Create "snack" issue from PR labeled "snack-it".

[htahir1]

Describe changes

This PR adds a GitHub Actions workflow that automates issue creation and project management when PRs are labeled with snack-it.

What it does:

1. Triggers on PR labeling (snack-it label) or manual workflow dispatch
2. Creates a tracking issue with the PR title and a snack label
3. Assigns the issue to the PR author
4. Copies PR labels to the issue (excluding snack-it itself)
5. Adds the issue to the ZenML Roadmap project (projects/1)
6. Sets status to "In Review" in the project
7. Links the PR branch to the issue (same-repo PRs only)
8. Comments on the PR with a link to the created issue (only on first run)

Security & robustness improvements:

• Tightened permissions: pull-requests uses read instead of write
• Label verification for manual triggers: workflow_dispatch checks if the PR has the snack-it label
• Fork safety: Branch linking is skipped for fork PRs
• Better error handling: Try-catch for manual PR lookup with clear error messages
• Idiomatic token usage: Uses ${{ github.token }} for non-PAT scripts

Idempotence & noise reduction (latest commit):

• Issue reuse detection: Adds issue_reused output to detect existing snack issues
• Gated PR comments: Only posts "Snack issue created" comment when a new issue is created (avoids duplicate comments on re-runs)
• Hardened status lookup: Bumped GraphQL field pagination from 20→50, added optional chaining on options lookup to prevent runtime errors
• Override for testing: New override_label_check input allows manual runs on PRs without the snack-it label

Pre-requisites

Please ensure you have done the following:

• I have read the CONTRIBUTING.md document.
• I have added tests to cover my changes. (N/A - GitHub Actions workflow)
• I have based my new branch on develop and the open PR is targeting develop. If your branch wasn't based on develop read Contribution guide on rebasing branch to develop.
• IMPORTANT: I made sure that my changes are reflected properly in the following resources:
  • ZenML Docs (N/A - internal tooling)
  • Dashboard: Needs to be communicated to the frontend team. (N/A)
  • Templates: Might need adjustments (that are not reflected in the template tests) in case of non-breaking changes and deprecations. (N/A)
  • Projects: Depending on the version dependencies, different projects might get affected. (N/A)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Other (add details above)

[strickvl]

@claude /full-review

[github-actions]

Documentation Link Check Results

✅ Absolute links check passed
✅ Relative links check passed
_{Last checked: 2025-12-05 16:48:59 UTC}

[claude]

Claude finished @strickvl's task —— View job

---

Code Review: Snack-it Workflow

I've completed a comprehensive review of the new GitHub Actions workflow. Here's my detailed feedback:

Summary

This workflow creates a "snack" issue from PRs labeled with "snack-it", using Claude AI to generate concise issue descriptions. The issue inherits PR labels, gets added to the ZenML Roadmap project with "In Review" status, and has the PR branch linked to it.

Critical Issues

1. Duplicate API Key Parameter (.github/workflows/snack-it.yml:47-50)

env:
  ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
with:
  anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

The ANTHROPIC_API_KEY is set both as an environment variable AND as a with parameter. According to the claude-code-action documentation, you only need to pass it via the with parameter. Remove the env block (lines 47-48).

2. Regex Parsing Fragility (.github/workflows/snack-it.yml:99-108)

const titleMatch = claudeOutput.match(/ISSUE_TITLE:\s*\n(.+?)(?=\n\nISSUE_BODY:)/s);
const bodyMatch = claudeOutput.match(/ISSUE_BODY:\s*\n([\s\S]+?)$/);

The regex patterns assume very specific formatting from Claude (exactly two newlines between sections). If Claude adds extra whitespace or formats slightly differently, parsing will fail silently and fall back to using the PR title/body. Consider:

• More flexible regex patterns (e.g., \n+ instead of \n\n)
• Adding debug logging when parsing fails
• Validation that the extracted values are meaningful

3. Race Condition in Issue Retrieval (.github/workflows/snack-it.yml:165-172)

const issues = await github.rest.issues.listForRepo({
  owner: context.repo.owner,
  repo: context.repo.repo,
  labels: 'snack',
  sort: 'created',
  direction: 'desc',
  per_page: 1
});

Instead of querying for the most recent "snack" issue, this should use the issue_number output from the previous step (line 151). If two workflows run concurrently, this query could grab the wrong issue. Replace with:

const issueNumber = ${{ steps.create-issue.outputs.issue_number }};
const issue = await github.rest.issues.get({
  owner: context.repo.owner,
  repo: context.repo.repo,
  issue_number: issueNumber
});
const issueNodeId = '${{ steps.create-issue.outputs.issue_node_id }}';

