You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You're an issue triage assistant for GitHub issues. Your task is to analyze the issue and select appropriate labels from the provided list.
7
+
8
+
IMPORTANT: Don't post any comments or messages to the issue. Your only action should be to apply labels.
9
+
10
+
Issue Information:
11
+
12
+
- REPO: ${{ github.repository }}
13
+
- ISSUE_NUMBER: ${{ github.event.issue.number }}
14
+
15
+
TASK OVERVIEW:
16
+
17
+
1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
18
+
19
+
2. Next, use gh commands to get context about the issue:
20
+
21
+
- Use `gh issue view ${{ github.event.issue.number }}` to retrieve the current issue's details
22
+
- Use `gh search issues` to find similar issues that might provide context for proper categorization
23
+
- You have access to these Bash commands:
24
+
- Bash(gh label list:\*) - to get available labels
25
+
- Bash(gh issue view:\*) - to view issue details
26
+
- Bash(gh issue edit:\*) - to apply labels to the issue
27
+
- Bash(gh search:\*) - to search for similar issues
28
+
29
+
3. Analyze the issue content, considering:
30
+
31
+
- The issue title and description
32
+
- The type of issue (bug report, feature request, question, etc.)
33
+
- Technical areas mentioned
34
+
- Severity or priority indicators
35
+
- User impact
36
+
- Components affected
37
+
38
+
4. Select appropriate labels from the available labels list provided above:
39
+
40
+
- Choose labels that accurately reflect the issue's nature
41
+
- Be specific but comprehensive
42
+
- IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list
43
+
- Consider platform labels (android, ios) if applicable
44
+
- If you find similar issues using gh search, consider using a "duplicate" label if appropriate. Only do so if the issue is a duplicate of another OPEN issue.
45
+
46
+
5. Apply the selected labels:
47
+
- Use `gh issue edit` to apply your selected labels
48
+
- DO NOT post any comments explaining your decision
49
+
- DO NOT communicate directly with users
50
+
- If no labels are clearly applicable, do not apply any labels
51
+
52
+
IMPORTANT GUIDELINES:
53
+
54
+
- Be thorough in your analysis
55
+
- Only select labels from the provided list above
56
+
- DO NOT post any comments to the issue
57
+
- Your ONLY action should be to apply labels using gh issue edit
58
+
- It's okay to not add any labels if none are clearly applicable
You're an issue triage assistant for GitHub issues. Your task is to analyze the issue and select appropriate labels from the provided list.
50
-
51
-
IMPORTANT: Don't post any comments or messages to the issue. Your only action should be to apply labels.
52
-
53
-
Issue Information:
54
-
- REPO: ${{ github.repository }}
55
-
- ISSUE_NUMBER: ${{ github.event.issue.number }}
56
-
57
-
TASK OVERVIEW:
58
-
59
-
1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
60
-
61
-
2. Next, use the GitHub tools to get context about the issue:
62
-
- You have access to these tools:
63
-
- mcp__github__get_issue: Use this to retrieve the current issue's details including title, description, and existing labels
64
-
- mcp__github__get_issue_comments: Use this to read any discussion or additional context provided in the comments
65
-
- mcp__github__update_issue: Use this to apply labels to the issue (do not use this for commenting)
66
-
- mcp__github__search_issues: Use this to find similar issues that might provide context for proper categorization and to identify potential duplicate issues
67
-
- mcp__github__list_issues: Use this to understand patterns in how other issues are labeled
68
-
- Start by using mcp__github__get_issue to get the issue details
69
-
70
-
3. Analyze the issue content, considering:
71
-
- The issue title and description
72
-
- The type of issue (bug report, feature request, question, etc.)
73
-
- Technical areas mentioned
74
-
- Severity or priority indicators
75
-
- User impact
76
-
- Components affected
77
-
78
-
4. Select appropriate labels from the available labels list provided above:
79
-
- Choose labels that accurately reflect the issue's nature
80
-
- Be specific but comprehensive
81
-
- IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list
82
-
- Consider platform labels (android, ios) if applicable
83
-
- If you find similar issues using mcp__github__search_issues, consider using a "duplicate" label if appropriate. Only do so if the issue is a duplicate of another OPEN issue.
84
-
85
-
5. Apply the selected labels:
86
-
- Use mcp__github__update_issue to apply your selected labels
87
-
- DO NOT post any comments explaining your decision
88
-
- DO NOT communicate directly with users
89
-
- If no labels are clearly applicable, do not apply any labels
90
-
91
-
IMPORTANT GUIDELINES:
92
-
- Be thorough in your analysis
93
-
- Only select labels from the provided list above
94
-
- DO NOT post any comments to the issue
95
-
- Your ONLY action should be to apply labels using mcp__github__update_issue
96
-
- It's okay to not add any labels if none are clearly applicable
Copy file name to clipboardExpand all lines: action.yml
+5Lines changed: 5 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -27,6 +27,10 @@ inputs:
27
27
description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
28
28
required: false
29
29
default: ""
30
+
allowed_non_write_users:
31
+
description: "Comma-separated list of usernames to allow without write permissions, or '*' to allow all users. Only works when github_token input is provided. WARNING: Use with extreme caution - this bypasses security checks and should only be used for workflows with very limited permissions (e.g., issue labeling)."
