npm-cli-gh-issue-preparator 1.32.0 → 1.33.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/.github/CODEOWNERS +6 -2
  2. package/.github/copilot-instructions.md +6 -0
  3. package/.github/dependabot.yml +17 -0
  4. package/.github/instructions/code-review.instructions.md +7 -0
  5. package/.github/workflows/api-created_issue_pr.yml +16 -1
  6. package/.github/workflows/close-manual-prs.yml +46 -0
  7. package/.github/workflows/commit-lint.yml +16 -3
  8. package/.github/workflows/configs/commitlint.config.js +5 -0
  9. package/.github/workflows/create-pr.yml +30 -21
  10. package/.github/workflows/secret-scan.yml +51 -0
  11. package/.github/workflows/umino-project.yml +111 -31
  12. package/.gitleaks.toml +9 -0
  13. package/.prettierignore +1 -0
  14. package/CHANGELOG.md +15 -0
  15. package/bin/adapter/entry-points/cli/index.js +10 -0
  16. package/bin/adapter/entry-points/cli/index.js.map +1 -1
  17. package/bin/adapter/repositories/TowerDefenceIssueRepository.js +0 -5
  18. package/bin/adapter/repositories/TowerDefenceIssueRepository.js.map +1 -1
  19. package/bin/domain/usecases/StaleTmuxSessionKillUseCase.js +80 -0
  20. package/bin/domain/usecases/StaleTmuxSessionKillUseCase.js.map +1 -0
  21. package/bin/domain/usecases/StartPreparationUseCase.js +0 -3
  22. package/bin/domain/usecases/StartPreparationUseCase.js.map +1 -1
  23. package/package.json +2 -2
  24. package/renovate.json +5 -0
  25. package/src/adapter/entry-points/cli/index.test.ts +58 -0
  26. package/src/adapter/entry-points/cli/index.ts +21 -0
  27. package/src/adapter/repositories/TowerDefenceIssueRepository.test.ts +1 -0
  28. package/src/adapter/repositories/TowerDefenceIssueRepository.ts +0 -7
  29. package/src/domain/usecases/StaleTmuxSessionKillUseCase.test.ts +262 -0
  30. package/src/domain/usecases/StaleTmuxSessionKillUseCase.ts +123 -0
  31. package/src/domain/usecases/StartPreparationUseCase.test.ts +1 -0
  32. package/src/domain/usecases/StartPreparationUseCase.ts +0 -4
  33. package/types/adapter/entry-points/cli/index.d.ts.map +1 -1
  34. package/types/adapter/repositories/TowerDefenceIssueRepository.d.ts.map +1 -1
  35. package/types/domain/usecases/StaleTmuxSessionKillUseCase.d.ts +25 -0
  36. package/types/domain/usecases/StaleTmuxSessionKillUseCase.d.ts.map +1 -0
  37. package/types/domain/usecases/StartPreparationUseCase.d.ts.map +1 -1
@@ -1,2 +1,6 @@
1
- * @HiromiShikata
2
- * @renovate
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
6
+ * @HiromiShikata @renovate
@@ -0,0 +1,6 @@
1
+ <!--
2
+ DO NOT EDIT DIRECTLY.
3
+ This file is auto-synchronized from HiromiShikata/repositories-management.
4
+ Direct edits in downstream repositories will be overwritten by the next sync.
5
+ Update the source file in HiromiShikata/repositories-management instead.
6
+ -->
@@ -0,0 +1,17 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
6
+ version: 2
7
+ updates:
8
+ - package-ecosystem: npm
9
+ directory: /
10
+ schedule:
11
+ interval: weekly
12
+ day: saturday
13
+ - package-ecosystem: github-actions
14
+ directory: /
15
+ schedule:
16
+ interval: weekly
17
+ day: saturday
@@ -2,6 +2,13 @@
2
2
  applyTo: '**'
3
3
  ---
4
4
 
5
+ <!--
6
+ DO NOT EDIT DIRECTLY.
7
+ This file is auto-synchronized from HiromiShikata/repositories-management.
8
+ Direct edits in downstream repositories will be overwritten by the next sync.
9
+ Update the source file in HiromiShikata/repositories-management instead.
10
+ -->
11
+
5
12
  # Code Review Instructions
6
13
 
7
14
  ## Scope Integrity
@@ -1,3 +1,8 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
1
6
  name: Add to Project
2
7
 
