Add use-pr-linker workflow to auto-link PRs to issues

[Ivanmeneges]

Summary

Adds use-pr-linker.yml workflow that calls the reusable PR-to-issue linker from mosip/kattu (@develop).

Notes

• Requires ACTION_PAT repository secret to be configured.
• Target branch: develop2.

Summary by CodeRabbit

• Chores
  • Added GitHub Actions workflow automation triggered on pull request events.

[coderabbitai]

Warning

Review limit reached

@Ivanmeneges, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 49 minutes and 48 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1c4b026b-90b2-4ff6-a9d3-635799a2fd60

📥 Commits

Reviewing files that changed from the base of the PR and between faacad8 and eb398ba.

📒 Files selected for processing (1)

• .github/workflows/use-pr-linker.yml

Walkthrough

This PR adds a GitHub Actions workflow that automates PR-to-issue linking. The workflow triggers on pull request events, sets up required permissions, and invokes a reusable workflow from the mosip/kattu repository to establish the link with appropriate authentication.

Changes

PR-to-Issue Linking Automation

Layer / File(s)	Summary
PR-to-issue linking workflow setup .github/workflows/use-pr-linker.yml	Workflow runs on pull request lifecycle events (opened, edited, synchronize, closed, reopened), grants read access to repository contents and write access to issues, and calls the reusable mosip/kattu workflow to link PRs to issues using the ACTION_PAT secret for authentication.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A rabbit hops through workflows bright,
Linking PRs to issues tight,
With secrets passed and permissions true,
Automation flows—now bugs stay few!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a GitHub Actions workflow to automatically link pull requests to issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add/use-pr-linker-workflow-develop2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/use-pr-linker.yml:
- Line 14: Replace the floating reusable-workflow ref "uses:
mosip/kattu/.github/workflows/link-pr-to-issue.yml@develop" with an immutable
commit SHA (pin to a specific commit) and ensure the secret mapping matches the
callee: confirm the reusable workflow's workflow_call.secrets declares
ACTION_PAT (or change the caller to pass the key the reusable workflow expects,
e.g. TOKEN) so that secrets.ACTION_PAT passed from the caller matches the
workflow_call.secrets entry; update the uses line to the commit SHA and adjust
the secret name mapping if necessary.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 75d11ca3-badc-4992-9f5b-29d876a92c6a

📥 Commits

Reviewing files that changed from the base of the PR and between e2c165d and faacad8.

📒 Files selected for processing (1)

• .github/workflows/use-pr-linker.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the relevant workflow around the referenced line numbers
echo "=== use-pr-linker.yml (around lines 1-60) ==="
nl -ba .github/workflows/use-pr-linker.yml | sed -n '1,80p'

echo
echo "=== chart-lint-publish.yml (search for secrets.ACTION_PAT mapping) ==="
# Show only the relevant part mentioned (45-62) if file exists
if [ -f .github/workflows/chart-lint-publish.yml ]; then
  nl -ba .github/workflows/chart-lint-publish.yml | sed -n '35,90p' | rg -n "ACTION_PAT|TOKEN|secrets" || true
  # Also show full range 45-62 for context
  echo "--- chart-lint-publish.yml lines 45-62 ---"
  nl -ba .github/workflows/chart-lint-publish.yml | sed -n '45,62p'
else
  echo "chart-lint-publish.yml not found in repo"
fi

echo
echo "=== Search repo for other occurrences of mosip/kattu/link-pr-to-issue.yml ==="
rg -n "mosip/kattu/.github/workflows/link-pr-to-issue\.yml" .github/workflows || true

echo
echo "=== Search repo for other mosip/kattu reusable workflow uses with `@develop` ==="
rg -n "mosip/kattu/.*`@develop`" .github/workflows || true

