[feature] Added issue autoassignment bots

[Eeshu-Yadav]

This PR adds the GitHub Actions workflows to auto-assign issues, manage PR-issue linking, handle PR reopening reassignment, and manage stale PRs.

These workflows check out openwisp/openwisp-utils to run the bot Python scripts, ensuring uniform behavior across all repositories.

Related to the auto-assignment issue bot implementation.
closes #756

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c9736047-cbf6-464a-bfec-fa19fce3feb5

📥 Commits

Reviewing files that changed from the base of the PR and between 2090eba and 80cb1a5.

📒 Files selected for processing (4)

• .github/workflows/bot-autoassign-issue.yml
• .github/workflows/bot-autoassign-pr-issue-link.yml
• .github/workflows/bot-autoassign-pr-reopen.yml
• .github/workflows/bot-autoassign-stale-pr.yml

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.11 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.11 | django~=4.2.0
• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.10 | django~=5.2.0
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.10 | django~=5.1.0

🔇 Additional comments (4)

.github/workflows/bot-autoassign-issue.yml (1)

1-19: Workflow scope and permission boundaries look good.

The non-PR guard on Line 13 and minimal permissions are appropriate for this bot path.

.github/workflows/bot-autoassign-stale-pr.yml (1)

1-20: Stale-PR automation flow is coherent and operationally safe.

Schedule, dispatch fallback, and non-canceling concurrency are sensible for periodic stale management.

.github/workflows/bot-autoassign-pr-issue-link.yml (1)

14-15: Consider the execution path for closed-unmerged PRs.

The condition if: github.event.action != 'closed' || github.event.pull_request.merged == false will trigger when a PR is closed without being merged. Without access to verify how the upstream reusable workflow (openwisp/openwisp-utils/.github/workflows/reusable-bot-autoassign.yml@master) handles this scenario with bot_command: issue_assignment, it's unclear whether this represents desired behavior or an unintended no-op. If the issue_assignment handler doesn't explicitly handle closed-unmerged PRs (e.g., cleanup or unassignment logic), this condition may cause unnecessary workflow runs.

.github/workflows/bot-autoassign-pr-reopen.yml (1)

24-27: handle-pr-activity triggers on every PR-author comment without content filtering.

Line 24 condition lacks any check on comment body/content. Any comment from the PR author will invoke a full bot workflow run. Whether this causes CI waste or noisy behavior depends entirely on upstream filtering in the reusable-bot-autoassign.yml pr_reopen handler. Verify that upstream logic filters for actionable comments (e.g., specific keywords or patterns) before accepting this broad condition.

---

📝 Walkthrough

Walkthrough

Adds four GitHub Actions workflows that invoke a reusable OpenWISP bot workflow to automate issue and PR management. New files:

• .github/workflows/bot-autoassign-issue.yml: triggers on issue_comment.created to handle explicit issue assignment requests.
• .github/workflows/bot-autoassign-pr-issue-link.yml: triggers on pull_request_target opened/closed to handle PR→issue linking and assignment.
• .github/workflows/bot-autoassign-pr-reopen.yml: triggers on pull_request_target.reopened and issue_comment.created to reassign on PR reopen or matching PR-author comment activity.
• .github/workflows/bot-autoassign-stale-pr.yml: scheduled (daily) and workflow_dispatch job to manage stale PRs/unassign issues.

Each workflow sets appropriate repo permissions, configures concurrency, and calls openwisp/openwisp-utils/.github/workflows/reusable-bot-autoassign.yml@master with a bot_command (issue_assignment, pr_reopen, stale_pr) and forwards OPENWISP_BOT_APP_ID and OPENWISP_BOT_PRIVATE_KEY via secrets.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant GitHubEvents as GitHub Events
    participant Workflow as Repo Workflow
    participant Reusable as openwisp-utils Reusable
    participant GitHubApp as GitHub App (Bot)
    participant Script as Bot Script
    participant Repo as Repository (Issues/PRs)

    User->>GitHubEvents: comment / open PR / reopen PR / cron
    GitHubEvents->>Workflow: trigger corresponding workflow file
    Workflow->>Reusable: invoke reusable-bot-autoassign.yml (bot_command)
    Reusable->>GitHubApp: authenticate with OPENWISP_BOT_APP_ID & key
    GitHubApp->>Reusable: return App token
    Reusable->>Script: run bot command (issue_assignment / pr_reopen / stale_pr)
    Script->>Repo: read/modify issues and PRs (assign/unassign/link)
    Repo-->>User: updated issue/PR state

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• Add issue autoassignment and PR management bots openwisp-firmware-upgrader#394: Implements the same set of GitHub Actions workflows for bot-based issue/PR autoassignment and stale PR handling.
• Add issue autoassignment and PR management bots openwisp-controller#1265: Adds comparable workflows using the reusable openwisp-utils bot for PR/issue management.

