chore(workflows): align issue label and preview gating

[nicolethoen]

Replace the legacy issue workflow with the org-level PF team label caller, and gate PR preview deploys behind the reusable team-membership check.

Made-with: Cursor

Summary by CodeRabbit

• Chores
  • Removed an automated workflow that added new issues to the project board.
  • Updated documentation deployment to include permission checks and conditional deployment behavior.
  • Added an automated workflow to apply the PF team label when new issues are opened.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: abdd521b-9d57-4f29-85a0-ea6755ba327f

📥 Commits

Reviewing files that changed from the base of the PR and between 1841cbe and f5a56b5.

📒 Files selected for processing (1)

• .github/workflows/documentation.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/documentation.yml

---

Walkthrough

Removes the repository's add-new-issues-to-project.yml workflow, adds label-pf-team-issue.yml to call a reusable PatternFly workflow for PF team labeling, and updates documentation.yml to add issue_comment trigger plus a permission gate for conditional deploy previews.

Changes

Cohort / File(s)	Summary
Issue Labeling Workflow Migration delete: .github/workflows/add-new-issues-to-project.yml, new: .github/workflows/label-pf-team-issue.yml	Removed the old workflow that added new issues to a project and performed team checks; added a new workflow that invokes a reusable PatternFly workflow to apply the PF Team label (secrets: inherit).
Documentation Workflow Enhancement .github/workflows/documentation.yml	Added issue_comment trigger and a check-permissions gate job. deploy now depends on check-permissions, runs only when allowed or on workflow_call, and derives GH_PR_NUM from check-permissions.outputs.pr-number. Adjusted checkout logic for PR vs. workflow_call contexts.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• chore(actions): fix failing workflow using outputs #12179: Modifies the same issue-labeling workflow's team-membership/labeling behavior that this PR removes.

Suggested reviewers

• wise-king-sullyman

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(workflows): align issue label and preview gating' accurately describes the main changes: removing the legacy issue workflow, adding a new reusable workflow caller, and updating preview deployment gating logic.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[patternfly-build]

Preview: https://pf-react-pr-12385.surge.sh

A11y report: https://pf-react-pr-12385-a11y.surge.sh

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/label-pf-team-issue.yml (1)

7-9: Pin reusable workflows to full commit SHAs instead of @main.

Using floating branch refs like @main allows behavior to change outside this repo and makes workflow runs harder to reproduce. GitHub's official documentation recommends pinning both reusable workflows and actions to full commit SHAs for stability and security; this mitigates supply chain attacks and ensures consistent, reproducible behavior across runs.

This applies to:

• .github/workflows/label-pf-team-issue.yml line 8 (add-pf-team-label-workflow)
• .github/workflows/documentation.yml line 21 (check-team-membership)

Suggested change

-    uses: patternfly/.github/.github/workflows/add-pf-team-label-workflow.yml@main
+    uses: patternfly/.github/.github/workflows/add-pf-team-label-workflow.yml@<full-commit-sha>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/label-pf-team-issue.yml around lines 7 - 9, Replace
floating branch refs with full commit SHAs for the reusable workflow usages:
update the label workflow reference
"patternfly/.github/.github/workflows/add-pf-team-label-workflow.yml@main" in
label-pf-team-issue.yml to the repository’s exact commit SHA (pin to a specific
commit) and likewise update the "check-team-membership" reusable workflow
reference in documentation.yml to its full commit SHA; ensure you use the exact
commit SHAs (not tags or branch names) so both reusable workflow calls are
pinned for reproducible runs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/documentation.yml:
- Around line 15-20: The check-permissions job is skipped for workflow_call
events causing dependent jobs like deploy to be skipped; update the
check-permissions job's if condition to include github.event_name ==
'workflow_call' (i.e., extend the condition in check-permissions to also run
when github.event_name == 'workflow_call') so that deploy and other dependent
jobs (referenced by needs: [check-permissions], e.g., deploy) won't be skipped
when invoked via the reusable workflow.

---

Nitpick comments:
In @.github/workflows/label-pf-team-issue.yml:
- Around line 7-9: Replace floating branch refs with full commit SHAs for the
reusable workflow usages: update the label workflow reference
"patternfly/.github/.github/workflows/add-pf-team-label-workflow.yml@main" in
label-pf-team-issue.yml to the repository’s exact commit SHA (pin to a specific
commit) and likewise update the "check-team-membership" reusable workflow
reference in documentation.yml to its full commit SHA; ensure you use the exact
commit SHAs (not tags or branch names) so both reusable workflow calls are
pinned for reproducible runs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f1f6d4ee-e011-4181-9171-635b8801bc0f

📥 Commits

Reviewing files that changed from the base of the PR and between ccad519 and 1841cbe.

📒 Files selected for processing (3)

• .github/workflows/add-new-issues-to-project.yml
• .github/workflows/documentation.yml
• .github/workflows/label-pf-team-issue.yml

💤 Files with no reviewable changes (1)

• .github/workflows/add-new-issues-to-project.yml