Description
When a non-organization-member opens a PR that references an issue, the auto-assign bot (issue_assignment_bot.py) calls issue.add_to_assignees(pr_author) and then immediately posts a comment:
This issue has been automatically assigned to @user who opened PR #N to address it. 🎯
However, GitHub has a strict security rule: you cannot assign an issue to a user who is not a member of the organization, unless they have previously commented on that specific issue. When this restriction kicks in, the GitHub API silently ignores the assignment request (no exception is raised), but the bot still posts the comment claiming the assignment was successful.
Example
See #646 (comment) — the bot commented that the issue was assigned to @prathmeshkulkarni-coder, but the assignment never actually happened because the user is not an org member and had not previously commented on the issue.
Proposed Solution
After calling issue.add_to_assignees(pr_author), the bot should verify that the assignment actually took effect (e.g., by re-fetching the issue assignees). If the assignment failed silently:
- Do not post the "has been automatically assigned" message
- Instead, post a message that tags the maintainers and explains the situation briefly, for example:
@{pr_author} has opened PR #{pr_number} to address this issue, but GitHub does not allow automatic issue assignment for users who are not yet organization members or haven't previously commented on the issue.
@nemesifier @pandafy: please manually assign this issue to @{pr_author}.
@{pr_author}: feel free to participate in the discussion on this issue!
The maintainer usernames (@nemesifier, @pandafy) will be hardcoded for now.
This way, the comment accurately reflects what happened and notifies maintainers to take the necessary manual action.
References
Description
When a non-organization-member opens a PR that references an issue, the auto-assign bot (
issue_assignment_bot.py) callsissue.add_to_assignees(pr_author)and then immediately posts a comment:However, GitHub has a strict security rule: you cannot assign an issue to a user who is not a member of the organization, unless they have previously commented on that specific issue. When this restriction kicks in, the GitHub API silently ignores the assignment request (no exception is raised), but the bot still posts the comment claiming the assignment was successful.
Example
See #646 (comment) — the bot commented that the issue was assigned to
@prathmeshkulkarni-coder, but the assignment never actually happened because the user is not an org member and had not previously commented on the issue.Proposed Solution
After calling
issue.add_to_assignees(pr_author), the bot should verify that the assignment actually took effect (e.g., by re-fetching the issue assignees). If the assignment failed silently:The maintainer usernames (
@nemesifier,@pandafy) will be hardcoded for now.This way, the comment accurately reflects what happened and notifies maintainers to take the necessary manual action.
References
auto_assign_issues_from_pr()