Skip to content

chore(ci): Allow triage action to run on issues from external users#19701

Merged
chargome merged 1 commit intodevelopfrom
fix/triage-action-external-users
Mar 9, 2026
Merged

chore(ci): Allow triage action to run on issues from external users#19701
chargome merged 1 commit intodevelopfrom
fix/triage-action-external-users

Conversation

@chargome
Copy link
Member

@chargome chargome commented Mar 9, 2026
edited by github-actions bot
Loading

The claude-code-action OIDC token exchange verifies that the triggering GitHub actor has write access to the repository. When an external user opens an issue, they are the actor and don't have write access, causing the action to fail with a 401 error.

Pass an explicit github_token and set allowed_non_write_users to '*' so the action skips the write-access check. This is safe because the workflow's GITHUB_TOKEN only has read permissions, and the existing prompt injection detection script guards against malicious issue content before any triage logic (including Linear writes) executes.

Following an example from anthropic here

Closes #19702 (added automatically)

@chargome @claude
fix(ci): Allow triage action to run on issues from external users
0ef730f 
The claude-code-action OIDC token exchange verifies that the
triggering GitHub actor has write access to the repository. When an
external user opens an issue, they are the actor and don't have write
access, causing the action to fail with a 401 error.

Pass an explicit github_token and set allowed_non_write_users to '*'
so the action skips the write-access check. This is safe because the
workflow's GITHUB_TOKEN only has read permissions, and the existing
prompt injection detection script guards against malicious issue
content before any triage logic (including Linear writes) executes.

Co-Authored-By: Claude <[email protected]>
@chargome chargome requested review from oioki and s1gr1d March 9, 2026 09:06
@chargome chargome self-assigned this Mar 9, 2026
@github-actions github-actions bot mentioned this pull request Mar 9, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026

size-limit report 📦

⚠️ Warning: Base artifact is not the latest one, because the latest workflow run is not done yet. This may lead to incorrect results. Try to re-run all tests to get up to date results.

Path Size % Change Change
@sentry/browser 25.63 kB - -
@sentry/browser - with treeshaking flags 24.13 kB - -
@sentry/browser (incl. Tracing) 42.43 kB - -
@sentry/browser (incl. Tracing, Profiling) 47.09 kB - -
@sentry/browser (incl. Tracing, Replay) 81.25 kB - -
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 70.87 kB - -
@sentry/browser (incl. Tracing, Replay with Canvas) 85.95 kB - -
@sentry/browser (incl. Tracing, Replay, Feedback) 98.21 kB - -
@sentry/browser (incl. Feedback) 42.44 kB - -
@sentry/browser (incl. sendFeedback) 30.3 kB - -
@sentry/browser (incl. FeedbackAsync) 35.35 kB - -
@sentry/browser (incl. Metrics) 26.8 kB - -
@sentry/browser (incl. Logs) 26.94 kB - -
@sentry/browser (incl. Metrics & Logs) 27.61 kB - -
@sentry/react 27.38 kB - -
@sentry/react (incl. Tracing) 44.77 kB - -
@sentry/vue 30.08 kB - -
@sentry/vue (incl. Tracing) 44.3 kB - -
@sentry/svelte 25.66 kB - -
CDN Bundle 28.17 kB - -
CDN Bundle (incl. Tracing) 43.26 kB - -
CDN Bundle (incl. Logs, Metrics) 29.01 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) 44.1 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) 68.09 kB - -
CDN Bundle (incl. Tracing, Replay) 80.14 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) 81 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) 85.65 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) 86.53 kB - -
CDN Bundle - uncompressed 82.35 kB - -
CDN Bundle (incl. Tracing) - uncompressed 128.07 kB - -
CDN Bundle (incl. Logs, Metrics) - uncompressed 85.19 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed 130.9 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed 208.85 kB - -
CDN Bundle (incl. Tracing, Replay) - uncompressed 244.95 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed 247.77 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 257.86 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed 260.67 kB - -
@sentry/nextjs (client) 47.18 kB - -
@sentry/sveltekit (client) 42.89 kB - -
@sentry/node-core 52.25 kB +0.02% +7 B 🔺
@sentry/node 174.73 kB +0.02% +19 B 🔺
@sentry/node - without tracing 97.39 kB +0.02% +11 B 🔺
@sentry/aws-serverless 113.2 kB +0.01% +7 B 🔺

View base workflow run

@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario Requests/s % of Baseline Prev. Requests/s Change %
GET Baseline 11,609 - 9,310 +25%
GET With Sentry 2,018 17% 1,659 +22%
GET With Sentry (error only) 7,536 65% 5,858 +29%
POST Baseline 1,164 - 1,154 +1%
POST With Sentry 600 52% 567 +6%
POST With Sentry (error only) 1,041 89% 1,019 +2%
MYSQL Baseline 3,984 - 3,193 +25%
MYSQL With Sentry 479 12% 431 +11%
MYSQL With Sentry (error only) 3,238 81% 2,606 +24%

View base workflow run

@chargome chargome merged commit 7b69774 into develop Mar 9, 2026
72 checks passed
@chargome chargome deleted the fix/triage-action-external-users branch March 9, 2026 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@s1gr1d s1gr1d s1gr1d approved these changes

@oioki oioki Awaiting requested review from oioki

Assignees

@chargome chargome

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

chore(ci): Allow triage action to run on issues from external users

2 participants

@chargome @s1gr1d