Community automations updates: bot and community review

[MisRob]

Disclosure: I was assisted by Claude. Revisited, adjusted & tested whole diff.

Summary

Few smaller updates to community-related automations in response to rtibblesbot and community reviews.

Fixes

• Adds rtibbles bot to the list of bots so that it's not considered a contributor
  • Fixes LE bot replying to rtibblesbot PRs
  • Fixes rtibblesbot PRs being added to community PRs spreadsheet

New

• Workflow that sends an info message on a community PR when rtibblesbot review requested
• Workflow that sends an info message on a community PR when community-label added

Reviewer guidance

• Code review should be sufficient. I tested the changes in my local environment. After code review, will give it one last try in our environment via test-actions repo.
• You could also have a look at phrasing of the 2 new info messages.

[MisRob]

• @ozer550 would you please review as a whole
• @rtibbles your eyes on security would be appreciated as always
• cc @akolson I also welcome your feedback, or just check it out quickly to see the latest updates

[MisRob]

@rtibbles I tried to use the event-based handler structure for the two new workflows, rather than having separate call-.....yml for each workflow as you suggested, and it seems to work nice ~ thank you. It will definitely save us some time & headaches with maintaining the five repos that call it.

Even though if any new workflows based on pull request target event are added in the future, we may still need to update types: five times. Because not specifying types at all defaults to few default types that weren't sufficient for this use-case. Or we could specify all types right away, but that feelt rather unnecessary.. In any case, even with this small hiccup, it'll still be much easier!

[MisRob]

I don't have space to refactor all existing workflows right now to use this handler, but it's tracked in Notion, so I will eventually work my way towards it.

[rtibbles]

Generally looks good - still wish we could drive things via team membership, but as rtibblesbot is a bit of an edge case, it makes sense.

Claude (and other LLMs) always use old versions of Github Actions because that's the version in their training data :) Should update.

[rtibbles]

I like this structure - I imagine we could make another layer of the workflows that triages between issue and pull request events, so we only ever have to deal with a single point of entry.

[MisRob]

Yes, with a small limitation #50 (comment) (you reviewed faster than I wrote it :)

[rtibbles]

Old version of the action.

[rtibbles]

ibid

[rtibbles]

ibid

[rtibbles]

ibid

[MisRob]

Claude (and other LLMs) always use old versions of Github Actions because that's the version in their training data :) Should update.

@rtibbles I actually copy-pasted those versions myself when I was verifying, because they're used in other actions right now, but perhaps it's not best approach? Should we upgrade all of them at once, or should I just address those that I added?

[rtibblesbot]

Clean set of additions — bot exclusion fix, two new info-message workflows, and community review docs. Well-structured with proper contributor gating on both new workflows.

CI passing. Screenshot confirms both messages render correctly.

• suggestion: pull-request-label.js — consider duplicate comment prevention for the label scenario (label can be removed and re-added)
• nitpick: docs/community-review.md — mixed bullet style on last line

---

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Reviewed the pull request diff checking for:

• Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
• Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
• Architecture: duplicated concerns, minimal interfaces, composition over inheritance
• Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
• Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
• Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
• Checked CI status and linked issue acceptance criteria
• For UI changes: inspected screenshots for layout, visual completeness, and consistency

[rtibblesbot]

suggestion: Unlike review_requested, the labeled event can fire multiple times for the same label (remove label → re-add). This would post duplicate bot comments. Consider adding a hasRecentBotComment check like holiday-message.js does, or checking if a comment with this message already exists on the PR.

Not blocking since it's an edge case that requires manual label toggling, but worth considering.

[MisRob]

That's valid concern, but I don't think we need to introduce more complexity to take care of an action that we'll rarely, if ever, do.

[rtibblesbot]

Fair enough — it's a rare edge case and not worth the added complexity. Withdrawing this suggestion.

[rtibblesbot]

nitpick: This line uses * while all other bullet points in the file use -.