## What
Fixes bot-authored PRs being incorrectly labeled as "community"
contributions. This was happening because the GitHub Actions workflows
were referencing an outdated `@production` tag in the workflow-actions
repository that didn't include recent bot account exclusions.
**Link to Devin run**:
https://app.devin.ai/sessions/8501e183a3e14fee9491d4322b04a69f
Requested by: ian.alton@airbyte.io
## How
Updates both labeling workflows (`label-prs-by-context.yml` and
`label-github-issues-by-context.yml`) to reference a specific commit SHA
(`2a848ff`) in the workflow-actions repository instead of the
`@production` tag.
This commit includes the updated bot account exclusion list that
prevents the following accounts from being labeled as community:
- `devin-ai-integration`
- `octavia-bot-hoard`
- `octavia-bot-admin`
- `octavia-bot`
- `airbyteio`
- `github-actions[bot]`
- `dependabot`
- `speakeasybot`
- `airbyte-slash-dispatch-bot`
The `@production` tag was pointing to an older commit that only excluded
`octavia-squidington-iii` and `dependabot[bot]`.
## Review guide
1. `.github/workflows/label-prs-by-context.yml` - Verify the commit SHA
`2a848ffce5eaf8da66d4176b66f55dd2e1007016` is correct
2. `.github/workflows/label-github-issues-by-context.yml` - Same commit
SHA update for consistency
3. **Important**: Verify the commit exists at
2a848ffce5
4. Consider whether pinning to a specific commit vs using a versioned
tag (e.g., `v1.0.0`) would be preferable for future maintainability
## User Impact
**Positive:**
- Bot-authored PRs will no longer be incorrectly labeled as "community"
contributions
- More accurate contribution attribution in the repository
**Negative:**
- None expected. This only adds more bot exclusions; it doesn't change
behavior for human contributors.
**Note:** This change cannot be easily tested before merge since it
requires actual PR/issue events to trigger the workflows.
## Can this PR be safely reverted and rolled back?
- [x] YES 💚
Revert by changing the commit SHA back to `@production` or any other
valid reference in the workflow-actions repository.
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: ian.alton@airbyte.io <ian.alton@airbyte.io>
## What
- Pin all GitHub Actions to their specific SHA1 hashes to reduce supply
chain attack risk
- Replaces version tags with specific commit SHAs
- Includes version comments for easier reference
- Changes generated with the pinact tool
See internal wiki page on supply chain security for further info
## How
Used the tool pinact to pin the sha for github actions.
## Review guide
<!--
1. `x.py`
2. `y.py`
-->
## User Impact
No impact
## Can this PR be safely reverted and rolled back?
- [x] YES 💚
- [ ] NO ❌
* Further testing
This reverts commit 83cdf198f1.
* Moves find_valid_pat into single job
* Removes duplicate find_valid_pat
* Moves find_valid_pat to single job
* New name for FE notifier