Suggested reviewers

• nemesifier

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (2 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides an overview of the changes and links to issue #756, but does not follow the provided template structure with checklist items or proper sections.	Use the repository's description template including the checklist, reference section, and description of changes with proper formatting.
Out of Scope Changes check	❓ Inconclusive	All changes are workflow configurations directly related to bot autoassignment objectives. However, reviewer comments indicate potential inefficiencies in bot invocation logic that may warrant verification.	Verify with upstream maintainers that the pr_reopen script filters irrelevant comments and that the pr-issue-link bot handles closed-unmerged PRs appropriately to avoid wasted CI resources.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows the required [type] format with [feature], is descriptive, and accurately reflects the main change of adding issue autoassignment bot workflows.
Linked Issues check	✅ Passed	The PR adds four GitHub Actions workflows (issue assignment, PR-issue linking, PR reopening reassignment, stale PR management) that address all stated objectives from issue #756 using openwisp-utils scripts.
Bug Fixes	✅ Passed	PR adds new GitHub Actions workflows as feature additions, not bug fixes in core functionality. Custom check exempts workflow fixes from regression test requirements.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR introduces four new GitHub Actions workflows to automate issue and PR management (auto-assignment, PR–issue linking, PR reopen reassignment, and stale PR handling). Each workflow checks out openwisp/openwisp-utils to execute a shared bot Python script, ensuring consistent behavior across repositories.

Changes:

• Added bot-autoassign-issue.yml: Listens for issue_comment events on issues (not PRs) and runs the issue_assignment bot command.
• Added bot-autoassign-pr-issue-link.yml: Triggers on pull_request_target (opened/reopened/closed) and runs the issue_assignment bot command to manage PR–issue linking.
• Added bot-autoassign-pr-reopen.yml: Handles PR reopen and PR comment events with two jobs — reassign-on-reopen and handle-pr-activity.
• Added bot-autoassign-stale-pr.yml: Runs on a daily schedule to manage stale PRs via the stale_pr bot command.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/bot-autoassign-issue.yml	Autoassignment bot triggered by issue comments
.github/workflows/bot-autoassign-pr-issue-link.yml	Links issues to PRs when PRs are opened/closed/reopened
.github/workflows/bot-autoassign-pr-reopen.yml	Handles reassignment on PR reopen and PR comment activity
.github/workflows/bot-autoassign-stale-pr.yml	Daily scheduled job to manage stale PRs

---

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

The handle-pr-activity job (triggered by issue_comment on a PR) calls the same pr_reopen command as the reassign-on-reopen job. These two jobs handle different events (a comment on a PR vs. a PR being reopened), so they should likely invoke different bot commands. If the intent is to handle PR activity from a comment (e.g., handling bot commands posted in a PR comment), this step should call a different subcommand rather than reusing pr_reopen. This appears to be a copy-paste error that will result in incorrect behavior when an issue_comment event fires on a PR.

Suggested change

	pr_reopen "$GITHUB_EVENT_PATH"
	pr_activity "$GITHUB_EVENT_PATH"

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/bot-autoassign-pr-issue-link.yml:
- Around line 3-5: These two workflows both trigger on pull_request_target
types: [reopened] (bot-autoassign-pr-issue-link.yml vs
bot-autoassign-pr-reopen.yml) and will run concurrently; either add a
top-of-file comment in both workflows explaining their distinct responsibilities
(issue_assignment vs pr_reopen) to make the concurrency intentional and safe, or
consolidate the reopened handling by removing the reopened event from one
workflow and routing its functionality into the other (or into distinct steps)
so only the intended subcommand runs on reopen, ensuring no overlap or duplicate
API calls.

In @.github/workflows/bot-autoassign-pr-reopen.yml:
- Around line 18-87: The two jobs reassign-on-reopen and handle-pr-activity
duplicate the same setup steps (Generate GitHub App token step id
generate-token, Checkout openwisp-utils, Set up Python, Install dependencies);
extract these into a reusable workflow or a composite action in openwisp-utils
(e.g., .github/workflows/reusable-setup.yml or .github/actions/composite-setup)
that performs the token creation, checkout, python setup and pip install, then
call that workflow/action from both jobs (and replace duplicates across other
workflow files) so each job simply invokes the shared step by name and passes
required inputs/outputs (GITHUB_TOKEN, REPOSITORY, etc.).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e358cfe2-c432-4d98-a2a1-11e4c4c7d685

📥 Commits

Reviewing files that changed from the base of the PR and between 6db874f and a37760b.

📒 Files selected for processing (4)

• .github/workflows/bot-autoassign-issue.yml
• .github/workflows/bot-autoassign-pr-issue-link.yml
• .github/workflows/bot-autoassign-pr-reopen.yml
• .github/workflows/bot-autoassign-stale-pr.yml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)

• GitHub Check: Agent
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=5.1.0
• GitHub Check: Python==3.11 | django~=4.2.0

🔇 Additional comments (5)

.github/workflows/bot-autoassign-stale-pr.yml (1)

1-49: LGTM! Well-structured scheduled workflow.

The workflow is correctly configured:

• cancel-in-progress: false is appropriate for scheduled jobs to prevent incomplete runs.
• Permissions are properly scoped.
• Concurrency group prevents overlapping runs across repositories.