3
8
  on:
@@ -15,9 +20,19 @@ jobs:
15
20
  add-to-project:
16
21
  runs-on: ubuntu-latest
17
22
  steps:
23
+ - uses: step-security/harden-runner@v2
24
+ with:
25
+ egress-policy: audit
26
+ - name: Generate hs-bot-gh-ap installation token
27
+ id: app-token
28
+ uses: actions/create-github-app-token@v3
29
+ with:
30
+ client-id: ${{ secrets.HS_BOT_GH_AP_CLIENT_ID }}
31
+ private-key: ${{ secrets.HS_BOT_GH_AP_PRIVATE_KEY }}
32
+ owner: HiromiShikata
18
33
  - name: Add to Project
19
34
  env:
20
- GH_TOKEN: ${{ secrets.GH_TOKEN }}
35
+ GH_TOKEN: ${{ steps.app-token.outputs.token }}
21
36
  run: |
22
37
  ISSUE_OR_PR_URL="${{ github.event.inputs.issue_or_pr_url }}"
23
38
  ISSUE_OR_PR_URL="${ISSUE_OR_PR_URL%%\?*}"
@@ -0,0 +1,46 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
6
+ name: Close Manual PRs
7
+
8
+ on:
9
+ pull_request:
10
+ types:
11
+ - opened
12
+ - reopened
13
+
14
+ jobs:
15
+ close-manual-pr:
16
+ runs-on: ubuntu-latest
17
+ steps:
18
+ - uses: step-security/harden-runner@v2
19
+ with:
20
+ egress-policy: audit
21
+ - name: Generate hs-bot-gh-ap installation token
22
+ id: app-token
23
+ uses: actions/create-github-app-token@v3
24
+ with:
25
+ client-id: ${{ secrets.HS_BOT_GH_AP_CLIENT_ID }}
26
+ private-key: ${{ secrets.HS_BOT_GH_AP_PRIVATE_KEY }}
27
+ - name: Close manually created pull request
28
+ env:
29
+ GH_TOKEN: ${{ steps.app-token.outputs.token }}
30
+ PR_ACTOR_TYPE: ${{ github.event.pull_request.user.type }}
31
+ PR_ACTOR_LOGIN: ${{ github.event.pull_request.user.login }}
32
+ PR_NUMBER: ${{ github.event.pull_request.number }}
33
+ run: |
34
+ if [ "$PR_ACTOR_TYPE" = "Bot" ]; then
35
+ echo "PR created by bot ($PR_ACTOR_LOGIN), skipping."
36
+ exit 0
37
+ fi
38
+ case "$PR_ACTOR_LOGIN" in
39
+ "hs-bot-gh-app[bot]"|"dependabot[bot]"|"renovate[bot]"|"github-actions[bot]")
40
+ echo "PR created by allowed bot ($PR_ACTOR_LOGIN), skipping."
41
+ exit 0
42
+ ;;
43
+ esac
44
+ echo "PR created by human user ($PR_ACTOR_LOGIN), closing."
45
+ gh pr comment "$PR_NUMBER" --body "Thank you for your contribution. In this repository, pull requests must be created through the automated process by pushing a feature branch. Manually created pull requests are not accepted. Please push your branch and let the CI workflow create the pull request automatically."
46
+ gh pr close "$PR_NUMBER"
@@ -1,3 +1,8 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
1
6
  name: Lint Commit Messages
2
7
  on:
3
8
  pull_request:
@@ -19,8 +24,11 @@ jobs:
19
24
  pull-requests: write
20
25
  contents: read
21
26
  steps:
27
+ - uses: step-security/harden-runner@v2
28
+ with:
29
+ egress-policy: audit
22
30
  - name: Checkout code
23
- uses: actions/checkout@v6
31
+ uses: actions/checkout@v7
24
32
  with:
25
33
  fetch-depth: 0
26
34
 