Copy file name to clipboardExpand all lines: docs/security.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,11 @@
4
4
5
5
-**Repository Access**: The action can only be triggered by users with write access to the repository
6
6
-**Bot User Control**: By default, GitHub Apps and bots cannot trigger this action for security reasons. Use the `allowed_bots` parameter to enable specific bots or all bots
7
+
-**⚠️ Non-Write User Access (RISKY)**: The `allowed_non_write_users` parameter allows bypassing the write permission requirement. **This is a significant security risk and should only be used for workflows with extremely limited permissions** (e.g., issue labeling workflows that only have `issues: write` permission). This feature:
8
+
- Only works when `github_token` is provided as input (not with GitHub App authentication)
9
+
- Accepts either a comma-separated list of specific usernames or `*` to allow all users
10
+
-**Should be used with extreme caution** as it bypasses the primary security mechanism of this action
11
+
- Is designed for automation workflows where user permissions are already restricted by the workflow's permission scope
7
12
-**Token Permissions**: The GitHub app receives only a short-lived token scoped specifically to the repository it's operating in
8
13
-**No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
9
14
-**Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
|`anthropic_api_key`| Anthropic API key (required for direct API, not needed for Bedrock/Vertex) | No\*| - |
53
-
|`claude_code_oauth_token`| Claude Code OAuth token (alternative to anthropic_api_key) | No\*| - |
54
-
|`prompt`| Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
55
-
|`track_progress`| Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No |`false`|
56
-
|`claude_args`| Additional arguments to pass directly to Claude CLI (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
57
-
|`base_branch`| The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
58
-
|`use_sticky_comment`| Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No |`false`|
59
-
|`github_token`| GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!**| No | - |
60
-
|`use_bedrock`| Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No |`false`|
61
-
|`use_vertex`| Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No |`false`|
62
-
|`mcp_config`| Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers | No | "" |
63
-
|`assignee_trigger`| The assignee username that triggers the action (e.g. @claude). Only used for issue assignment | No | - |
64
-
|`label_trigger`| The label name that triggers the action when applied to an issue (e.g. "claude") | No | - |
65
-
|`trigger_phrase`| The trigger phrase to look for in comments, issue/PR bodies, and issue titles | No |`@claude`|
66
-
|`branch_prefix`| The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No |`claude/`|
67
-
|`settings`| Claude Code settings as JSON string or path to settings JSON file | No | "" |
68
-
|`additional_permissions`| Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" |
69
-
|`experimental_allowed_domains`| Restrict network access to these domains only (newline-separated). | No | "" |
70
-
|`use_commit_signing`| Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No |`false`|
71
-
|`bot_id`| GitHub user ID to use for git operations (defaults to Claude's bot ID) | No |`41898282`|
72
-
|`bot_name`| GitHub username to use for git operations (defaults to Claude's bot name) | No |`claude[bot]`|
73
-
|`allowed_bots`| Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" |
|`anthropic_api_key`| Anthropic API key (required for direct API, not needed for Bedrock/Vertex) | No\*| - |
53
+
|`claude_code_oauth_token`| Claude Code OAuth token (alternative to anthropic_api_key) | No\*| - |
54
+
|`prompt`| Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
55
+
|`track_progress`| Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No |`false`|
56
+
|`claude_args`| Additional arguments to pass directly to Claude CLI (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
57
+
|`base_branch`| The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
58
+
|`use_sticky_comment`| Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No |`false`|
59
+
|`github_token`| GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!**| No | - |
60
+
|`use_bedrock`| Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No |`false`|
61
+
|`use_vertex`| Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No |`false`|
62
+
|`mcp_config`| Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers | No | "" |
63
+
|`assignee_trigger`| The assignee username that triggers the action (e.g. @claude). Only used for issue assignment | No | - |
64
+
|`label_trigger`| The label name that triggers the action when applied to an issue (e.g. "claude") | No | - |
65
+
|`trigger_phrase`| The trigger phrase to look for in comments, issue/PR bodies, and issue titles | No |`@claude`|
66
+
|`branch_prefix`| The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No |`claude/`|
67
+
|`settings`| Claude Code settings as JSON string or path to settings JSON file | No | "" |
68
+
|`additional_permissions`| Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" |
69
+
|`experimental_allowed_domains`| Restrict network access to these domains only (newline-separated). | No | "" |
70
+
|`use_commit_signing`| Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No |`false`|
71
+
|`bot_id`| GitHub user ID to use for git operations (defaults to Claude's bot ID) | No |`41898282`|
72
+
|`bot_name`| GitHub username to use for git operations (defaults to Claude's bot name) | No |`claude[bot]`|
73
+
|`allowed_bots`| Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" |
74
+
|`allowed_non_write_users`|**⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md)| No | "" |
0 commit comments