Skip to content

Automation: Require milestones on PRs #61756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: trunk
Choose a base branch
from
Open

Automation: Require milestones on PRs #61756

wants to merge 2 commits into from
+43 −68

Conversation

@ebinnion
Copy link
Contributor

@ebinnion ebinnion commented Nov 1, 2025
edited
Loading

Submission Review Guidelines:

Changes proposed in this Pull Request:

  • Enforce that pull requests to trunk have milestones.
  • Remove now redundant auto-milestone logic.

How to test the changes in this Pull Request:

  • Fork repo and add .github/workflows/pr-require-milestone.yml file to trunk.
  • Test with a PR that has no milestone and ensure that it is rejected.
  • Test with a PR that has a milestone and ensure that it passes.

Testing that has already taken place:

  • See the above
  • Also try removing and adding the milestone on this PR. 😄

Changelog entry

  • Automatically create a changelog entry from the details below.
  • This Pull Request does not require a changelog entry. (Comment required below)
Changelog Entry Details

Significance

  • Patch
  • Minor
  • Major

Type

  • Fix - Fixes an existing bug
  • Add - Adds functionality
  • Update - Update existing functionality
  • Dev - Development related task
  • Tweak - A minor adjustment to the codebase
  • Performance - Address performance issues
  • Enhancement - Improvement to existing functionality

Message

Changelog Entry Comment

Comment

Changelog is automation only.

@ebinnion ebinnion self-assigned this Nov 1, 2025
@ebinnion ebinnion requested a review from a team as a code owner November 1, 2025 02:24
@ebinnion ebinnion requested review from ObliviousHarmony and removed request for a team November 1, 2025 02:24
@github-actions github-actions bot added the focus: monorepo infrastructure Issues and PRs related to monorepo tooling. label Nov 1, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 1, 2025
edited
Loading

Testing Guidelines

Hi @ObliviousHarmony ,

Apart from reviewing the code changes, please make sure to review the testing instructions (Guide) and verify that relevant tests (E2E, Unit, Integration, etc.) have been added or updated as needed.

Reminder: PR reviewers are required to document testing performed. This includes:

  • 🖼️ Screenshots or screen recordings.
  • 📝 List of functionality tested / steps followed.
  • 🌐 Site details (environment attributes such as hosting type, plugins, theme, store size, store age, and relevant settings).
  • 🔍 Any analysis performed, such as assessing potential impacts on environment attributes and other plugins, conducting performance profiling, or using LLM/AI-based analysis.

⚠️ Within the testing details you provide, please ensure that no sensitive information (such as API keys, passwords, user data, etc.) is included in this public issue.

@ebinnion ebinnion added this to the 10.4.0 milestone Nov 1, 2025
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Nov 1, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Nov 1, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 1, 2025
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

The changes shift milestone assignment from automatic post-merge to mandatory pre-merge validation. A new GitHub Actions workflow enforces that PRs must have a milestone assigned before merging. An existing post-merge workflow and its associated PHP script are simplified by removing automatic milestone assignment logic.

Changes

Cohort / File(s) Summary
New milestone validation workflow
.github/workflows/pr-require-milestone.yml		 Adds a GitHub Actions workflow that triggers on PR events (opened, reopened, edited, synchronize, ready_for_review, milestoned, demilestoned) targeting trunk. For non-draft PRs it verifies a milestone is set and fails with an instruction if none; logs the milestone title when present. Sets pull-requests: read permissions.
Remove post-merge milestone assignment
.github/workflows/pull-request-post-merge-processing.yml		 Removes fetching/execution of assign-milestone-to-merged-pr.php, removes milestone-existence check and conditional assignment steps, and updates User-Agent to a post-merge processing message; retains remaining fetch/execute logic for post-merge comments.
Delete automatic milestone assignment script
.github/workflows/scripts/assign-milestone-to-merged-pr.php		 Deletes the PHP script that selected the latest milestone and assigned it to merged PRs via a GraphQL mutation, including DRY_RUN guard and error handling.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant PR as Pull Request
  participant GH as GitHub Actions (pr-require-milestone)
  participant Script as actions/github-script

  Note over PR,GH: PR events (opened/reopened/edited/synchronize/ready_for_review/milestoned/demilestoned)
  PR->>GH: trigger workflow (if target == trunk and not draft)
  GH->>Script: read PR metadata
  Script-->>GH: milestone present?
  alt milestone set
    GH-->>PR: log milestone title (success)
  else no milestone
    GH-->>PR: fail check with message "assign a milestone"
  end
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Areas for attention:
    • Verify GitHub Actions YAML syntax and trigger/permission semantics in .github/workflows/pr-require-milestone.yml
    • Confirm removing assign-milestone-to-merged-pr.php and related steps in pull-request-post-merge-processing.yml doesn't break downstream post-merge expectations
    • Ensure messaging in the failing workflow is clear and actionable for contributors