@@ -46,7 +54,12 @@ jobs:
46
54
  loose-matching: true
47
55
  - name: Install commitlint
48
56
  run: |
49
- npm install --save-dev @commitlint/{config-conventional,cli}
57
+ mkdir -p /tmp/commitlint-run
58
+ cd /tmp/commitlint-run
59
+ npm init -y
60
+ npm install --no-audit --no-fund --save-dev @commitlint/cli @commitlint/config-conventional
50
61
  - name: Lint commits
62
+ env:
63
+ NODE_PATH: /tmp/commitlint-run/node_modules
51
64
  run: |
52
- npx commitlint --from=origin/main --to=HEAD --config ./.github/workflows/configs/commitlint.config.js
65
+ /tmp/commitlint-run/node_modules/.bin/commitlint --from=origin/main --to=HEAD --config $GITHUB_WORKSPACE/.github/workflows/configs/commitlint.config.js
@@ -1,3 +1,8 @@
1
+ // DO NOT EDIT DIRECTLY.
2
+ // This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ // Direct edits in downstream repositories will be overwritten by the next sync.
4
+ // Update the source file in HiromiShikata/repositories-management instead.
5
+
1
6
  module.exports = {
2
7
  extends: ['@commitlint/config-conventional'],
3
8
  rules: {
@@ -1,3 +1,8 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
1
6
  name: Create PR
2
7
 
3
8
  on:
@@ -10,8 +15,18 @@ jobs:
10
15
  runs-on: ubuntu-latest
11
16
  if: github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]'
12
17
  steps:
18
+ - uses: step-security/harden-runner@v2
19
+ with:
20
+ egress-policy: audit
21
+ - name: Generate hs-bot-gh-ap installation token
22
+ id: app-token
23
+ uses: actions/create-github-app-token@v3
24
+ with:
25
+ client-id: ${{ secrets.HS_BOT_GH_AP_CLIENT_ID }}
26
+ private-key: ${{ secrets.HS_BOT_GH_AP_PRIVATE_KEY }}
27
+
13
28
  - name: Checkout repository
14
- uses: actions/checkout@v6
29
+ uses: actions/checkout@v7
15
30
 
16
31
  - name: Set branch name as output
17
32
  id: branch_name
@@ -23,14 +38,14 @@ jobs:
23
38
  EXISTING_PR=$(gh pr list --head "${{ steps.branch_name.outputs.branch }}" --base main --json number --jq '.[0].number // empty')
24
39
  echo "existing_pr=$EXISTING_PR" >> "$GITHUB_OUTPUT"
25
40
  env:
26
- GH_TOKEN: ${{ secrets.GH_TOKEN }}
41
+ GH_TOKEN: ${{ steps.app-token.outputs.token }}
27
42
 
28
43
  - name: Create Pull Request
29
44
  id: create_pr
30
45
  if: steps.check_pr.outputs.existing_pr == ''
31
- uses: repo-sync/pull-request@v2
46
+ uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5
32
47
  with:
33
- github_token: ${{ secrets.GH_TOKEN }}
48
+ github_token: ${{ steps.app-token.outputs.token }}
34
49
  destination_branch: 'main'
35
50
  source_branch: ''
36
51
  pr_title: '${{ steps.branch_name.outputs.branch }}'
@@ -48,40 +63,34 @@ jobs:
48
63
  fi
49
64
  echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT"
50
65
  env:
51
- GH_TOKEN: ${{ secrets.GH_TOKEN }}
52
-
53
- - name: Assign PR to author
54
- if: steps.resolve_pr.outputs.pr_number
55
- run: |
56
- curl -s -X POST \
57
- -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
58
- -H "Accept: application/vnd.github.v3+json" \
59
- -d '{"assignees":["${{ github.actor }}"]}' \
60
- "https://api.github.com/repos/${{ github.repository }}/issues/${{ steps.resolve_pr.outputs.pr_number }}/assignees"
66
+ GH_TOKEN: ${{ steps.app-token.outputs.token }}
61
67
 
62
68
  - name: Get PR Node ID
63
69
  if: steps.resolve_pr.outputs.pr_number
64
70
  id: get_pr_id
65
71
  run: |
66
- PR_DATA=$(curl -s -H "Authorization: token ${{ secrets.GH_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/${{ github.repository }}/pulls/${{ steps.resolve_pr.outputs.pr_number }}")
72
+ PR_DATA=$(curl -s -H "Authorization: token ${{ steps.app-token.outputs.token }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/${{ github.repository }}/pulls/${{ steps.resolve_pr.outputs.pr_number }}")
67
73
  PR_ID=$(echo "$PR_DATA" | jq -r '.node_id')
68
74
  echo "node_id=$PR_ID" >> "$GITHUB_OUTPUT"
69
75
 