Security Issues

4. Token Scope Concern (.github/workflows/snack-it.yml:160)

github-token: ${{ secrets.GH_PAT_TOKEN_FOR_SNACK_IT }}

Using a PAT is necessary for project operations, but:

• ✅ The workflow correctly documents required scopes (repo, project, org:read)
• ⚠️ Consider whether repo scope is too broad. If the token only needs public_repo or specific permissions, document that
• ✅ Good: Token is only used in the specific step that needs elevated permissions

5. Command Injection via PR Title (.github/workflows/snack-it.yml:56)

The PR title is interpolated directly into the prompt:

PR Title: ${{ github.event.pull_request.title }}

While this is passed to Claude (not a shell), if the title contains characters that could confuse the YAML parser or prompt format (like backticks, quotes, etc.), it could cause issues. Consider escaping or sanitizing, or better yet, have Claude fetch the PR details directly via gh pr view command (which you're already instructing it to do).

Logic & Correctness Issues

6. Inconsistent Field Name Matching (.github/workflows/snack-it.yml:226-228)

const inReviewOption = statusField?.options.find(opt => 
  opt.name === 'In Review' || opt.name === 'In review'
);

Checking for both "In Review" and "In review" is good defensive programming, but indicates uncertainty about the actual field name in the project. Consider:

• Documenting the actual field name in comments
• Making this configurable if it might change

7. Error Handling Creates Silent Partial Success (.github/workflows/snack-it.yml:327-336)

The workflow catches errors when adding to the project but continues anyway:

} catch (error) {
  console.error(...);
  // Don't fail the workflow, just log the error
}

While this prevents the workflow from failing after successfully creating an issue, it means the issue won't be tracked in the project board. Consider:

• Adding a warning annotation to the workflow run
• Commenting on the issue itself about the failure (not just the PR)
• Using core.warning() or core.notice() to make this more visible

8. Branch Linking May Fail Silently (.github/workflows/snack-it.yml:291-323)

The branch linking logic attempts to create a linked branch using GraphQL, but if it fails, it only logs a message. The createLinkedBranch mutation might not work if:

• The branch already exists for another issue
• The branch name has special characters
• Permissions are insufficient

Consider whether this feature is critical enough to warrant better error handling or whether it should be optional.

Code Quality & Best Practices

9. Hardcoded Organization and Project Number (.github/workflows/snack-it.yml:185-186)

const projectNumber = 1;
const orgName = 'zenml-io';

These are hardcoded but should probably be workflow inputs or repository variables to make the workflow more reusable. Consider moving to:

env:
  PROJECT_NUMBER: 1
  ORG_NAME: zenml-io

10. Missing Input Validation (.github/workflows/snack-it.yml:86)

const claudeOutput = process.env.CLAUDE_OUTPUT || '';

There's no validation that Claude actually returned output. If steps.claude-generate.outputs.result is undefined/empty, the workflow silently falls back to PR title/body. Consider:

• Logging when fallback is used
• Optionally failing the workflow if Claude didn't respond
• Adding a note to the issue body indicating it wasn't AI-generated

11. Prompt Could Be More Specific (.github/workflows/snack-it.yml:52-78)

The prompt asks Claude to output in a specific format but:

• Doesn't explicitly forbid markdown code blocks around the output
• Could be clearer about exactly what "concise" means (you say "2-3 sentences max" for summary but not for the full body)
• The example format shows <A concise...> which might confuse the model into including angle brackets

Suggested improvement:

prompt: |
  Generate a snack issue from PR #${{ github.event.pull_request.number }}.
  
  Steps:
  1. Run: gh pr view ${{ github.event.pull_request.number }} --json title,body,author,headRefName,files
  2. Run: gh pr diff ${{ github.event.pull_request.number }} (if needed)
  3. Analyze what was accomplished
  4. Output exactly in this format (no code blocks, no extra text):
  
  ISSUE_TITLE:
  A concise, actionable title (max 80 chars)
  
  ISSUE_BODY:
  A brief summary (2-3 sentences) explaining what this snack accomplishes.
  
  Key changes:
  - Change 1
  - Change 2
  
  References PR #${{ github.event.pull_request.number }}
  
  CRITICAL: Output ONLY the above format. No markdown code blocks. No commentary.

12. Checkout Depth Optimization (.github/workflows/snack-it.yml:41)

fetch-depth: 1

Good! Shallow checkout is appropriate here since Claude only needs to view the PR diff, not the full history.