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The pull request title 'Automation: Require milestones on PRs' accurately and concisely summarizes the main change in the changeset. The PR adds a GitHub Actions workflow to enforce milestone requirements on pull requests and removes redundant auto-milestone logic. The title clearly conveys the primary objective without unnecessary detail or noise.
Description check ✅ Passed The pull request description directly addresses the changeset by outlining the two main proposed changes: enforcing milestone requirements on trunk PRs and removing redundant auto-milestone logic. It includes testing instructions and accurately reflects the modifications present in the file changes, particularly the addition of the pr-require-milestone workflow and removal of auto-assignment logic.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch add/github-workflow-require-milestone
📜 Recent review details

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 740ea3d and 8fe03f3.

📒 Files selected for processing (3)
  • .github/workflows/pr-require-milestone.yml (1 hunks)
  • .github/workflows/pull-request-post-merge-processing.yml (1 hunks)
  • .github/workflows/scripts/assign-milestone-to-merged-pr.php (0 hunks)
💤 Files with no reviewable changes (1)
  • .github/workflows/scripts/assign-milestone-to-merged-pr.php
🚧 Files skipped from review as they are similar to previous changes (2)
  • .github/workflows/pull-request-post-merge-processing.yml
  • .github/workflows/pr-require-milestone.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: review-with-tracking

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
.github/workflows/pull-request-post-merge-processing.yml (1)

29-30: Update User-Agent header to reflect new purpose.

The User-Agent header now contains misleading text ("set the milestone for a pull request") since milestone assignment has been moved to pre-merge validation. Update it to a more generic description of post-merge processing.

-                    --header 'User-Agent: GitHub action to set the milestone for a pull request' \
+                    --header 'User-Agent: GitHub action for post-merge pull request processing' \
📜 Review details

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e7cc0f7 and 740ea3d.

📒 Files selected for processing (3)
  • .github/workflows/pr-require-milestone.yml (1 hunks)
  • .github/workflows/pull-request-post-merge-processing.yml (1 hunks)
  • .github/workflows/scripts/assign-milestone-to-merged-pr.php (0 hunks)
💤 Files with no reviewable changes (1)
  • .github/workflows/scripts/assign-milestone-to-merged-pr.php
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings 
Learnt from: jorgeatorres
Repo: woocommerce/woocommerce PR: 60262
File: .github/workflows/release-build-zip-file.yml:133-138
Timestamp: 2025-08-08T08:14:35.100Z
Learning: WooCommerce milestone convention: The woocommerce/woocommerce repository only creates GitHub milestones in the x.y.0 format, and those milestones cover RCs and patch releases for that minor train. In .github/workflows/release-build-zip-file.yml, the pre-build verification that sets `milestone="$version_prefix.0"` is intentional and should remain as-is; using `$version_prefix` alone would be incorrect for this repo.

Learnt from: prettyboymp
Repo: woocommerce/woocommerce PR: 59048
File: .github/workflows/cherry-pick-milestoned-prs.yml:118-131
Timestamp: 2025-07-11T13:05:08.440Z
Learning: In GitHub Actions workflows, when reviewing steps that access event data like `github.event.pull_request.milestone`, check the entire job dependency chain and conditional logic. If upstream jobs already validate the data exists (like checking `github.event.pull_request.milestone != null` in a prerequisite job), then downstream jobs don't need redundant null-checks since the data is guaranteed to exist by that point.

Learnt from: prettyboymp
Repo: woocommerce/woocommerce PR: 60272
File: .github/workflows/release-open-issue-warning.yml:81-86
Timestamp: 2025-08-08T13:59:11.524Z
Learning: Repo: woocommerce/woocommerce — In .github/workflows/release-open-issue-warning.yml, the use of `advanced_search: true` in github.rest.search.issuesAndPullRequests is intentional and temporarily required per GitHub’s 2025-03-06 Issues Advanced Search API update. Prefer keeping it (with a brief inline comment and optional fallback) until GitHub removes the requirement.

Learnt from: prettyboymp
Repo: woocommerce/woocommerce PR: 60272
File: .github/workflows/release-open-issue-warning.yml:15-23
Timestamp: 2025-08-08T13:52:26.423Z
Learning: Repository: woocommerce/woocommerce
Context: .github/workflows/release-open-issue-warning.yml and similar workflows
Learning: Maintainers (per prettyboymp) are fine requiring third-party modules inside actions/github-script without adding setup-node/createRequire. Prefer to keep this pattern and defer structural changes unless it demonstrably causes issues; minor safeguards like version pinning are acceptable if needed.
📚 Learning: 2025-07-11T13:05:08.440Z 
Learnt from: prettyboymp
Repo: woocommerce/woocommerce PR: 59048
File: .github/workflows/cherry-pick-milestoned-prs.yml:118-131
Timestamp: 2025-07-11T13:05:08.440Z
Learning: In GitHub Actions workflows, when reviewing steps that access event data like `github.event.pull_request.milestone`, check the entire job dependency chain and conditional logic. If upstream jobs already validate the data exists (like checking `github.event.pull_request.milestone != null` in a prerequisite job), then downstream jobs don't need redundant null-checks since the data is guaranteed to exist by that point.

