Add a new reactive action to allow labelling issuables
This adds a new reactive action to allow labelling issuables.
Usage
@gitlab-bot label ~"group::source code"
Limitations
- Commands work on new issue/MR description as well as in notes.
- Multiple commands can be sent (commands must be at the beginning of lines).
- Only community members will be able to request labelling.
- Only the author of the noteable will be able to request labelling.
- Only a group label can be requested for now.
- Rate limiting is set to 60 label commands per author per hour.
Security checks
-
Are new labels created automatically when the /label
command sets non-existing labels?- No, the command only sets labels that already exist: https://gitlab.com/gitlab-org/gitlab/-/blob/78397f0f0f00479da05d719b64d07772881b09e3/app/services/quick_actions/interpret_service.rb#L104
-
Implement a simple rate limiting per author (we can leverage Triage.cache
for that)- Rate limiting is set to 60 label commands per author per hour
Post-merge task
I don't plan to specifically communicate this change as this will be advertised in the "Thank you for your contribution message" as a follow-up MR once we make sure it works as expected in production.
-
Make sure it works as expected in production (e.g. with @rymai-forks
): !44 (comment 484800458) -
Advertise in the "Thank you for your contribution message" as a follow-up MR: #70 (closed)
Closes #63.
Edited by Rémy Coutable