13. Comment Message References Non-existent Feature (.github/workflows/snack-it.yml:147)

body: `🍿 Snack issue created: #${issue.data.number}\n\nThis issue has been added to the [ZenML Roadmap](https://github.com/orgs/zenml-io/projects/1) project and set to "In Review".\n\n_Generated with Claude AI ✨_`

This message claims the issue was added to the project and set to "In Review", but that happens in the next step which might fail. If step 3 fails, this comment will be misleading. Consider:

• Moving this comment to after the project addition succeeds
• Making the message conditional based on success
• Adding a follow-up comment if project addition fails

What's Done Well

✅ Good conditional execution: Using if: steps.check-label.outputs.snack_it == 'true' prevents unnecessary work

✅ Comprehensive error logging: Good use of console.log throughout for debugging

✅ Graceful degradation: Fallback to PR title/body if Claude fails

✅ Security: Appropriate use of different tokens for different permission levels

✅ Documentation: Excellent inline documentation explaining the workflow purpose and requirements

✅ Label inheritance: Smart to copy PR labels to the issue

Minor Improvements

14. Consider rate limiting: If many PRs are labeled simultaneously, this could hit API rate limits. Consider whether you need concurrency controls.

15. Test plan: Since this workflow modifies the .github/workflows directory, you can't test it in the PR itself. Have you tested this in a fork or separate test repository?

16. PR description: The PR description is still the template - it should explain what this workflow does and why it's needed.

Recommendations

Must fix before merge:

• Issue 1: Remove duplicate ANTHROPIC_API_KEY
• Issue 3: Use step outputs instead of querying for the issue
• Issue 13: Move PR comment to after project addition or make it conditional

Should fix before merge:

• Issue 2: Improve regex parsing robustness
• Issue 7: Add better error visibility (warnings/annotations)
• Issue 10: Add validation and logging for Claude output

Nice to have:

• Issue 9: Make org/project configurable
• Issue 11: Improve prompt clarity
• Issues 5, 6, 8: Various minor improvements

---

[htahir1]

@claude full-review

[claude]

Claude finished @htahir1's task —— View job

---

Full Review of Snack-it Workflow

Summary

This workflow automates the creation of "snack" issues from PRs labeled with "snack-it", using Claude AI to generate concise descriptions. The implementation is largely solid with good error handling and graceful degradation. I've identified several improvements (detailed below) that would make it more robust, but none are blocking issues.

✅ What's Working Well

1. Excellent documentation - Clear inline comments explaining workflow purpose and requirements
2. Graceful degradation - Falls back to PR content if Claude fails
3. Comprehensive logging - Good use of console.log for debugging
4. Proper conditionals - Smart use of if: steps.check-label.outputs.snack_it == 'true' to avoid unnecessary work
5. Label inheritance - Correctly copies PR labels to the issue (excluding 'snack-it' trigger label)
6. Security-conscious - Appropriate use of different tokens for different permission levels
7. Improved regex parsing (.github/workflows/snack-it.yml:143, 152) - More flexible with \n+ instead of exact \n\n matches - this addresses my previous feedback!
8. Fixed race condition (.github/workflows/snack-it.yml:231-232) - Now uses step outputs instead of querying for latest issue - excellent fix!
9. Clear messaging (.github/workflows/snack-it.yml:421-424) - PR comment accurately reflects whether project addition succeeded or failed
10. PAT token check (.github/workflows/snack-it.yml:209-216) - Helpful warning when token isn't configured
11. Continue on error (.github/workflows/snack-it.yml:220) - Workflow continues even if project addition fails

🔴 Critical Issues

None! All critical issues from my previous review have been addressed.

⚠️ Recommended Improvements

1. Prompt Could Be More Explicit About Output Format (.github/workflows/snack-it.yml:91-106)

The prompt says "no code blocks, no extra text" but Claude might still add them. Consider adding:

CRITICAL: Output ONLY the above format. No markdown code blocks (no ```), no "Here's the output:", no commentary before or after. Start immediately with "ISSUE_TITLE:" on the first line.

Severity: Low - Current regex handles variations well, but being more explicit reduces edge cases.

---

2. Consider Limiting Allowed PR Events (.github/workflows/snack-it.yml:17)

The workflow triggers on [opened, synchronize, reopened, labeled, unlabeled]. Consider if you need all of these:

• ✅ labeled - essential (primary trigger)
• ❓ unlabeled - might create duplicate issues if label is re-added
• ❓ synchronize - triggers on every commit push if label is present
• ❓ opened/reopened - triggers if PR is opened with the label already on it

Recommendation: Consider simplifying to just [labeled] to avoid accidental duplicate issue creation. The workflow_dispatch handles manual cases.

