ci: replace blocked issues-helper action and fix release event race#9549
Open
okatu-loli wants to merge 1 commit into
Open
ci: replace blocked issues-helper action and fix release event race#9549okatu-loli wants to merge 1 commit into
okatu-loli wants to merge 1 commit into
Conversation
The `actions-cool/issues-helper` repository was blocked by GitHub for a ToS violation on 2026-05-19, so every issue-automation workflow that depends on it now fails at "Getting action download info" with "Repository access blocked". Replace all usages with inline `actions/github-script@v7`: - issue_on_close.yml: remove `working`/`pr-welcome` labels (ignore 404) - issue_duplicate.yml / issue_invalid.yml / issue_wontfix.yml: comment + close - issue_question.yml: comment only - issue_close_stale.yml / issue_close_question.yml: paginate open issues by label, close those inactive past the cutoff. Comments now address the actual per-issue author instead of an empty `@` (the old `github.event.issue` expression was undefined in the scheduled context). Each workflow now declares a least-privilege `permissions: issues: write`. Also guard the release workflows against the duplicate-publish race: when the same tag is re-published the release is recreated with a new id, leaving in-flight runs pointing at a deleted release id and failing with 404 (seen in release.yml EditRelease and release_freebsd.yml asset upload). Add a per-tag concurrency group with cancel-in-progress so only the newest publish proceeds. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
背景 / Why
仓库里多个 GitHub Actions 报错,定位到两类根因:
1. Issue 自动化 —— 依赖的 action 被 GitHub 封禁
所有 issue 相关 workflow 都依赖
actions-cool/issues-helper。该仓库已于 2026-05-19 因违反服务条款(ToS)被 GitHub 封禁:{"message":"Repository access blocked","block":{"reason":"tos","created_at":"2026-05-19T00:33:29Z"}}因此这些 workflow 一律在
Getting action download info阶段失败:##[error]Repository access blocked。受影响 7 个文件。2. Release 系列 —— 重复发布同一 tag 导致 404 竞态
v3.61.0发版时观察到:失败的release.yml引用 release id332851420,而成功的 freebsd job 引用332851481—— 同一 tag 被发布了两次,旧 release 被删/重建。旧那批 job 仍指向已删除的 release id,于是:release.yml的irongut/EditRelease步骤 →Octokit.NotFoundException - Not Foundrelease_freebsd.yml的softprops/action-gh-release→Not Found - update-a-release-asset改动 / What
Issue workflows —— 全部改用官方
actions/github-script@v7内联实现,去掉被封依赖:issue_on_close.ymlworking/pr-welcome标签(忽略 404)issue_duplicate.yml/issue_invalid.yml/issue_wontfix.ymlissue_question.ymlissue_close_stale.yml/issue_close_question.ymlgithub.event.issue为 undefined,会变成空的@)。permissions: issues: write。Release workflows —— 5 个文件加按 tag 命名的并发组,重新发布同一 tag 时取消引用旧 release id 的过期运行:
不同平台
github.workflow不同,仍各自并行,不影响发版完整性。说明 / Note
Note
若在单次干净发布下
EditRelease仍报 404,则需另查MY_TOKENsecret 是否过期/权限不足 —— 那是密钥轮换问题,无法在代码层修复。本 PR 处理的是观测到的重复发布竞态。YAML 已全部本地校验通过。