Housekeeping: consolidate label workflows, improve internal docs#9578
Draft
vitorvasc wants to merge 5 commits intoopen-telemetry:mainfrom
Draft
Housekeeping: consolidate label workflows, improve internal docs#9578vitorvasc wants to merge 5 commits intoopen-telemetry:mainfrom
vitorvasc wants to merge 5 commits intoopen-telemetry:mainfrom
Conversation
otelbot-docs
bot
added
the
missing:docs-approval
Contributor
There was a problem hiding this comment.
Pull request overview
This PR reorganizes the OpenTelemetry.io maintainer documentation for GitHub Actions CI workflows into subpages, and consolidates PR-labeling workflows so checks appear grouped under “Label gate / …” in the GitHub UI.
Changes:
- Consolidates PR component labeling and approval-label management into a single
label-gate.ymlworkflow, and updates related workflow references. - Splits the former single CI workflows documentation page into multiple subpages under
content/en/site/build/ci-workflows/. - Adds new docs pages describing the label gate system, blog publish labeling, PR fix directives, and a list of other workflows.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
content/en/site/build/ci-workflows/_index.md |
Adds the CI workflows section landing page for the new doc subsection. |
content/en/site/build/ci-workflows/label-gate.md |
Documents the consolidated label-gating/approval-label system and its security model. |
content/en/site/build/ci-workflows/blog-publish-labels.md |
Documents the scheduled blog publish labeling workflow and Slack notifications. |
content/en/site/build/ci-workflows/pr-fix-directives.md |
Documents /fix PR comment directives and the two-stage patch pipeline. |
content/en/site/build/ci-workflows/other-workflows.md |
Lists additional CI workflows and their purposes. |
content/en/site/build/ci-workflows.md |
Removes the prior monolithic CI workflows doc page (replaced by the new subsection). |
.github/workflows/pr-review-trigger.yml |
Updates the “learn more” link to the new label gate docs anchor. |
.github/workflows/label-prs.yml |
Removes the standalone component-labeling workflow (functionality moved into label gate). |
.github/workflows/label-gate.yml |
Renames/reframes the workflow and adds a component-labeling job under the consolidated workflow. |
Comments suppressed due to low confidence (3)
.github/workflows/label-gate.yml:36
- Security concern: the
update-approval-labelsjob later checks out code usingref: ${{ github.event.pull_request.base.sha || github.sha }}. Forworkflow_runexecutions this falls back togithub.sha, which can be the untrusted PR head SHA in the chaining pattern, meaning privileged steps could execute scripts from PR code. Ensureworkflow_runalways checks out a trusted ref (e.g., default branch / PR base SHA fetched via API after reading the PR number), and never the PR head.
.github/workflows/label-gate.yml:28 add-component-labelsruns withpull-requests: writebut lacks the repository-owner guard used elsewhere (e.g.,update-approval-labelsin this workflow, andcomponent-owners.yml). Consider addingif: github.repository_owner == 'open-telemetry' && github.event_name == 'pull_request_target'to prevent this job from doing privileged writes when this workflow is run from forks/clones of the repo.
content/en/site/build/ci-workflows/blog-publish-labels.md:104- The
[batch-script]link is pinned to a specific commit (blob/248cc6f/...). This will become outdated over time; prefer linking toblob/main/...unless you intentionally need to reference an immutable historical version.
[blog]:
https://github.com/open-telemetry/opentelemetry.io/blob/main/.github/workflows/blog-publish-labels.yml
[batch-script]:
https://github.com/open-telemetry/opentelemetry.io/blob/248cc6f/.github/scripts/blog-publish-check.sh
vitorvasc
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
.github/workflows/label-gate.yml:3
- The “learn more” link points to
/site/build/ci-workflows/#label-gate, but the CI workflow docs were moved to a dedicated subpage (/site/build/ci-workflows/label-gate/). The index page at/ci-workflows/doesn’t define a#label-gateanchor, so this link will 404; update it to the new documentation URL.
vitorvasc
force-pushed
the
site-workflows-housekeeping
branch
from
a10fbed to
ced1a61
Compare
Break the single ci-workflows.md file into a directory with separate pages for label-gate, blog-publish-labels, pr-fix-directives, and other-workflows. Update references to reflect the workflow consolidation. Signed-off-by: Vitor Vasconcellos <vvasconcellos1@gmail.com>
…olete sections Signed-off-by: Vitor Vasconcellos <vvasconcellos1@gmail.com>
…update weights for workflows Signed-off-by: Vitor Vasconcellos <vvasconcellos1@gmail.com>
Signed-off-by: Vitor Vasconcellos <vvasconcellos1@gmail.com>
Signed-off-by: Vitor Vasconcellos <vvasconcellos1@gmail.com>
vitorvasc
force-pushed
the
site-workflows-housekeeping
branch
from
ced1a61 to
5eb5496
Compare
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Footnotes
Yes, I can answer maintainer questions about the content of this PR, without using AI. ↩