Skip to content

ci: update lock threads action#1092

Merged
erikras merged 1 commit into
mainfrom
fix/lock-threads-action-token-length
May 30, 2026
Merged

ci: update lock threads action#1092
erikras merged 1 commit into
mainfrom
fix/lock-threads-action-token-length

Conversation

@erikras-richard-agent

@erikras-richard-agent erikras-richard-agent commented May 30, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Updates dessant/lock-threads from v3 to a pinned v6 commit
  • Restricts processing to issues and PRs, matching the existing permissions
  • Fixes the old action rejecting GitHub's longer token and avoids the Node 20 deprecation warning

Test Plan

  • Parsed .github/workflows/lock.yml with Ruby YAML

Summary by CodeRabbit

  • Chores
    • Updated GitHub Actions workflow configuration.

Review Change Stack

@coderabbitai

coderabbitai Bot commented May 30, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

This PR updates the GitHub Actions workflow to pin the dessant/lock-threads action to a specific commit SHA (89ae32b08ed1a541efecbab17912962a5e38981c) instead of using the v3 version tag. All configuration parameters and job behavior remain unchanged.

Changes

GitHub Workflow Configuration

Layer / File(s) Summary
Lock-threads action version pinning
.github/workflows/lock.yml
The dessant/lock-threads action reference is updated to use a pinned commit SHA for reproducibility and security, with all existing inputs (process-only, inactive-days, lock-reason) preserved.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

  • erikras

Poem

🐰 A commit pinned tight,
Where version tags once gleamed,
The workflow now holds fast,
Through GitHub's guardian light,
Locked true, as intended.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'ci: update lock threads action' directly describes the main change: updating a GitHub Actions workflow for the lock-threads action.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/lock-threads-action-token-length

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/lock.yml:
- Around line 19-20: Update the inline comment for the pinned GitHub Action so
it includes the release tag in addition to the commit SHA: change the comment
that currently reads "dessant/lock-threads pinned to commit
89ae32b08ed1a541efecbab17912962a5e38981c" to mention the corresponding
tag/release v6.0.2 (e.g., "dessant/lock-threads v6.0.2 pinned to commit
89ae32b08ed1a541efecbab17912962a5e38981c") so future maintainers can see the
release version while the action remains pinned to that commit.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 69ffa5ba-5850-403b-9f7c-84c5f36e1f7c

📥 Commits

Reviewing files that changed from the base of the PR and between 4271873 and 878badc.

📒 Files selected for processing (1)
  • .github/workflows/lock.yml

Comment on lines +19 to +20
# dessant/lock-threads pinned to commit 89ae32b08ed1a541efecbab17912962a5e38981c
- uses: dessant/lock-threads@89ae32b08ed1a541efecbab17912962a5e38981c

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the dessant/lock-threads commit SHA and version

# Check if the commit exists and get its details
echo "=== Verifying commit SHA ==="
gh api repos/dessant/lock-threads/commits/89ae32b08ed1a541efecbab17912962a5e38981c --jq '{sha: .sha, date: .commit.committer.date, message: .commit.message}' 2>&1

# Check what tags contain this commit
echo -e "\n=== Tags containing this commit ==="
gh api repos/dessant/lock-threads/tags --jq '.[] | select(.commit.sha == "89ae32b08ed1a541efecbab17912962a5e38981c") | {name: .name, sha: .commit.sha}'

# Get the latest release
echo -e "\n=== Latest release ==="
gh api repos/dessant/lock-threads/releases/latest --jq '{tag: .tag_name, published: .published_at, name: .name}'

# Check for security advisories
echo -e "\n=== Security advisories ==="
gh api graphql -f query='
{
  repository(owner: "dessant", name: "lock-threads") {
    vulnerabilityAlerts(first: 5) {
      nodes {
        securityVulnerability {
          advisory {
            summary
            severity
          }
        }
      }
    }
  }
}'

Repository: final-form/react-final-form

Length of output: 563


Document the pinned dessant/lock-threads version in the comment (v6.0.2)

The pinned commit 89ae32b08ed1a541efecbab17912962a5e38981c corresponds to dessant/lock-threads tag v6 / release v6.0.2 (no GitHub vulnerability alerts are reported). Update the line 19 comment to include v6.0.2 (not just the commit SHA) for easier maintenance/upgrade tracking.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/lock.yml around lines 19 - 20, Update the inline comment
for the pinned GitHub Action so it includes the release tag in addition to the
commit SHA: change the comment that currently reads "dessant/lock-threads pinned
to commit 89ae32b08ed1a541efecbab17912962a5e38981c" to mention the corresponding
tag/release v6.0.2 (e.g., "dessant/lock-threads v6.0.2 pinned to commit
89ae32b08ed1a541efecbab17912962a5e38981c") so future maintainers can see the
release version while the action remains pinned to that commit.

@erikras erikras merged commit e09c3cf into main May 30, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants