[MOSIP-44913] Created link-pr-to-issue.yml

[Ivanmeneges]

This is to update comment of PR for any issues to link

Summary by CodeRabbit

• Chores
  • Automated linking of pull requests to referenced issues by adding or updating issue comments with PR details.
  • Cleans up links when a PR is edited or closed (and not merged), removing stale references.
  • Processes multiple referenced issues, reports processed/failed counts, and completes without failing the overall workflow.

[coderabbitai]

Walkthrough

Adds a new GitHub Actions workflow that parses PR title/body for issue references and creates, updates, or removes specially marked comments on those issues to link the PRs.

Changes

PR-to-Issue Linker Workflow

Layer / File(s)	Summary
Workflow structure and contract .github/workflows/link-pr-to-issue.yml	Defines workflow_call trigger, requires secrets.CROSS_REPO_TOKEN, sets contents: read, issues: write, pull-requests: read, sets LOG_PREFIX, and configures the link job on ubuntu-latest with a 10-minute timeout.
Input validation and issue extraction .github/workflows/link-pr-to-issue.yml	Validates PR title/body presence, treats empty/null body as no issues, parses both for owner/repo#number or #number patterns, deduplicates matches, and exports issues and count.
Edited-action cleanup .github/workflows/link-pr-to-issue.yml	When github.event.action == 'edited', searches referenced issues for existing PR-linker marker comments and deletes markers for issues no longer referenced in the updated PR content.
Issue linking and reporting .github/workflows/link-pr-to-issue.yml	Loops extracted issues, validates issue numbers, paginates comments to find <!-- pr-linker:${PR_URL} -->, deletes marker if PR is closed and not merged, otherwise updates or creates the marker comment; tracks processed/failed counts and logs a completion message without failing the workflow on per-issue errors.

🎯 4 (Complex) | ⏱️ ~45 minutes

🐰 I hopped through code with cheer and glee,
Linking PRs to issues for all to see,
I write the markers, tidy the trail,
Update, create, or delete without fail,
A small rabbit's work—neat and spry! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title references the ticket number (MOSIP-44913) but lacks descriptive detail about the actual change, which is adding a GitHub Actions workflow for linking PRs to issues.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch Ivanmeneges-patch-1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/link-pr-to-issue.yml:
- Around line 101-118: The comments fetch logic fails to page through results
and can miss the existing marker; update the logic that builds COMMENTS_RESPONSE
and computes COMMENT_ID to iterate GitHub pages (use &per_page=100 and increment
a page query param or loop until an empty page) and accumulate or scan each
page's JSON for the marker ($MARKER) before deciding to create a new comment;
ensure the final COMMENT_ID is derived from the combined/iterated responses (the
code referencing COMMENTS_RESPONSE, COMMENTS_BODY, COMMENT_ID and MARKER should
be adjusted) so the workflow updates/deletes the existing marker comment instead
of creating duplicates.
- Around line 25-27: The workflow is embedding untrusted PR title/body directly
into the run shell which enables command injection; instead, add environment
variables (e.g., BODY and PR_TITLE) using GitHub expressions under the step's
env: and reference those env vars inside the run script (use $BODY / $PR_TITLE)
in the "Validate inputs" step and likewise in the "Extract issue references"
step to avoid direct interpolation of github.event.pull_request.title/body in
shell code; update the steps that currently set BODY="${{
github.event.pull_request.title }} ${{ github.event.pull_request.body }}" to
pull those values from env and adjust any subsequent references to use the new
env variable names.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4ea24628-ecd2-4f98-a2f6-6d774dd4b547

📥 Commits

Reviewing files that changed from the base of the PR and between 75441bb and d850fc7.

📒 Files selected for processing (1)

• .github/workflows/link-pr-to-issue.yml

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/link-pr-to-issue.yml:
- Around line 72-88: The workflow directly interpolates
github.event.pull_request.title and .body into the shell (the CURRENT_BODY
assignment), creating a script-injection risk; fix it by adding PR_TITLE and
PR_BODY to the env: block (alongside GH_TOKEN/PR_URL/SOURCE_REPO) and change the
CURRENT_BODY assignment to use the safe environment variables (e.g.,
CURRENT_BODY="${PR_TITLE} ${PR_BODY}") so the runner does not expand raw
workflow context into the shell.
- Around line 127-135: The cleanup step currently fetches COMMENTS_DATA in one
request and uses COMMENT_ID selection with MARKER, which fails when there are
>30 comments; update the COMMENTS_DATA fetch to paginate (e.g., request
COMMENTS_URL with &per_page=100 and iterate page values) and either accumulate
results across pages or stop early when a comment containing MARKER is found,
then set COMMENT_ID from the aggregated/located page; ensure the loop breaks
when no more pages are returned to avoid infinite loops and preserve the
existing jq selection logic that looks for .body containing $MARKER.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 148e5eaf-4150-418f-842d-47d096b29b80

📥 Commits

Reviewing files that changed from the base of the PR and between d850fc7 and ccb3d79.

📒 Files selected for processing (1)

• .github/workflows/link-pr-to-issue.yml