70
76
  - name: Enable Auto Merge for PR
71
77
  if: steps.resolve_pr.outputs.pr_number
78
+ continue-on-error: true
72
79
  run: |
73
80
  RESPONSE=$(curl -s -X POST \
74
- -H "Authorization: bearer ${{ secrets.GH_TOKEN }}" \
81
+ -H "Authorization: bearer ${{ steps.app-token.outputs.token }}" \
75
82
  -H "Content-Type: application/json" \
76
- -d '{
77
- "query": "mutation($id: ID!) { enablePullRequestAutoMerge(input: { pullRequestId: $id }) { clientMutationId } }",
78
- "variables": {
79
- "id": "'"${{ steps.get_pr_id.outputs.node_id }}"'"
83
+ -d "{
84
+ \"query\": \"mutation(\$id: ID!) { enablePullRequestAutoMerge(input: { pullRequestId: \$id, mergeMethod: SQUASH }) { clientMutationId } }\",
85
+ \"variables\": {
86
+ \"id\": \"${{ steps.get_pr_id.outputs.node_id }}\"
80
87
  }
81
- }' \
88
+ }" \
82
89
  "https://api.github.com/graphql")
83
90
  echo "$RESPONSE"
84
91
  if echo "$RESPONSE" | jq -e '.errors' >/dev/null; then
85
92
  echo "Failed to enable auto merge"
86
93
  exit 1
87
94
  fi
95
+ env:
96
+ GH_TOKEN: ${{ steps.app-token.outputs.token }}
@@ -0,0 +1,51 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
6
+ name: Secret Scan
7
+
8
+ on:
9
+ pull_request:
10
+ types:
11
+ - opened
12
+ - edited
13
+ - reopened
14
+ - synchronize
15
+
16
+ concurrency:
17
+ group: secret-scan-${{ github.ref }}
18
+ cancel-in-progress: true
19
+
20
+ jobs:
21
+ secret-scan:
22
+ runs-on: ubuntu-latest
23
+ permissions:
24
+ contents: read
25
+ pull-requests: read
26
+ steps:
27
+ - uses: step-security/harden-runner@v2
28
+ with:
29
+ egress-policy: audit
30
+ - name: Checkout code
31
+ uses: actions/checkout@v7
32
+ with:
33
+ fetch-depth: 0
34
+
35
+ - name: Download and verify gitleaks binary
36
+ run: |
37
+ GITLEAKS_VERSION="8.30.1"
38
+ GITLEAKS_ARCHIVE="gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz"
39
+ curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/${GITLEAKS_ARCHIVE}" -o "${GITLEAKS_ARCHIVE}"
40
+ echo "551f6fc83ea457d62a0d98237cbad105af8d557003051f41f3e7ca7b3f2470eb ${GITLEAKS_ARCHIVE}" | sha256sum --check
41
+ tar -xzf "${GITLEAKS_ARCHIVE}" gitleaks
42
+ chmod +x gitleaks
43
+ ./gitleaks version
44
+
45
+ - name: Run gitleaks on PR commits
46
+ run: |
47
+ ./gitleaks detect \
48
+ --log-opts="${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}" \
49
+ --config=.gitleaks.toml \
50
+ --verbose \
51
+ --redact
@@ -1,4 +1,13 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
1
6
  name: UMINO Project
7
+
8
+ permissions:
9
+ contents: read
10
+
2
11
  on:
3
12
  issues:
4
13
  types:
@@ -32,7 +41,6 @@ on:
32
41
  env:
33
42
  unread: Unread
34
43
  in_progress: In Progress
35
- gh_project_token: ${{ secrets.GH_TOKEN }}
36
44
  user: HiromiShikata
37
45
  project_id: 48
38
46
  project_v2_id: PVT_kwHOAGJHa84AFWnr
@@ -41,21 +49,72 @@ env:
41
49
 