Applied to files:

  • .github/workflows/pr-require-milestone.yml
  • .github/workflows/pull-request-post-merge-processing.yml
📚 Learning: 2025-08-08T08:14:35.100Z 
Learnt from: jorgeatorres
Repo: woocommerce/woocommerce PR: 60262
File: .github/workflows/release-build-zip-file.yml:133-138
Timestamp: 2025-08-08T08:14:35.100Z
Learning: WooCommerce milestone convention: The woocommerce/woocommerce repository only creates GitHub milestones in the x.y.0 format, and those milestones cover RCs and patch releases for that minor train. In .github/workflows/release-build-zip-file.yml, the pre-build verification that sets `milestone="$version_prefix.0"` is intentional and should remain as-is; using `$version_prefix` alone would be incorrect for this repo.

Applied to files:

  • .github/workflows/pr-require-milestone.yml
  • .github/workflows/pull-request-post-merge-processing.yml
📚 Learning: 2025-08-11T06:45:22.345Z 
Learnt from: CR
Repo: woocommerce/woocommerce PR: 0
File: .cursor/rules/generate-pr-description.mdc:0-0
Timestamp: 2025-08-11T06:45:22.345Z
Learning: Applies to .github/PULL_REQUEST_TEMPLATE.md : Use .github/PULL_REQUEST_TEMPLATE.md as the basis for all PR descriptions

Applied to files:

  • .github/workflows/pr-require-milestone.yml
🔇 Additional comments (1)
.github/workflows/pr-require-milestone.yml (1)

1-41: Workflow structure and validation logic look solid.

The new milestone-enforcement workflow correctly transitions validation from post-merge (automatic assignment) to pre-merge (required check). Trigger types are appropriate—including demilestoned ensures the requirement is maintained if a milestone is removed before merge. Draft PR exclusion prevents unintended enforcement on work-in-progress PRs. Permission level and script logic are both correct.

To proceed, verify that your repository's branch protection rules on trunk require the "Ensure milestone is assigned" status check to pass, so that PRs without milestones are actually blocked from merging.

@ebinnion ebinnion force-pushed the add/github-workflow-require-milestone branch from 740ea3d to 8425109 Compare November 3, 2025 17:05
@claude
Copy link

claude bot commented Nov 3, 2025
edited
Loading

Claude finished @ebinnion's task —— View job

Backwards Compatibility Review

Todo List:

  • Read changed workflow files
  • Analyze for BC impacts
  • Provide BC review summary

Summary

Risk Level: None

This PR contains only GitHub Actions workflow changes that affect the repository's automation infrastructure. The changes shift milestone assignment from a post-merge automatic process to a pre-merge requirement check. These modifications are purely procedural and have no backwards compatibility impact on the WooCommerce/WordPress ecosystem.

Rationale:

  1. No PHP API changes (signatures, visibility, hooks, templates, REST endpoints, etc.)
  2. No JavaScript/Block changes (attributes, handles, data stores, etc.)
  3. No database, schema, or option changes
  4. No changes affecting payment gateways, extensions, themes, or custom integrations
  5. Changes are isolated to GitHub automation workflows that run on GitHub's infrastructure, not in WordPress/WooCommerce runtime environments

Testing Focus

No specific BC testing required for this PR since it only affects repository automation. However, to validate the workflow changes themselves:

  1. Pre-merge check: Verify the new milestone requirement workflow correctly blocks PRs without milestones on trunk
  2. Post-merge behavior: Confirm that merged PRs no longer receive automatic milestone assignments
  3. Developer experience: Test that the error message is clear when a milestone is missing

BC-Specific Analysis

Files Changed:

  • .github/workflows/pr-require-milestone.yml:1-41 (new file) - Adds pre-merge milestone validation
  • .github/workflows/pull-request-post-merge-processing.yml:22,40-57 (modified) - Removes post-merge milestone assignment logic
  • .github/workflows/scripts/assign-milestone-to-merged-pr.php (deleted) - Removes milestone assignment script

Scope Review:

  • ✅ No PHP API changes
  • ✅ No hook additions/removals (do_action, apply_filters)
  • ✅ No template changes under templates/**
  • ✅ No REST API parameter or response shape changes
  • ✅ No JavaScript/Block API changes
  • ✅ No database or schema changes
  • ✅ No changes to public constants, globals, or composer dependencies
  • ✅ No impact on payment gateways or popular extensions (Subscriptions, Bookings, Memberships)
  • ✅ No impact on custom checkout flows or theme customizations

Note on Review Comments:
There is an existing code review comment about a potential issues: read permission issue in the new workflow file (.github/workflows/pr-require-milestone.yml:33). The PR author has confirmed it's working correctly in testing. This is a workflow implementation detail and not a BC concern.

