDiagram
    actor GitHub
    participant IssueComment as IssueComment Event
    participant Fetch as fetch-pr-meta
    participant REST as GitHub REST API
    participant Process as process-response
    participant Reusable as reusable-process-response.yml

    GitHub->>IssueComment: deliver issue_comment (contains "discord:" / "Discord:")
    IssueComment->>Fetch: trigger fetch-pr-meta (extract PR number)
    Fetch->>REST: github.rest.pulls.get(pr_number)
    REST-->>Fetch: returns {user.login, title, additions, deletions}
    Fetch->>Fetch: compute lines_changed = additions + deletions
    Fetch-->>Process: outputs pr_author, pr_title, lines_changed
    Process->>Reusable: invoke reusable workflow with PR metadata
    Reusable-->>Process: completes

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• add workflow #68: Modifies the Contributor Onboarding and Track Contributor PR workflows to fetch/propagate PR metadata and change how lines_changed is produced/consumed.
• fix " error #96: Updates how lines_changed is computed and passed through the track-contributor-prs workflow, touching the same outputs and inputs.

Suggested reviewers

• Zahnentferner

Poem

🐰 I sniffed a comment that said "discord" tonight,
I hopped to the API beneath soft moonlight,
I fetched the author, title, and counted the lines,
I nudged them along through workflow designs,
Now CI hums as I nibble on bytes.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'fixed startup failure in CI' is vague and does not clearly communicate the specific changes made to the workflow, such as adding the fetch-pr-meta job or modifying how PR metadata is passed.	Consider a more specific title like 'Add fetch-pr-meta job to provide required PR metadata' to better describe the primary changes in the changeset.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	The PR successfully addresses the requirements from issue #133 by adding the fetch-pr-meta job to retrieve and provide the required pr_author input, which resolves the startup failure on issue_comment events.
Out of Scope Changes check	✅ Passed	The changes to both workflow files are directly related to fixing the CI failure and providing required PR metadata, with no out-of-scope modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can suggest fixes for GitHub Check annotations.

Configure the reviews.tools.github-checks setting to adjust the time to wait for GitHub Checks to complete.

[DengreSarthak]

Have you tested it in a fork, if it is working now?

[SIDDHANTCOOKIE]

Have you tested it in a fork, if it is working now?

I haven't will test and update here

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/contributor-onboarding.yml:
- Around line 11-15: The workflow-level permission grant currently includes
"contents: write" which is overly broad for a read-only metadata job; remove
"contents: write" from the top-level permissions block and instead add scoped
permissions to individual jobs (e.g., add "contents: write" only to the
request-info or process-response jobs if they actually need it) while keeping
fetch-pr-meta limited to the minimum (pulls: read or pulls: write as required)
so that fetch-pr-meta performs only pulls.get without workflow-wide repo-content
write access.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1211f505-a856-4205-adbf-1b1620b2fb9d

📥 Commits

Reviewing files that changed from the base of the PR and between 2ac26ac and 6c5cbbf.

📒 Files selected for processing (1)

• .github/workflows/contributor-onboarding.yml

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/contributor-onboarding.yml (1)

11-14: ⚠️ Potential issue | 🟠 Major

Scope down GITHUB_TOKEN permissions for the metadata path.

contents: write at workflow scope is broader than needed for fetch-pr-meta (read-only PR lookup). Move permissions to job scope and keep fetch-pr-meta minimal.

🔒 Proposed least-privilege adjustment

 permissions:
   pull-requests: write
   issues: write
-  contents: write

 jobs:
   request-info:
+    permissions:
+      pull-requests: write
+      issues: write
+      contents: write
     if: |
       github.event_name == 'pull_request_target' && 
       github.event.pull_request.merged == true &&
       contains(github.event.pull_request.labels.*.name, 'first-time-contributor')

   fetch-pr-meta:
+    permissions:
+      pull-requests: read
     if: |
       github.event_name == 'issue_comment' &&
       github.event.issue.pull_request != null &&
       (contains(github.event.comment.body, 'discord:') || contains(github.event.comment.body, 'Discord:'))