.github/workflows/bot-autoassign-issue.yml (1)

1-49: LGTM! Properly scoped issue comment handler.

Key observations:

• The if: github.event.issue.pull_request == null condition correctly ensures this workflow only processes comments on issues (not PRs), complementing the handle-pr-activity job in bot-autoassign-pr-reopen.yml.
• Concurrency group keyed by issue number prevents race conditions.
• Permissions are minimal and appropriate.

.github/workflows/bot-autoassign-pr-issue-link.yml (1)

16-49: Security posture is appropriate for pull_request_target.

The workflow correctly mitigates pwn request vulnerabilities by:

1. Checking out openwisp/openwisp-utils (a trusted repository) rather than the PR's potentially malicious code.
2. Running scripts only from the trusted master branch.

This is the safe pattern for pull_request_target workflows.

.github/workflows/bot-autoassign-pr-reopen.yml (2)

14-16: Concurrency fallback handles both event types correctly.

The expression github.event.pull_request.number || github.event.issue.number correctly resolves the identifier for both pull_request_target (uses pull_request.number) and issue_comment (uses issue.number) events.

---

54-56: Job condition correctly filters for PR comments only.

The condition github.event_name == 'issue_comment' && github.event.issue.pull_request ensures this job only handles comments on pull requests, complementing the bot-autoassign-issue.yml workflow which handles comments on regular issues with the inverse condition (github.event.issue.pull_request == null).

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/bot-autoassign-pr-issue-link.yml (1)

3-4: ⚠️ Potential issue | 🟡 Minor

reopened is still handled by two workflows, which can cause duplicate bot runs.

Please either document strict separation of responsibilities or remove one reopened trigger to avoid parallel execution on the same PR event.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/bot-autoassign-pr-issue-link.yml around lines 3 - 4, The
workflow's pull_request_target trigger includes "reopened" which duplicates
handling with another workflow and can cause duplicate bot runs; update the
pull_request_target types array in this workflow (the entry with
pull_request_target and types: [opened, reopened, closed]) to remove "reopened"
(or alternatively remove "reopened" from the other conflicting workflow) so that
only one workflow responds to reopened events, and document the separation in
the workflow comment if you choose to keep both but split responsibilities.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/bot-autoassign-stale-pr.yml:
- Line 15: Replace the floating ref in the reusable workflow invocation by
pinning the uses statement to an immutable commit SHA: locate the uses line that
references
openwisp/openwisp-utils/.github/workflows/reusable-bot-autoassign.yml@master and
change the `@master` suffix to a specific commit SHA (e.g., @<commit-sha>) from
the openwisp-utils repo; ensure the chosen SHA corresponds to the intended
workflow version and update the workflow commit message to note the pinned SHA.

---

Duplicate comments:
In @.github/workflows/bot-autoassign-pr-issue-link.yml:
- Around line 3-4: The workflow's pull_request_target trigger includes
"reopened" which duplicates handling with another workflow and can cause
duplicate bot runs; update the pull_request_target types array in this workflow
(the entry with pull_request_target and types: [opened, reopened, closed]) to
remove "reopened" (or alternatively remove "reopened" from the other conflicting
workflow) so that only one workflow responds to reopened events, and document
the separation in the workflow comment if you choose to keep both but split
responsibilities.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 31cceb7d-4cd7-4dc0-8a35-f6fe82fc49b7

📥 Commits

Reviewing files that changed from the base of the PR and between a37760b and 2090eba.

📒 Files selected for processing (4)

• .github/workflows/bot-autoassign-issue.yml
• .github/workflows/bot-autoassign-pr-issue-link.yml
• .github/workflows/bot-autoassign-pr-reopen.yml
• .github/workflows/bot-autoassign-stale-pr.yml

📜 Review details

🔇 Additional comments (2)

.github/workflows/bot-autoassign-issue.yml (1)

13-13: Good guard to avoid PR comments in the issue-assignment workflow.

The if condition correctly limits this job to non-PR issues and avoids cross-trigger noise.

.github/workflows/bot-autoassign-pr-reopen.yml (1)

16-25: Job-level conditions are well scoped.

The split conditions cleanly separate reopen handling from PR-author activity handling.

[Adityashandilya555]

▎ - bot-autoassign-pr-reopen.yml — the handle-pr-activity job runs on every comment the PR author posts on their own
PR. That's a full workflow run each time (app token generation, checkout, python install) even for unrelated comments
like "thanks for the review". Does the upstream pr_reopen script filter out comments that aren't relevant? If not,
this burns CI minutes for nothing and could cause unexpected behavior.
▎ - bot-autoassign-pr-issue-link.yml — the condition lets the job run when a PR is closed without merging. Is the
upstream bot actually handling that case (e.g., unassigning the linked issue)? If it's not doing anything useful
there, this is a wasted runner invocation.

▎ Rest of it looks fine — permissions are scoped correctly, concurrency groups make sense, and pull_request_target is
used safely since only openwisp-utils@master gets checked out.