Enhance stale PR workflow with permissions

2026-02-08 21:03:28 +01:00 · 2026-02-08 21:03:28 +01:00 · 2f2d0235b7
commit 2f2d0235b7
parent 79455ee417
1 changed files with 9 additions and 1 deletions
--- a/.github/workflows/stale_pr_close.yml
+++ b/.github/workflows/stale_pr_close.yml
@ -9,15 +9,18 @@ on:
 jobs:
  stale-prs:
    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write
    steps:
      - name: Handle stale label
        uses: actions/github-script@v7
        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const now = new Date();
            const owner = context.repo.owner;
            const repo = context.repo.repo;
+            
            // --- PR labeled event ---
            if (context.eventName === "pull_request" && context.payload.action === "labeled") {
              const label = context.payload.label?.name;
@ -31,6 +34,7 @@ jobs:
              }
              return; // exit, nothing else to do
            }
+            
            // --- Scheduled run ---
            const { data: prs } = await github.rest.pulls.list({
              owner,
@ -38,16 +42,20 @@ jobs:
              state: "open",
              per_page: 100
            });
+            
            for (const pr of prs) {
              const hasStale = pr.labels.some(l => l.name === "stale");
              if (!hasStale) continue;
+              
              const { data: commits } = await github.rest.pulls.listCommits({
                owner,
                repo,
                pull_number: pr.number
              });
+              
              const lastCommitDate = new Date(commits[commits.length - 1].commit.author.date);
              const diffDays = (now - lastCommitDate) / (1000 * 60 * 60 * 24);
+              
              if (diffDays > 7) {
                await github.rest.pulls.update({
                  owner,