Also applies to: 31-43

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/contributor-onboarding.yml around lines 11 - 14, The
workflow currently grants broad repo-level permissions (e.g., contents: write)
but the fetch-pr-meta job only needs read-only access; update the global
permissions to remove contents: write and instead scope minimal permissions on
the fetch-pr-meta job by adding a job-level permissions block that sets
contents: read (and pull-requests: read, issues: read) for the fetch-pr-meta
job, leaving other jobs to have their own scoped permissions as needed; locate
the global permissions entries (permissions: pull-requests, issues, contents)
and the job named fetch-pr-meta to apply this change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/contributor-onboarding.yml:
- Around line 11-14: The workflow currently grants broad repo-level permissions
(e.g., contents: write) but the fetch-pr-meta job only needs read-only access;
update the global permissions to remove contents: write and instead scope
minimal permissions on the fetch-pr-meta job by adding a job-level permissions
block that sets contents: read (and pull-requests: read, issues: read) for the
fetch-pr-meta job, leaving other jobs to have their own scoped permissions as
needed; locate the global permissions entries (permissions: pull-requests,
issues, contents) and the job named fetch-pr-meta to apply this change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6d091bdd-fd15-4895-8a8d-8df7042f9954

📥 Commits

Reviewing files that changed from the base of the PR and between 6c5cbbf and 3cf87fc.

📒 Files selected for processing (1)

• .github/workflows/contributor-onboarding.yml

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/contributor-onboarding.yml (1)

30-55: 🧹 Nitpick | 🔵 Trivial

Consider adding explicit read-only permissions to fetch-pr-meta.

This job only performs a pulls.get read operation but inherits pull-requests: write from the workflow-level permissions. Adding explicit job-level permissions would follow least-privilege.

🔒 Optional: Narrow token scope

   fetch-pr-meta:
+    permissions:
+      pull-requests: read
     if: |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/contributor-onboarding.yml around lines 30 - 55, The
fetch-pr-meta job currently inherits broad write permissions; add an explicit
job-level permissions block to limit the token to read-only for pull data (e.g.,
add permissions: pulls: read) so the github.rest.pulls.get call in the meta step
still works while following least-privilege; place the permissions key directly
under the fetch-pr-meta job definition to override workflow-level write access.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/contributor-onboarding.yml:
- Line 69: The pr_number input is inconsistently quoted: update the pr_number
declaration at the location using pr_number: "${{ github.event.issue.number }}"
to match the other usage (or vice versa) so both use the same style; locate the
pr_number key in the workflow and either remove the surrounding double quotes or
add them to the other pr_number occurrence to ensure consistent quoting across
the workflow.

---

Duplicate comments:
In @.github/workflows/contributor-onboarding.yml:
- Around line 30-55: The fetch-pr-meta job currently inherits broad write
permissions; add an explicit job-level permissions block to limit the token to
read-only for pull data (e.g., add permissions: pulls: read) so the
github.rest.pulls.get call in the meta step still works while following
least-privilege; place the permissions key directly under the fetch-pr-meta job
definition to override workflow-level write access.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 99bd25e9-1098-4ae7-ab1a-2e882173c8ac

📥 Commits

Reviewing files that changed from the base of the PR and between 3cf87fc and 2351312.

📒 Files selected for processing (2)

• .github/workflows/contributor-onboarding.yml
• .github/workflows/track-contributor-prs.yml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/track-contributor-prs.yml:
- Line 21: The workflow currently uses an invalid expression to set
lines_changed: `${{ github.event.pull_request.additions +
github.event.pull_request.deletions }}`; replace this by computing the sum in a
prior step (e.g., a step called compute-lines-changed) that reads
github.event.pull_request.additions and .deletions, adds them (in a shell or
JavaScript action), and sets the result as an output (e.g.,
outputs.lines_changed); then reference that output when calling the reusable
workflow (e.g., with: lines_changed: ${{
steps.compute-lines-changed.outputs.lines_changed }}). Ensure the step name and
output key match the call.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: fa991dff-3391-4169-8153-1e6a92f199ef

📥 Commits

Reviewing files that changed from the base of the PR and between 2351312 and aa1510d.