42
50
  jobs:
43
51
  umino-job:
44
- if: (github.event_name != 'issue_comment' || github.event.comment.user.login != 'umino-bot') && github.event.action != 'labeled'
52
+ if: >-
53
+ github.actor != 'dependabot[bot]' &&
54
+ ((github.event_name != 'issue_comment') ||
55
+ (github.event.comment.user.login == 'HiromiShikata' &&
56
+ (contains(github.event.comment.body, '/createissue') ||
57
+ contains(github.event.comment.body, '/close') ||
58
+ contains(github.event.comment.body, '/done') ||
59
+ contains(github.event.comment.body, '/movenextactiondateto') ||
60
+ contains(github.event.comment.body, '/changeassignee ')))) &&
61
+ github.event.action != 'labeled'
45
62
  runs-on: ubuntu-latest
46
63
  steps:
47
- - name: Move issue to ${{ env.unread }}
48
- uses: leonsteinhaeuser/project-beta-automations@v2.2.1
64
+ - uses: step-security/harden-runner@v2
65
+ with:
66
+ egress-policy: audit
67
+ - name: Generate hs-bot-gh-ap installation token
68
+ id: app-token
69
+ uses: actions/create-github-app-token@v3
49
70
  with:
50
- gh_token: ${{ env.gh_project_token }}
51
- user: ${{ env.user }}
52
- project_id: ${{ env.project_id }}
53
- resource_node_id: ${{ github.event.pull_request.node_id || github.event.issue.node_id }}
54
- status_value: ${{ env.unread }}
71
+ client-id: ${{ secrets.HS_BOT_GH_AP_CLIENT_ID }}
72
+ private-key: ${{ secrets.HS_BOT_GH_AP_PRIVATE_KEY }}
73
+ owner: HiromiShikata
74
+ - name: Move issue to ${{ env.unread }}
75
+ run: |
76
+ RESOURCE_NODE_ID="${{ github.event.pull_request.node_id || github.event.issue.node_id }}"
77
+ PROJECT_V2_ID="${{ env.project_v2_id }}"
78
+
79
+ echo "RESOURCE_NODE_ID=$RESOURCE_NODE_ID"
80
+ echo "PROJECT_V2_ID=$PROJECT_V2_ID"
81
+
82
+ ADD_RESPONSE=$(gh api graphql \
83
+ -f query='mutation($projectId:ID!,$contentId:ID!){addProjectV2ItemById(input:{projectId:$projectId,contentId:$contentId}){item{id}}}' \
84
+ -f projectId="$PROJECT_V2_ID" \
85
+ -f contentId="$RESOURCE_NODE_ID" 2>&1 || true)
86
+
87
+ echo "addProjectV2ItemById response: $ADD_RESPONSE"
88
+
89
+ ITEM_ID=$(echo "$ADD_RESPONSE" | jq -r '.data.addProjectV2ItemById.item.id // empty' 2>/dev/null || echo "")
90
+
91
+ if [ -z "$ITEM_ID" ]; then
92
+ FALLBACK_RESPONSE=$(gh api graphql \
93
+ -f query='query($nodeId:ID!){node(id:$nodeId){...on PullRequest{projectItems(first:10){nodes{id project{id}}}}...on Issue{projectItems(first:10){nodes{id project{id}}}}}}' \
94
+ -f nodeId="$RESOURCE_NODE_ID" 2>&1 || true)
95
+ echo "projectItems fallback response: $FALLBACK_RESPONSE"
96
+ ITEM_ID=$(echo "$FALLBACK_RESPONSE" | jq -r ".data.node.projectItems.nodes[]? | select(.project.id == \"$PROJECT_V2_ID\") | .id" 2>/dev/null || echo "")
97
+ fi
98
+
99
+ if [ -z "$ITEM_ID" ]; then
100
+ echo "Failed to resolve project item ID for $RESOURCE_NODE_ID in project $PROJECT_V2_ID"
101
+ exit 1
102
+ fi
103
+
104
+ echo "Resolved ITEM_ID=$ITEM_ID"
105
+
106
+ gh api graphql \
107
+ -f query='mutation($projectId:ID!,$itemId:ID!,$fieldId:ID!,$optionId:String!){updateProjectV2ItemFieldValue(input:{projectId:$projectId,itemId:$itemId,fieldId:$fieldId,value:{singleSelectOptionId:$optionId}}){projectV2Item{id}}}' \
108
+ -f projectId="$PROJECT_V2_ID" \
109
+ -f itemId="$ITEM_ID" \
110
+ -f fieldId="PVTSSF_lAHOAGJHa84AFWnrzgDFcxE" \
111
+ -f optionId="f75ad846"
112
+ env:
113
+ GH_TOKEN: ${{ secrets.GH_TOKEN }}
55
114
  if: >-
56
- (github.event_name == 'issues' && github.event.issue.state == 'open') ||
57
- (github.event_name == 'pull_request' && github.event.pull_request.state == 'open') &&
58
- (github.event.action == 'opened' || github.event.action == 'reopened' ||
115
+ ((github.event_name == 'issues' && github.event.issue.state == 'open') ||
116
+ (github.event_name == 'pull_request' && github.event.pull_request.state == 'open')) &&
117
+ (github.event.action == 'opened' || github.event.action == 'reopened' ||
59
118
  github.event.action == 'assigned' || github.event.action == 'unassigned')
60
119
  - run: |
61
120
  OWNER=$(echo ${{ github.repository }} | cut -d '/' -f 1)
@@ -64,7 +123,7 @@ jobs:
64
123
  NUMBER=$(echo ${{ github.event_name }} | grep -q "pull_request" && echo ${{ github.event.pull_request.number }} || echo ${{ github.event.issue.number }})
65
124
 
