🚀 PR Received Successfully

Hello @psanyalaich,

Thank you for taking the initiative to contribute to this project.

Please ensure that your PR follows all project guidelines properly before requesting review.

⚠️ Important Instructions

• Maintain proper code quality and structure
• Do not make unnecessary changes/files
• Ensure responsiveness across devices
• Follow existing project conventions strictly
• Attach screenshots/videos for UI-related changes
• Resolve merge conflicts before requesting review
• Avoid AI-generated low quality PRs or copied implementations

📌 Mandatory for GSSoC'26 Participants

Joining the community group and announcement channel is compulsory for all contributors participating through GSSoC'26.

• Telegram Group: https://t.me/c/3991077814/1
• Telegram Channel: https://t.me/+g4esQdo-DyNlZWE1

Failure to follow contribution guidelines may lead to PR rejection.

We appreciate your effort and wish you a great open-source journey ahead. ✨

No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

@psanyalaich
Good work on the workflow implementation.

One improvement is still needed before merge. Please look into the CodeRabbit suggestion regarding pinning actions/stale with a full commit SHA instead of using the floating @v9 tag.

Take some time to understand the reasoning behind it as well — especially around workflow security, reproducibility, and avoiding unexpected upstream changes in CI/CD pipelines.

Once you have analyzed it properly, push the required changes.

@coderabbitai please perform a full review of the PR and check the implementation properly before merge.

#!/bin/bash
cat .github/workflows/stale.yml

@kunalverma2512 — full review of PR #69 below.

Review: .github/workflows/stale.yml

✅ SHA Pinning — Addressed Correctly

The SHA 5bef64f19d7facfb25b37b414482c7164d639639 is confirmed to correspond to actions/stale v9.1.0 (a newer patch within the v9 series). This guarantees that the exact pinned code is used, even if the version tag or the action's code is modified later — commit SHA offers the highest level of security as it tags to a specific point in time using a unique identifier.

Minor suggestion: Add a comment next to the SHA for human readability so maintainers know what version it corresponds to:

uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0

✅ Trigger Configuration

The workflow runs on a daily cron (0 0 * * *) and supports workflow_dispatch for manual runs — both are appropriate.

✅ Permissions — Least Privilege at Job Level

The job grants issues: write and pull-requests: write, which is the minimum required for the action to label and close items.

Minor hardening suggestion: Consider adding a top-level permissions: {} block to explicitly deny all permissions not granted at the job level. This is a security best practice to prevent accidental privilege escalation:

permissions: {}  # Deny all at top level; job-level permissions override as needed

jobs:
  stale:
    permissions:
      issues: write
      pull-requests: write

✅ Stale/Close Messages

All four required messages are present:

• stale-issue-message ✅
• stale-pr-message ✅
• close-issue-message ✅
• close-pr-message ✅

✅ Timing Configuration

• days-before-stale: 14 ✅
• days-before-close: 7 ✅

ℹ️ Optional: Explicit Stale Labels

stale-issue-label and stale-pr-label are not set, so the action defaults to using "Stale" as the label name. This is fine for most repositories, but you may want to explicitly define them for clarity, especially if you want different labels for issues vs. PRs:

stale-issue-label: stale
stale-pr-label: stale

Summary

The implementation is ready to merge from a functional and security standpoint. The three items flagged above are optional improvements and not blockers. 🐇

Well done @psanyalaich
Implementation looks clean and properly handled. The requested workflow security improvements were addressed correctly. Ready for merge.