actions-cool / issues-similarity-analysis Goto Github PK

Hello,

Thanks for the useful actions but it appears Node.js 12 has been deprecated and using the actions now result in a warning such as this:

Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16: actions-cool/issues-similarity-analysis@v1. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

Can you kindly look into updating this?

When an issue body contains links to other issues, these issues should be excluded from the results of the analysis.

Example of a comment made by the GHA while the link was already in the issue body: jenkins-infra/helpdesk#3058

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: 'Issues Similarity Analysis'
github-token:
  action-input:
    input: token
  permissions:
    issues: write
    issues-reason: to update or create issue comments #Checkout: https://github.com/actions-cool/issues-similarity-analysis/blob/0b3065f6204ad62cfe1d67dd45c5282875a7b8ae/src/public.js#L71
    
# FIX: #546

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.

Great action, but

I would like to label issues which may be duplicates. Currently it's not easily doable. Could you add an output to this actions that returns for example true if a similar issue was found or false otherwise?