Severity: Medium - Could cause confusion if multiple issues are created for the same PR.

---

3. Hardcoded Values Should Be Configurable (.github/workflows/snack-it.yml:253-254)

const projectNumber = 1;
const orgName = 'zenml-io';

Recommendation: Move to workflow-level environment variables:

env:
  PROJECT_NUMBER: 1
  ORG_NAME: zenml-io

Then reference as process.env.PROJECT_NUMBER and process.env.ORG_NAME in the script.

Benefit: Makes the workflow more reusable if you ever need to adapt it for other projects/orgs.

Severity: Low - Nice-to-have for maintainability.

---

4. Missing Validation for Claude Output (.github/workflows/snack-it.yml:139-162)

The code checks if claudeOutput exists but doesn't validate if the extracted content is meaningful:

if (titleMatch && titleMatch[1].trim()) {
  issueTitle = titleMatch[1].trim();
  // No check if titleMatch[1] is actually meaningful (could be "...")

Recommendation: Add validation:

if (titleMatch && titleMatch[1].trim() && titleMatch[1].trim().length > 10) {
  issueTitle = titleMatch[1].trim();
  console.log('Extracted title:', issueTitle);
} else {
  console.log('⚠️  Title too short or invalid, using PR title');
}

Severity: Low - Edge case, but would prevent issues like "..." or "TODO" being used as titles.

---

5. Branch Linking May Fail for Fork PRs (.github/workflows/snack-it.yml:354-391)

const prBranch = pr.data.head.ref;
const prRepo = pr.data.head.repo.full_name;

For PRs from forks, pr.data.head.repo might be different from the base repo, and the createLinkedBranch mutation expects a branch in the base repo.

Current behavior: The try-catch will gracefully handle this, logging a message.

Recommendation: Add a check before attempting to link:

if (pr.data.head.repo.full_name !== pr.data.base.repo.full_name) {
  console.log(`Note: PR is from a fork (${pr.data.head.repo.full_name}). Branch linking only works for same-repo branches.`);
} else {
  // Attempt to link branch
  try { ... }
}

Severity: Low - Already handled gracefully, but clearer logging would help users understand.

---

6. Consider Rate Limiting Protection (general concern)

If many PRs are labeled simultaneously (e.g., bulk labeling operation), this could:

• Hit GitHub API rate limits
• Trigger multiple Claude API calls
• Create many issues rapidly

Recommendation: Consider adding a concurrency limit:

concurrency:
  group: snack-it-${{ github.event.pull_request.number }}
  cancel-in-progress: false  # Don't cancel, just queue

Severity: Low - Unlikely scenario, but good defensive programming.

---

7. PR Description Still Uses Template (not a code issue)

The PR description hasn't been filled out - it's still the template. This makes it hard for reviewers to understand:

• What this workflow does
• Why it's needed
• How to test it (especially important since workflows can't be tested in PRs)

Recommendation: Fill out the PR description with:

• Purpose of the workflow
• Example use case
• Testing approach (e.g., "Tested in fork at ...")
• Any manual setup required (PAT token configuration)

Severity: Medium - Important for review and future reference.

---

🟢 Minor Suggestions

8. Improve Error Message Clarity (.github/workflows/snack-it.yml:396-406)

Good error handling, but consider adding the actual error details to help with debugging:

console.error(`Error details: ${JSON.stringify(error, null, 2)}`);

---

9. Consider Adding Duplicate Detection

If a snack issue already exists for a PR (maybe workflow ran twice), consider detecting this:

// Check if an issue referencing this PR already exists
const existingIssues = await github.rest.issues.listForRepo({
  owner: context.repo.owner,
  repo: context.repo.repo,
  labels: 'snack',
  state: 'all',
  per_page: 100
});

const prNumber = pr.number;
const hasDuplicate = existingIssues.data.some(issue => 
  issue.body && issue.body.includes(`PR #${prNumber}`)
);

if (hasDuplicate) {
  console.log(`⚠️  Snack issue for PR #${prNumber} may already exist`);
  // Decide: skip creation, or create anyway with a note
}

Severity: Low - Nice-to-have for robustness.

