feat(junie): added .junie workflow (#611)

[ThiloteE]

PR Type

Enhancement

---

Description

• Added Junie workflow for automated issue management

• Configured workflow dispatch with run_id and workflow_params inputs

• Integrated with jetbrains-junie external workflow for issue processing

---

Diagram Walkthrough

flowchart LR
  A["Workflow Dispatch Trigger"] -- "run_id, workflow_params" --> B["Junie Workflow"]
  B -- "calls" --> C["ej-issue.yml from jetbrains-junie"]

Loading

File Walkthrough

Relevant files

Enhancement

junie.yml New Junie workflow configuration file                                        .github/workflows/junie.yml Created new GitHub Actions workflow file for Junie automation Configured workflow_dispatch trigger with two required inputs: run_id and workflow_params Set up job that calls external ej-issue.yml workflow from jetbrains-junie repository Granted write permissions to repository contents for workflow execution +21/-0

---

[qodo-free-for-open-source-projects]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🔴	Unpinned external workflow Description: The workflow calls an external workflow from jetbrains-junie/junie-workflows using the @main branch reference, which can change without notice and potentially execute malicious code if the external repository is compromised or modified. junie.yml [19-19] Referred Code uses: jetbrains-junie/junie-workflows/.github/workflows/ej-issue.yml@main with:
⚪	Excessive workflow permissions Description: The workflow grants broad contents: write permission without restriction, allowing the external workflow from jetbrains-junie to modify any repository content, potentially enabling unauthorized changes or malicious code injection. junie.yml [4-5] Referred Code permissions: contents: write
	Unvalidated workflow input Description: The workflow_params input accepts arbitrary stringified parameters without validation and passes them directly to an external workflow, potentially allowing injection of malicious commands or unauthorized workflow behavior. junie.yml [13-21] Referred Code workflow_params: description: "stringified params" required: true jobs: call-workflow-passing-data: uses: jetbrains-junie/junie-workflows/.github/workflows/ej-issue.yml@main with: workflow_params: ${{ inputs.workflow_params }}
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unvalidated workflow inputs: The workflow_params input accepts stringified parameters without visible validation before being passed to external workflow, which may pose injection risks. Referred Code workflow_params: description: "stringified params" required: true Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-free-for-open-source-projects]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Pin reusable workflow to commit SHA To improve security, pin the reusable workflow to a specific commit SHA instead of the @main branch. .github/workflows/junie.yml [19] -uses: jetbrains-junie/junie-workflows/.github/workflows/ej-issue.yml@main +uses: jetbrains-junie/junie-workflows/.github/workflows/ej-issue.yml@<full-commit-sha> Apply / Chat Suggestion importance[1-10]: 9 __ Why: This is a critical security best practice for GitHub Actions, as using a floating reference like @main for a third-party workflow exposes the project to potential supply-chain attacks.	High
	Use more restrictive workflow permissions To enhance security, reduce the workflow's permissions from the broad contents: write to a more restrictive scope, such as issues: write. .github/workflows/junie.yml [4-5] permissions: - contents: write + issues: write Apply / Chat Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies an important security risk by highlighting the overly permissive contents: write permission and recommends adhering to the principle of least privilege.	High
More