ci: Add workflow to close unvetted non-maintainer PRs#5895
Merged
stephanie-anderson merged 5 commits intomasterfrom Mar 27, 2026
Merged
ci: Add workflow to close unvetted non-maintainer PRs#5895stephanie-anderson merged 5 commits intomasterfrom
stephanie-anderson merged 5 commits intomasterfrom
Conversation
Automatically closes PRs from non-maintainers that don't meet contribution requirements: must reference a getsentry issue with prior discussion between the PR author and a maintainer, and the issue must not be assigned to someone else. Adds the 'violating-contribution-guidelines' label and posts a reason-specific comment explaining next steps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
Semver Impact of This PR🟢 Patch (bug fixes) 📋 Changelog PreviewThis is how your changes will appear in the changelog. New Features ✨Langchain
Bug Fixes 🐛Ci
Openai
Other
Internal Changes 🔧Langchain
Openai
Other
Other
🤖 This preview updates automatically when you update the PR. |
Contributor
Codecov Results 📊✅ 1728 passed | ⏭️ 221 skipped | Total: 1949 | Pass Rate: 88.66% | Execution Time: 2m 31s All tests are passing successfully. ✅ Patch coverage is 100.00%. Project has 12049 uncovered lines. Generated by Codecov Action |
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
Everyone at Sentry has write access to this repo, so write-level permission is too broad for the maintainer bypass. Only users with admin or maintain roles should skip the contribution validation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cache isMaintainer API results to avoid redundant permission checks when the same users appear across multiple referenced issues. Add null guards for issue.user and comment.user, which GitHub's API returns as null for deleted or suspended accounts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
alexander-alderman-webb
approved these changes
Mar 27, 2026
ericapisani
approved these changes
Mar 27, 2026
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
sentrivana
approved these changes
Mar 27, 2026
The GitHub API's permission field uses legacy values where the maintain role is mapped to write, making it impossible to distinguish maintainers from regular write-access users. The role_name field provides the actual assigned role. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a PR references a cross-repo issue, the discussion participants should be checked for maintainer status on the PR's target repo, not the issue's repo. A sentry-python maintainer commenting on a getsentry/sentry issue should still count as vetting the work. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
stephanie-anderson
added a commit
that referenced
this pull request
Mar 27, 2026
…5896) Restructures CONTRIBUTING.md to reflect the new automated PR validation gates and improve navigability. - Merges the previously separate "Submitting Changes" and "Pull Requests" sections into a single "Submitting Changes" section with clear subsections: "Before You Start", "Making Your Contribution", "Pull Request Requirements", "AI Use", and "Automated Checks" - Adds an "Automated Checks" subsection documenting the three gates enforced by the new `close-unvetted-pr.yml` workflow (issue reference, prior discussion, assignee check) - Adds a table of contents for easier navigation Companion to #5895. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a GitHub Action that automatically closes PRs from non-maintainers (users without write+ repo access) that don't meet contribution requirements.
The workflow runs on
pull_request_target: [opened]and checks three conditions, closing the PR with a specific message for each:getsentryissue (#123,getsentry/repo#123, or full GitHub URL)If a PR references multiple issues, it stays open as long as ANY referenced issue passes all checks. Uses the SDK Maintainer Bot app token for API calls, consistent with the existing draft enforcement workflow.
All closures add the
violating-contribution-guidelineslabel and link toCONTRIBUTING.md.