---

🎯 Testing Recommendations

Since workflows can't be tested in PRs, I recommend:

1. Test in a fork first - Ensure the workflow runs successfully there
2. Test both triggers:
   • Label trigger: Add/remove "snack-it" label
   • Manual trigger: Use workflow_dispatch with a PR number
3. Test edge cases:
   • PR with no description
   • PR with very long description
   • PR from a fork (for branch linking)
   • PAT token not configured (should gracefully degrade)
4. Verify outputs:
   • Issue created with correct title/body
   • Labels copied correctly
   • Issue added to project with "In Review" status
   • Branch linked to issue
   • PR comment posted

---

📊 Overall Assessment

Grade: B+ (85/100)

This is a well-implemented workflow with excellent error handling and graceful degradation. The major issues from my previous review have all been addressed:

• ✅ Race condition fixed (now uses step outputs)
• ✅ Regex parsing improved (more flexible)
• ✅ PR comment accuracy improved (conditional messaging)

The remaining suggestions are mostly minor improvements and edge case handling. The workflow is production-ready, but would benefit from:

1. Simplifying the PR event triggers (consider just labeled)
2. Filling out the PR description
3. Adding duplicate detection
4. Testing thoroughly in a fork before merge

Great work addressing the previous feedback! 🎉

---

[github-actions]

🍿 Snack issue created: #4306

This issue has been added to the ZenML Roadmap project and set to "In Review".

Generated with Claude AI ✨

[github-actions]

🍿 Snack issue created: #4307

This issue has been added to the ZenML Roadmap project and set to "In Review".

Generated with Claude AI ✨

[github-actions]

🍿 Snack issue created: #4308

This issue has been added to the ZenML Roadmap project and set to "In Review".

[htahir1]

@strickvl ready for your review

[strickvl]

Suggested change

	types: [opened, synchronize, reopened, labeled, unlabeled]
	types: [opened, labeled]

I think maybe I'd restrict it to this, as otherwise the issues will be created every time someone pushes to the branch. I'd even possibly suggest deleting opened as well.

[strickvl]

If we include opened, I'd maybe include something like this to ensure we're not creating duplicates? I think this would be the right place?

// Before creating the issue
const owner = context.repo.owner;
const repo = context.repo.repo;
const query = `repo:${owner}/${repo} type:issue label:snack "PR #${pr.number}"`;

const searchResult = await github.rest.search.issuesAndPullRequests({ q: query });
const existing = searchResult.data.items[0];

if (existing) {
  console.log(`Existing snack issue #${existing.number} found for PR #${pr.number}, not creating a new one.`);
  core.setOutput('issue_number', existing.number);
  core.setOutput('issue_node_id', existing.node_id);
  core.setOutput('pr_number', pr.number);
  return existing.number;
}

[strickvl]

There are a bunch of different ways you can check to see that we only proceed when the snack-it label is added.

[strickvl]

Suggested change

	- name: Checkout repository
	if: steps.check-label.outputs.snack_it == 'true'
	uses: actions/checkout@v5
	with:
	fetch-depth: 1

I think this isn't used anywhere?

[strickvl]

Suggested change

	// Get full issue and PR details for later use
	const issue = await github.rest.issues.get({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: issueNumber
	});
	const pr = await github.rest.pulls.get({
	owner: context.repo.owner,
	repo: context.repo.repo,
	pull_number: prNumber
	});
	try {
	// GraphQL query to add item to project
	// Project number from URL: https://github.com/orgs/zenml-io/projects/1
	const projectNumber = 1;
	const orgName = 'zenml-io';
	try {
	// GraphQL query to add item to project
	// Project number from URL: https://github.com/orgs/zenml-io/projects/1
	const projectNumber = 1;
	const orgName = 'zenml-io';
	// Get full issue and PR details for later use
	const issue = await github.rest.issues.get({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: issueNumber
	});
	const pr = await github.rest.pulls.get({
	owner: context.repo.owner,
	repo: context.repo.repo,
	pull_number: prNumber
	});

Formatting of this is probably off, but this will prevent silent failures in case it wasn't able to get the issue or PR (the workflow would otherwise just run through without failing in the outer closure).

[strickvl]

I guess it's fine for what it is, but probably the .js script is getting a bit long now so normally I'd say it makes sense for that to live in the scripts/ dir and then we just run / trigger it from here with a node step etc.

[htahir1]

@strickvl id suggest we merge it in for now it isnt a big use-case

[htahir1]

@strickvl wdyt

[strickvl]

@strickvl id suggest we merge it in for now it isnt a big use-case

I just fixed directly. It'll be a pain if this isn't working right / if it's too spammy etc.

[strickvl]

LGTM