ci: add GHA to add PRs to project board when marked ready for review#4380
Merged
lzchen merged 5 commits intoopen-telemetry:mainfrom May 6, 2026
Merged
Conversation
The board's built-in auto-add workflow only fires on PR open/reopen, not when a draft is converted to ready for review. This GHA covers that gap by triggering on opened, reopened, and ready_for_review, skipping drafts. Assisted-by: Claude Sonnet 4.6
Member
Author
|
Please add the skip-changelog label. |
tammy-baylis-swi
added
the
Skip Changelog
tammy-baylis-swi
approved these changes
Mar 31, 2026
Contributor
tammy-baylis-swi
left a comment
tammy-baylis-swi
left a comment
There was a problem hiding this comment.
Sgtm, I fit into this use case. 🙂 Also fine with me that contrib and core PRs are on the same board.
…kflow pull_request trigger cannot access secrets for fork PRs (Secret source: None). pull_request_target runs in base repo context and can access secrets. Use otelbot app token (same pattern as backport.yml) instead of a PAT. No checkout step — intentional, see open-telemetry/opentelemetry-python#4955. Assisted-by: Claude Sonnet 4.6
Member
Author
|
FYI we're waiting on the following issue to make sure the credentials the action runs as has the correct access: |
|
This PR has been automatically marked as stale because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 days of this comment. |
Switch from generic OTELBOT_APP_ID/OTELBOT_PRIVATE_KEY to the new Python-specific OTELBOT_PYTHON_APP_ID/OTELBOT_PYTHON_PRIVATE_KEY which has Projects read/write permission. See open-telemetry/community#3351 Assisted-by: Claude Opus 4.6
Member
Author
|
Updated with new credentials from community issue - this is ready to merge now 🎉 |
lzchen
approved these changes
May 6, 2026
github-project-automation
Bot
moved this from Ready for merge
to Approved PRs
in Python PR digest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The Python PR digest board uses a built-in GitHub project workflow to auto-add PRs. However, that workflow only fires on PR `opened` and `reopened` events — it does not fire when a draft PR is converted to ready for review.
This means any PR opened as a draft and later marked ready for review is silently skipped and never added to the board.
This GHA covers the gap by triggering on `opened`, `reopened`, and `ready_for_review`, while skipping drafts. Since it uses `actions/add-to-project` (which is idempotent), PRs opened as non-drafts are safe — they'll just be a no-op on the second trigger.
Mirrors: open-telemetry/opentelemetry-python#5026
Security: `pull_request_target` trigger
This workflow uses `pull_request_target` rather than `pull_request`. This is intentional: `pull_request` does not have access to repository secrets for fork PRs (`Secret source: None`), so the otelbot token would never resolve. `pull_request_target` runs in the base repo context and can access secrets.
The workflow contains no `actions/checkout` step — it never executes any code from the fork, only uses the PR node ID to make a single GitHub API call. See open-telemetry/opentelemetry-python#4955 for the full security discussion.
Prerequisites for org admins
Before this workflow will function after merge, an org admin must grant otelbot the Projects permission: