Commit graph

11 commits

Author SHA1 Message Date
ridiculousfish
c844eea661 Restore lockthreads.yml
This file should be modified through pull requests.

This reverts commit bc71f0937b.
This reverts commit 99cac0b1b9.
This reverts commit 0f0da3c3d8.
2022-11-12 10:09:17 -08:00
Aaron Gyes
bc71f0937b Revert "Set issue lock timeout back"
This reverts commit 99cac0b1b9.
2022-11-12 05:04:14 -08:00
Fabian Boehm
99cac0b1b9 Set issue lock timeout back
It is 1 whole year, for an already closed issue.

Any "engagement" that happens at that point is irrelevant to the
original issue at hand, and a new issue should be opened instead.
Increasing the grace period even further is even less likely to be helpful.
2022-11-12 12:29:22 +01:00
Aaron Gyes
0f0da3c3d8 lockthreads.yml: decrease PR threshold, increase issue threshold
In my experience we rarely see a PR that may have activity after
365 days; issue reports are a very different story.

Goal: engagement
2022-11-12 03:16:48 -08:00
naveen
1331b65023 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-07 14:34:59 +02:00
Fabian Homborg
fcb74f236a Lock enhancements and RFCs again
The point here is to let issues be *done*, and have any *new*
discussions happen in *new* issues so you can decouple the context.

This revert pending further discussion.
2021-11-02 18:15:30 +01:00
Aaron Gyes
e53c284753
Update lockthreads.yml
exclude RFCs, enhancement requests, have it run weekly.
2021-11-02 09:43:47 -07:00
Aaron Gyes
e30b6c47f0 Adjust the GitHub thread locker script.
Set locked thread inactivity count to default 365.

Add 'needs more info' as an obvious on its face exception.

The default seems quite an inconventient, very strict thing t do:
it will lock threads that are closed and quiet because they have
been quiet and closed. This seems to make it hard to talk about
issues after they are closed or contribute. I can as a fish-shell
contributor, but that's not really the point.

Practically, right now to reply to any PR or any issue fixed in
July, well you can't.
2021-10-24 04:50:25 -07:00
Fabian Homborg
32c65aa32c Lock threads only once a day
This ran hourly, and that's really not necessary anymore.
2021-01-11 21:03:10 +01:00
Fabian Homborg
17ceb71169 Increase issue lock time to half a year
Sometimes three months is quite soon, let's see how half a year works out.
2020-12-26 19:36:55 +01:00
Fabian Homborg
6669240f81 Automatically lock closed issues/prs after 90 days
We've been getting a bunch of comments on old closed issues. Instead
people should create new ones.

This adds a github "workflow" that should lock closed issues/prs after
90 days, except those labelled "question".

Let's see how it works out.
2020-04-16 18:54:38 +02:00