66
125
  QUERY_DATA='{ "query": "query { repository(owner: \"'$OWNER'\", name: \"'$REPO'\") { '${ENTITY_TYPE}'(number: '$NUMBER') { projectItems(first: 10) { nodes { id } } } } }" }'
67
- RESPONSE=$(curl -X POST -H "Authorization: bearer ${{ secrets.GH_TOKEN }}" -H "Content-Type: application/json" --data "$QUERY_DATA" https://api.github.com/graphql)
126
+ RESPONSE=$(curl -X POST -H "Authorization: Bearer $GH_PROJECT_TOKEN" -H "Content-Type: application/json" --data "$QUERY_DATA" https://api.github.com/graphql)
68
127
 
69
128
  if echo $RESPONSE | grep -q "errors"; then
70
129
  echo "Error in GraphQL query"
@@ -86,7 +145,7 @@ jobs:
86
145
  CLEAR_FIELD_DATA="{\"query\":\"mutation { clearProjectV2ItemFieldValue(input: {projectId: \\\"${{ env.project_v2_id }}\\\", fieldId: \\\"${{ env.field_id }}\\\", itemId: \\\"$ITEM_ID\\\"}) { clientMutationId }}\"}"
87
146
  CLEAR_RESPONSE=$(curl --request POST \
88
147
  --url https://api.github.com/graphql \
89
- --header "Authorization: Bearer ${{ env.gh_project_token }}" \
148
+ --header "Authorization: Bearer $GH_PROJECT_TOKEN" \
90
149
  --header "Content-Type: application/json" \
91
150
  --data "$CLEAR_FIELD_DATA")
92
151
 
@@ -95,6 +154,8 @@ jobs:
95
154
  echo "Clear Field Response: $CLEAR_RESPONSE"
96
155
  exit 1
97
156
  fi
157
+ env:
158
+ GH_PROJECT_TOKEN: ${{ secrets.GH_TOKEN }}
98
159
  if: >-
99
160
  ((github.event_name == 'issues' && github.event.issue.state == 'open') ||
100
161
  (github.event_name == 'pull_request' && github.event.pull_request.state == 'open')) &&
@@ -102,10 +163,10 @@ jobs:
102
163
  github.event.action == 'assigned' || github.event.action == 'unassigned')
103
164
 
