fix: derive PR number and head SHA for issue_comment events in CLA status check

[Copilot]

In issue_comment events, context.payload.pull_request and context.sha are both undefined, causing the success status check to silently no-op and emit a malformed target_url.

Changes

• PR number fallback: When context.payload.pull_request?.number is absent, fall back to context.payload.issue.number
• SHA resolution: When SHA isn't in the payload, fetch it via github.rest.pulls.get using the resolved PR number
• target_url guarded: Only set when prNumber is defined to avoid /pull/ trailing-slash URLs

let prNumber = context.payload.pull_request?.number;
let sha = context.payload.pull_request?.head?.sha;

if (!prNumber && context.payload.issue?.number) {
  prNumber = context.payload.issue.number;
}

if (!sha && prNumber) {
  const { data: pr } = await github.rest.pulls.get({
    owner: context.repo.owner,
    repo: context.repo.repo,
    pull_number: prNumber,
  });
  sha = pr.head.sha;
}

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[Copilot]

Pull request overview

This PR updates the reusable CLA check workflow’s “Create Success Status Check” step to correctly resolve the PR number and head SHA when the triggering event is issue_comment, where context.payload.pull_request and context.sha may be unavailable.

Changes:

• Add PR number fallback from context.payload.issue.number when pull_request.number is missing.
• Resolve head SHA by fetching the PR via github.rest.pulls.get when SHA isn’t present in the event payload.
• Avoid generating malformed target_url values by only setting it when prNumber is defined.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

issue_comment fires for both issues and PRs. Falling back to context.payload.issue.number without verifying that the issue is a PR (e.g., context.payload.issue.pull_request exists) can treat an issue number as a PR number, causing the subsequent pulls.get call to 404 and fail this job. Consider guarding the fallback so you only derive prNumber from issue.number when the issue is actually a PR, otherwise skip creating a status.

Suggested change

	if (!prNumber && context.payload.issue?.number) {
	// For issue_comment events, ensure the issue is actually a PR
	// by checking for the presence of the pull_request field.
	if (!prNumber && context.payload.issue?.pull_request) {

[Copilot]

The github.rest.pulls.get call is not wrapped in error handling. If the PR lookup fails (non-PR issue_comment, permission issue, API outage/rate limit), the script will throw and fail the workflow, potentially preventing the CLA success status from being set. Recommend catching errors around the fetch and logging + returning (or otherwise falling back) so this step degrades gracefully when SHA resolution is not possible.

Suggested change

	const { data: pr } = await github.rest.pulls.get({
	owner: context.repo.owner,
	repo: context.repo.repo,
	pull_number: prNumber,
	});
	sha = pr.head.sha;
	try {
	const { data: pr } = await github.rest.pulls.get({
	owner: context.repo.owner,
	repo: context.repo.repo,
	pull_number: prNumber,
	});
	sha = pr.head.sha;
	} catch (error) {
	console.log(`Failed to fetch PR ${prNumber} for SHA resolution:`, error);
	console.log('Skipping status check because SHA could not be resolved');
	return;
	}