fix(ci): finalize PR notification design (remove octo-pr-feed + fix result-notify)

[lml2468]

Summary

Finalizes the PR notification design. Clean, no-overlap ownership:

Workflow	Trigger	Sends to
octo-pr-result-notify.yml	[closed] + pull_request_review: [submitted]	global pr-feed (vars.OCTO_PR_FEED_GROUP_ID with fallback)
octo-pr-review-feed.yml	[ready_for_review, review_requested]	project group (repo-specific)

Design decisions (per product owner)

• opened/reopened events are not monitored — only terminal states (merged/closed) and review outcomes
• octo-pr-feed.yml is deleted — it was added in a prior pass but is not needed under the final design

Changes

• octo-pr-feed.yml: deleted
• octo-pr-result-notify.yml:
  • Trigger: [closed, reopened] → [closed] (terminal state only)
  • event_kind: simplified to pr_merged | pr_closed
  • feed_group_id: ${{ vars.OCTO_PR_FEED_GROUP_ID || '1c303c142e9840f2a9b46c10b0972e8d' }} (org variable with safe fallback)

No application code modified.

[Jerry-Xin]

Summary: This PR is in scope for Mininglamp-OSS/octo-cli and cleanly narrows PR result notifications to terminal/review outcomes with no blocking issues found.

💬 Non-blocking:

• 🔵 Suggestion: .github/workflows/labeler.yml:11 still references octo-pr-feed.yml, which this PR deletes. The comment should be updated later to reference an existing workflow pattern, such as octo-pr-review-feed.yml or auto-add-to-project.yml.

✅ Highlights:

• The deleted .github/workflows/octo-pr-feed.yml matches the stated design decision to stop monitoring opened / reopened PR feed events.
• .github/workflows/octo-pr-result-notify.yml:21 correctly simplifies terminal PR events to pr_merged vs pr_closed after removing the reopened trigger.
• .github/workflows/octo-pr-result-notify.yml:25 and .github/workflows/octo-pr-result-notify.yml:43 use the org-level OCTO_PR_FEED_GROUP_ID with a valid fallback, aligning result and review notifications to the global PR feed.

Validation: git diff --check passed. actionlint was not installed in the environment, so I could not run a dedicated GitHub Actions linter.

[yujiawei]

Code Review — PR #32 (octo-cli)

Verdict: APPROVED

A clean, self-contained CI-configuration change (2 files, +4/−31, no application code). The notification ownership model is now coherent and non-overlapping, and every change is consistent with the stated design. No correctness, security, or blocking issues found.

1. Verification

• ✅ Delete octo-pr-feed.yml — Removed the opened/closed/reopened → project group notifier. Per the design, opened/reopened are intentionally no longer monitored, and closed (merged/closed) is now owned solely by octo-pr-result-notify.yml. No dangling references to the deleted workflow remain in the repo's workflow set.
• ✅ Trigger narrowing [closed, reopened] → [closed] (octo-pr-result-notify.yml) — Correct. reopened is dropped by design, so the pr-result job now only fires on terminal close events.
• ✅ event_kind simplification — Old:
  github.event.action == 'closed' && merged == true && 'pr_merged' || github.event.action == 'closed' && 'pr_closed' || 'pr_reopened'
  New:
  github.event.pull_request.merged == true && 'pr_merged' || 'pr_closed'
  The action == 'closed' guards were redundant (the pr-result job is gated by if: github.event_name == 'pull_request_target' and the trigger is now closed-only), and the pr_reopened branch was dead code once reopened was removed. The new expression resolves to pr_merged when merged and pr_closed otherwise — both branches yield truthy strings, so there is no GitHub Actions ternary empty-string footgun.
• ✅ feed_group_id → ${{ vars.OCTO_PR_FEED_GROUP_ID || '1c303c142e9840f2a9b46c10b0972e8d' }} — Good defensive pattern: org/repo variable override with a safe hardcoded fallback, applied consistently to both the pr-result and review-result jobs. Re-targets result notifications to the global pr-feed per the design.

2. Issues (P0/P1)

None.

3. Suggestions (non-blocking)

• P2 / maintainability — mixed group-id sourcing. octo-pr-result-notify.yml now reads its target via vars.OCTO_PR_FEED_GROUP_ID || 'fallback', while octo-pr-review-feed.yml still hardcodes the project group bdc0df15fdb346508e4281f3df55f749. The two IDs are deliberately different (global pr-feed vs. project group), so this is not a bug — but consider eventually promoting the project group to its own org/repo variable too, so all notification targets follow one configuration convention. Not required for this PR.

4. Additional observations

• Security posture is sound. Both remaining workflows use pull_request_target with permissions: {} and pass only PR metadata to org-owned reusable workflows (Mininglamp-OSS/.github/...@main); no untrusted PR code is checked out or executed. The review-result job additionally guards with github.event.pull_request.head.repo.full_name == github.repository, correctly scoping review notifications to non-fork PRs. None of this is regressed by the PR.
• Behavioral note (intentional): as a result of deleting octo-pr-feed.yml, PR-opened events no longer generate any feed notification. This matches the PR description's explicit product decision ("opened/reopened events are not monitored — only terminal states and review outcomes"). Flagging only so the change in coverage is on record.

[lml2468]

📖 Review note (齐静春) — could not submit formal CHANGES_REQUESTED because gh is authenticated as the PR author.

Finding:

• .github/workflows/labeler.yml:11 still references octo-pr-feed.yml in the pull_request_target safety comment: "This matches the pattern used by auto-add-to-project.yml and octo-pr-feed.yml." After this PR deletes octo-pr-feed.yml, that is a dangling reference. Please update the comment to name only workflows that still exist.

Gate notes:

• Code checks green: build & test, actionlint, workflow sanity, CodeQL (actions/go)
• Notification failures: OCTO_BOT_TOKEN empty (repo secret config, not this PR)
• Known pre-existing: check-sprint (no linked issue), CodeQL (go) config error