Confidence

100% - This PR contains exclusively GitHub Actions workflow files that execute on GitHub's infrastructure during CI/CD processes. These files have no runtime interaction with WordPress, WooCommerce, or the PHP/JavaScript code that runs on merchant sites. Therefore, there is zero possibility of backwards compatibility impact on the WooCommerce ecosystem.

Conclusion: No breaking changes detected. This PR is safe to merge from a backwards compatibility perspective.

@claude
Copy link

claude bot commented Nov 3, 2025
edited
Loading

Claude finished @ebinnion's task —— View job

Backwards Compatibility Review

Todo List:

  • Read changed workflow files
  • Analyze for BC impacts
  • Provide BC review summary

Summary

Risk Level: None

This PR contains only GitHub Actions workflow changes that affect the repository's automation infrastructure. The changes shift milestone assignment from a post-merge automatic process to a pre-merge requirement check. These modifications are purely procedural and have no backwards compatibility impact on the WooCommerce/WordPress ecosystem.

Rationale:

  1. No PHP API changes (signatures, visibility, hooks, templates, REST endpoints, etc.)
  2. No JavaScript/Block changes (attributes, handles, data stores, etc.)
  3. No database, schema, or option changes
  4. No changes affecting payment gateways, extensions, themes, or custom integrations
  5. Changes are isolated to GitHub automation workflows that run on GitHub's infrastructure, not in WordPress/WooCommerce runtime environments

Testing Focus

No specific BC testing required for this PR since it only affects repository automation. However, to validate the workflow changes themselves:

  1. Pre-merge check: Verify the new milestone requirement workflow correctly blocks PRs without milestones on trunk
  2. Post-merge behavior: Confirm that merged PRs no longer receive automatic milestone assignments
  3. Developer experience: Test that the error message is clear when a milestone is missing

BC-Specific Analysis

Files Changed:

  • .github/workflows/pr-require-milestone.yml:1-41 (new file) - Adds pre-merge milestone validation
  • .github/workflows/pull-request-post-merge-processing.yml:22,40-57 (modified) - Removes post-merge milestone assignment logic
  • .github/workflows/scripts/assign-milestone-to-merged-pr.php (deleted) - Removes milestone assignment script

Scope Review:

  • ✅ No PHP API changes
  • ✅ No hook additions/removals (do_action, apply_filters)
  • ✅ No template changes under templates/**
  • ✅ No REST API parameter or response shape changes
  • ✅ No JavaScript/Block API changes
  • ✅ No database or schema changes
  • ✅ No changes to public constants, globals, or composer dependencies
  • ✅ No impact on payment gateways or popular extensions (Subscriptions, Bookings, Memberships)
  • ✅ No impact on custom checkout flows or theme customizations

Note on Review Comments:
There is an existing code review comment about a potential issues: read permission issue in the new workflow file (.github/workflows/pr-require-milestone.yml:33). The PR author has confirmed it's working correctly in testing. This is a workflow implementation detail and not a BC concern.

Confidence

100% - This PR contains exclusively GitHub Actions workflow files that execute on GitHub's infrastructure during CI/CD processes. These files have no runtime interaction with WordPress, WooCommerce, or the PHP/JavaScript code that runs on merchant sites. Therefore, there is zero possibility of backwards compatibility impact on the WooCommerce ecosystem.

Conclusion: No breaking changes detected. This PR is safe to merge from a backwards compatibility perspective.

ObliviousHarmony
ObliviousHarmony reviewed Nov 4, 2025
View reviewed changes
Copy link
Contributor

@ObliviousHarmony ObliviousHarmony left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ebinnion,

The pull request description doesn't really explain why we want to do this. We used to require milestones pre-merge and migrated to the auto-assignment that we have now because manual assignment was a chore and easy to mess up with the wrong milestone.

.github/workflows/pr-require-milestone.yml
Copy link
Contributor

@ObliviousHarmony ObliviousHarmony Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, we should try to avoid creating new workflows if there are existing workflows that are already a good fit. This seems perfectly at home with one of our other pull request workflows, doesn't it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ObliviousHarmony ObliviousHarmony ObliviousHarmony left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@ebinnion ebinnion

Labels

focus: monorepo infrastructure Issues and PRs related to monorepo tooling.

Projects

None yet

Milestone

10.4.0

Development

Successfully merging this pull request may close these issues.

3 participants

@ebinnion @ObliviousHarmony