Repository: mosip/security-tools

Length of output: 171

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== use-pr-linker.yml (around lines 1-80) ==="
if [ -f .github/workflows/use-pr-linker.yml ]; then
  cat -n .github/workflows/use-pr-linker.yml | sed -n '1,100p'
else
  echo "File not found: .github/workflows/use-pr-linker.yml"
fi

echo
echo "=== chart-lint-publish.yml (search for ACTION_PAT/TOKEN/secrets + show lines 45-62 if present) ==="
if [ -f .github/workflows/chart-lint-publish.yml ]; then
  echo "--- grep relevant tokens ---"
  cat -n .github/workflows/chart-lint-publish.yml | sed -n '1,140p' | rg -n "ACTION_PAT|TOKEN|workflow_call:|secrets:" || true
  echo "--- chart-lint-publish.yml lines 45-62 ---"
  cat -n .github/workflows/chart-lint-publish.yml | sed -n '45,62p'
else
  echo "File not found: .github/workflows/chart-lint-publish.yml"
fi

echo
echo "=== Search repo for occurrences of link-pr-to-issue.yml ==="
rg -n "mosip/kattu/.github/workflows/link-pr-to-issue\.yml" .github/workflows || true

echo
echo "=== Search repo for mosip/kattu reusable workflow refs using `@develop` ==="
rg -n "mosip/kattu/.github/workflows/.*`@develop`" .github/workflows || true

echo
echo "=== Locate any workflow_call secret contract for link-pr-to-issue.yml in this repo ==="
# Only looks within this repo; if not found, we’ll need web lookup.
rg -n "workflow_call:" .github/workflows || true

Repository: mosip/security-tools

Length of output: 2457

---

🌐 Web query:

mosip/kattu link-pr-to-issue.yml workflow_call secrets TOKEN ACTION_PAT

💡 Result:

I couldn’t locate a workflow file named mosip/kattu link-pr-to-issue.yml in the mosip/kattu repository (or any referenced reusable workflow with that exact filename). The search results only show the mosip/kattu repo landing page and various other reusable workflow docs/files, but not link-pr-to-issue.yml specifically [1]. What I can confirm from MOSIP repositories that do use mosip/kattu reusable workflows: - Reusable workflows in mosip/kattu are invoked using the workflow_call mechanism (mosip/kattu is described as containing reusable workflows triggered by workflow_call) [1]. - An example of calling a mosip/kattu reusable workflow shows passing a secret named ACTION_PAT from the caller repository into the reusable workflow, e.g. secrets: ACTION_PAT: ${{ secrets.ACTION_PAT }} used when calling mosip/kattu/.github/workflows/release-changes.yml@master [2]. If you intended a different filename (e.g., a PR/issue linking workflow whose name isn’t “link-pr-to-issue.yml”), or if the file lives under a different path/branch/tag in mosip/kattu, paste the exact YAML path you have (or the job uses: … line) and I can re-run the search precisely for that workflow_call secrets block (including TOKEN vs ACTION_PAT).

Citations:

• 1: https://github.com/mosip/kattu
• 2: mosip/pre-registration@38e9e88

---

Pin the reusable workflow to an immutable ref (and verify the secret key contract)

• In .github/workflows/use-pr-linker.yml (line 14), replace uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@develop with a specific commit SHA.
• .github/workflows/use-pr-linker.yml passes secrets.ACTION_PAT into the reusable workflow; verify the reusable workflow’s workflow_call.secrets expects ACTION_PAT (or remap to the expected key, e.g. TOKEN) to avoid auth failures.

Suggested change

-    uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@develop
+    uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@<full_commit_sha>

🧰 Tools

🪛 zizmor (1.25.2)

[error] 14-14: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/use-pr-linker.yml at line 14, Replace the floating
reusable-workflow ref "uses:
mosip/kattu/.github/workflows/link-pr-to-issue.yml@develop" with an immutable
commit SHA (pin to a specific commit) and ensure the secret mapping matches the
callee: confirm the reusable workflow's workflow_call.secrets declares
ACTION_PAT (or change the caller to pass the key the reusable workflow expects,
e.g. TOKEN) so that secrets.ACTION_PAT passed from the caller matches the
workflow_call.secrets entry; update the uses line to the commit SHA and adjust
the secret name mapping if necessary.