104
165
  - name: Create Issue
105
- if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && contains(github.event.comment.body, '/createissue') }}
166
+ if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && github.event.comment.user.login == 'HiromiShikata' && contains(github.event.comment.body, '/createissue') }}
106
167
  uses: actions/github-script@v9
107
168
  with:
108
- github-token: ${{secrets.GH_TOKEN}}
169
+ github-token: ${{ steps.app-token.outputs.token }}
109
170
  script: |
110
171
  const commentBody = context.payload.comment.body;
111
172
  const commandMatch = /(^|\n)\s*\/createissue\b/m.exec(commentBody);
@@ -127,10 +188,10 @@ jobs:
127
188
  assignees: ['HiromiShikata']
128
189
  });
129
190
  - name: Close Issue
130
- if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && (contains(github.event.comment.body, '/close') || contains(github.event.comment.body, '/done')) }}
191
+ if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && github.event.comment.user.login == 'HiromiShikata' && (contains(github.event.comment.body, '/close') || contains(github.event.comment.body, '/done')) }}
131
192
  uses: actions/github-script@v9
132
193
  with:
133
- github-token: ${{secrets.GH_TOKEN}}
194
+ github-token: ${{ steps.app-token.outputs.token }}
134
195
  script: |
135
196
  const body = context.payload.comment.body;
136
197
  if (!/(^|\n)\s*\/(close|done)\b/m.test(body)) return;
@@ -141,13 +202,13 @@ jobs:
141
202
  state: 'closed'
142
203
  });
143
204
  - name: Update Date Field
144
- if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && contains(github.event.comment.body, '/movenextactiondateto') }}
205
+ if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && github.event.comment.user.login == 'HiromiShikata' && contains(github.event.comment.body, '/movenextactiondateto') }}
145
206
  uses: actions/github-script@v9
146
207
  env:
147
208
  PROJECT_V2_ID: ${{ env.project_v2_id }}
148
209
  FIELD_ID: ${{ env.field_id }}
149
210
  with:
150
- github-token: ${{ secrets.GH_TOKEN }}
211
+ github-token: ${{ steps.app-token.outputs.token }}
151
212
  script: |
152
213
  const commentBody = context.payload.comment.body;
153
214
  const commandMatch = /(^|\n)\s*\/movenextactiondateto\b/m.exec(commentBody);
@@ -179,10 +240,10 @@ jobs:
179
240
  { projectId, fieldId, itemId, date: dateString }
180
241
  );
181
242
  - name: Change Assignee
182
- if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && contains(github.event.comment.body, '/changeassignee ') }}
243
+ if: ${{ github.event_name == 'issue_comment' && github.event.action == 'created' && github.event.comment.user.login == 'HiromiShikata' && contains(github.event.comment.body, '/changeassignee ') }}
183
244
  uses: actions/github-script@v9
184
245
  with:
185
- github-token: ${{secrets.GH_TOKEN}}
246
+ github-token: ${{ steps.app-token.outputs.token }}
186
247
  script: |
187
248
  const commentBody = context.payload.comment.body;
188
249
  const commandMatch = /(^|\n)\s*\/changeassignee\s+(\S+)/m.exec(commentBody);
@@ -194,28 +255,47 @@ jobs:
194
255
  issue_number: context.issue.number,
195
256
  assignees: [assigneeName]
196
257
  });
197
- - name: Auto assign issue for non-team repositories
258
+ - name: Auto assign issue to owner
198
259
  if: >-
199
- github.event_name == 'issues' &&
200
- github.event.action == 'opened' &&
201
- !contains(env.team_repo, github.event.repository.name)
202
- uses: pozil/auto-assign-issue@v3.0.0
260
+ github.event_name == 'issues' &&
261
+ github.event.action == 'opened'
262
+ uses: pozil/auto-assign-issue@af6beea6bdf1e8eb373f061c5bc168681fc6d011
203
263
  with:
204
264
  assignees: HiromiShikata
205
- repo-token: ${{ secrets.GH_TOKEN }}
265
+ repo-token: ${{ steps.app-token.outputs.token }}
266
+ - name: Auto assign PR to owner
267
+ if: >-
268
+ github.event_name == 'pull_request' &&
269
+ github.event.action == 'opened'
270
+ uses: pozil/auto-assign-issue@af6beea6bdf1e8eb373f061c5bc168681fc6d011
271
+ with:
272
+ assignees: HiromiShikata
273
+ repo-token: ${{ steps.app-token.outputs.token }}
206
274
 
