Add BLT-Action to auto-add $5 bounty for sponsor-opened issues

[vidipsingh]

User description

• Implemented a GitHub Action that automatically adds a $5 label if an issue is created by a user listed in the SPONSORS environment variable.
• Fixes the issue where manual intervention was required to add the $5 label, ensuring automation as outlined in Make the BLT-Action auto add $5 if posted by a user in the SPONSORS env #3859.

Fixes: #3859

---

PR Type

Enhancement, Configuration changes

---

Description

• Added automation to label issues with $5 if opened by sponsors.

• Changed GitHub Action trigger from issue_comment to issues event.

• Implemented sponsor check using SPONSORS environment variable.

• Integrated API call to add $5 label for eligible issues.

---

Changes walkthrough 📝

	Relevant files
Enhancement	assign-issues.yml Automate $5 label addition for sponsor issues                        .github/workflows/assign-issues.yml Changed trigger from issue_comment to issues event. Added steps to check if issue author is a sponsor. Implemented API call to add $5 bounty label for sponsor-created issues. Enhanced workflow with environment variable and condition handling. +31/-2

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶 3859 - Partially compliant Compliant requirements: Automate the addition of a $5 label to issues created by users listed in the SPONSORS environment variable. Change the GitHub Action trigger from issue_comment to issues event. Ensure the automation eliminates the need for manual intervention. Non-compliant requirements: [] Requires further human verification: []

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Potential issue with unsanitized use of the SPONSORS environment variable in the bash script. This could lead to unexpected behavior if the variable contains malicious or malformed input.

⚡ Recommended focus areas for review Possible Issue The curl command in the "Add $5 bounty label for sponsors" step does not handle errors robustly. If the API call fails, the script continues without retrying or logging detailed error information. echo "Adding $5 bounty label for sponsor ${ISSUE_AUTHOR}" curl -X POST \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "Accept: application/vnd.github.v3+json" \ https://api.github.com/repos/${REPO}/issues/${ISSUE_NUMBER}/labels \ -d '{"labels":["bounty: $5"]}' || echo "Failed to add label, but continuing..." Security Concern The SPONSORS environment variable is directly used in a bash script without sanitization, which could lead to potential issues if the variable contains unexpected characters or formatting. env: SPONSORS: ${{ secrets.SPONSORS }} ISSUE_AUTHOR: ${{ github.event.issue.user.login }} run: | if [[ ",${SPONSORS}," =~ ",${ISSUE_AUTHOR}," ]]; then echo "is_sponsor=true" >> $GITHUB_OUTPUT else echo "is_sponsor=false" >> $GITHUB_OUTPUT shell: bash

[github-actions]

PR Code Suggestions ✨