📒 Files selected for processing (2)

• .github/workflows/contributor-onboarding.yml
• .github/workflows/track-contributor-prs.yml

[SIDDHANTCOOKIE]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/track-contributor-prs.yml (1)

28-37: ⚠️ Potential issue | 🟠 Major

Add explicit permissions to the reusable-workflow call job.

The update-pr-count job calls a reusable workflow without job-level permissions. Per GitHub Actions semantics, when a calling job omits permissions, the reusable workflow receives the repository's default GITHUB_TOKEN permissions—bypassing the workflow-level pull-requests: read restriction defined at the top of this file. The reusable workflow can only preserve or reduce permissions from the caller's envelope, not escalate beyond it. Setting job-level permissions ensures the called workflow respects the intended least-privilege policy.

Suggested fix

   update-pr-count:
     needs: calculate-changes
     if: github.event.pull_request.merged == true
+    permissions:
+      pull-requests: read
     uses: StabilityNexus/ContributorAutomation/.github/workflows/reusable-update-pr.yml@main
     with:
       pr_number: ${{ github.event.pull_request.number }}
       repo_name: ${{ github.repository }}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/track-contributor-prs.yml around lines 28 - 37, The
reusable-job update-pr-count currently invokes
StabilityNexus/ContributorAutomation/.github/workflows/reusable-update-pr.yml@main
without an explicit job-level permissions block; add a permissions section to
the update-pr-count job (e.g., permissions: pull-requests: read) so the called
reusable workflow cannot inherit broader default GITHUB_TOKEN privileges and
will respect the workflow-level least-privilege policy.

♻️ Duplicate comments (1)

.github/workflows/contributor-onboarding.yml (1)

30-35: ⚠️ Potential issue | 🟠 Major

Limit fetch-pr-meta to a read-only token.

This job only reads PR metadata via pulls.get, but it currently inherits workflow-level pull-requests: write and issues: write. GitHub recommends granting the least required GITHUB_TOKEN access, and once a job-level permissions block is set, any unspecified scopes drop to none, so pull-requests: read is sufficient here. (docs.github.com)

🔒 Proposed fix

   fetch-pr-meta:
+    permissions:
+      pull-requests: read
     if: |
       github.event_name == 'issue_comment' &&
       github.event.issue.pull_request != null &&

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/contributor-onboarding.yml around lines 30 - 35, The
fetch-pr-meta job is inheriting write-level workflow permissions but only needs
read access; add a job-level permissions block to restrict GITHUB_TOKEN to the
least privileges required (e.g., set permissions: pull-requests: read and
issues: read) in the fetch-pr-meta job definition so that other scopes drop to
none and only read access is granted for pulls.get and reading issue/comment
metadata.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/workflows/track-contributor-prs.yml:
- Around line 28-37: The reusable-job update-pr-count currently invokes
StabilityNexus/ContributorAutomation/.github/workflows/reusable-update-pr.yml@main
without an explicit job-level permissions block; add a permissions section to
the update-pr-count job (e.g., permissions: pull-requests: read) so the called
reusable workflow cannot inherit broader default GITHUB_TOKEN privileges and
will respect the workflow-level least-privilege policy.

---

Duplicate comments:
In @.github/workflows/contributor-onboarding.yml:
- Around line 30-35: The fetch-pr-meta job is inheriting write-level workflow
permissions but only needs read access; add a job-level permissions block to
restrict GITHUB_TOKEN to the least privileges required (e.g., set permissions:
pull-requests: read and issues: read) in the fetch-pr-meta job definition so
that other scopes drop to none and only read access is granted for pulls.get and
reading issue/comment metadata.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: dacb8c0a-837d-4c12-919a-c0bd52d21aa1

📥 Commits

Reviewing files that changed from the base of the PR and between 2351312 and 04d8232.

📒 Files selected for processing (2)

• .github/workflows/contributor-onboarding.yml
• .github/workflows/track-contributor-prs.yml

[SIDDHANTCOOKIE]

test