207
275
  check_pull_requests_to_link_issues:
208
276
  runs-on: ubuntu-latest
209
277
  name: Check linked issues in pull requests
210
278
  if: >-
211
- (github.event_name == 'pull_request')
279
+ (github.event_name == 'pull_request') &&
280
+ github.actor != 'dependabot[bot]'
212
281
  steps:
213
- - uses: nearform-actions/github-action-check-linked-issues@v1
282
+ - uses: step-security/harden-runner@v2
283
+ with:
284
+ egress-policy: audit
285
+ - name: Generate hs-bot-gh-ap installation token
286
+ id: app-token
287
+ uses: actions/create-github-app-token@v3
288
+ with:
289
+ client-id: ${{ secrets.HS_BOT_GH_AP_CLIENT_ID }}
290
+ private-key: ${{ secrets.HS_BOT_GH_AP_PRIVATE_KEY }}
291
+ owner: HiromiShikata
292
+ - uses: nearform-actions/github-action-check-linked-issues@7140e2e01aa0c18b8ac61bddf5e89abde1ca760e
214
293
  id: check-linked-issues
215
294
  if: github.event.pull_request.user.login != 'dependabot[bot]'
216
295
  with:
217
296
  exclude-branches: 'release/**, dependabot/**, project-common/**, renovate/**'
218
- github-token: ${{ secrets.GH_TOKEN }}
297
+ github-token: ${{ steps.app-token.outputs.token }}
219
298
  loose-matching: true
299
+ skip-linked-issues-check-label: ''
220
300
  - name: Get the output
221
301
  run: echo "How many linked issues? ${{ steps.check-linked-issues.outputs.linked_issues_count }}"
package/.gitleaks.toml ADDED
@@ -0,0 +1,9 @@
1
+ # DO NOT EDIT DIRECTLY.
2
+ # This file is auto-synchronized from HiromiShikata/repositories-management.
3
+ # Direct edits in downstream repositories will be overwritten by the next sync.
4
+ # Update the source file in HiromiShikata/repositories-management instead.
5
+
6
+ title = "gitleaks config"
7
+
8
+ [extend]
9
+ useDefault = true
package/.prettierignore CHANGED
@@ -1,3 +1,4 @@
1
+ *.toml
1
2
  *.xml
2
3
  .gitignore
3
4
  .prettierignore
package/CHANGELOG.md CHANGED
@@ -1,3 +1,18 @@
1
+ # [1.33.0](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/compare/v1.32.1...v1.33.0) (2026-06-26)
2
+
3
+
4
+ ### Features
5
+
6
+ * **core:** add stale tmux session cleanup to daemon cycle ([#331](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/issues/331)) ([abc015b](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/commit/abc015bf790e93f31aeed0ec287d3ed75f6154b8))
7
+
8
+ ## [1.32.1](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/compare/v1.32.0...v1.32.1) (2026-05-09)
9
+
10
+
11
+ ### Bug Fixes
12
+
13
+ * **core:** add required author field to Issue test fixtures for v1.42.1 compatibility ([c5adc02](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/commit/c5adc02c5326e111ffc6b85ec6a3cb4bc1eb360a))
14
+ * **core:** remove dead author type-guard code now that Issue.author is required in v1.42.1 ([d5dd0f0](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/commit/d5dd0f0706db840d0b9908f95e298b6f25ee7ce3))
15
+
1
16
  # [1.32.0](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/compare/v1.31.1...v1.32.0) (2026-05-06)
2
17
 
3
18
 
@@ -44,6 +44,7 @@ const fs = __importStar(require("fs"));
44
44
  const yaml = __importStar(require("js-yaml"));
45
45
  const commander_1 = require("commander");
46
46
  const StartPreparationUseCase_1 = require("../../../domain/usecases/StartPreparationUseCase");
47
+ const StaleTmuxSessionKillUseCase_1 = require("../../../domain/usecases/StaleTmuxSessionKillUseCase");
47
48
  const NotifyFinishedIssuePreparationUseCase_1 = require("../../../domain/usecases/NotifyFinishedIssuePreparationUseCase");
48
49
  const TowerDefenceIssueRepository_1 = require("../../repositories/TowerDefenceIssueRepository");
49
50
  const GraphqlIssueRepository_1 = require("../../repositories/GraphqlIssueRepository");
@@ -313,6 +314,15 @@ program
313
314
  utilizationPercentageThreshold,
314
315
  allowedIssueAuthors,
315
316
  });
317
+ const staleTmuxSessionKillUseCase = new StaleTmuxSessionKillUseCase_1.StaleTmuxSessionKillUseCase(projectRepository, {
318
+ getAllOpened: towerDefenceIssueRepository.getAllOpened.bind(towerDefenceIssueRepository),
319
+ }, localCommandRunner);
320
+ await staleTmuxSessionKillUseCase.run({
321
+ projectUrl,
322
+ excludedStatus: StaleTmuxSessionKillUseCase_1.DEFAULT_EXCLUDED_STATUS,
323
+ idleThresholdSeconds: StaleTmuxSessionKillUseCase_1.DEFAULT_IDLE_THRESHOLD_SECONDS,
324
+ now: new Date(),
325
+ });
316
326
  });
317
327
  program
318
328
  .command('notifyFinishedIssuePreparation')