Skip to content

chore: initial pr labeller action#132

Merged
tobybellwood merged 3 commits intomainfrom
pr-labeller
May 16, 2025
Merged

chore: initial pr labeller action#132
tobybellwood merged 3 commits intomainfrom
pr-labeller

Conversation

@tobybellwood
Copy link
Member

@tobybellwood tobybellwood commented May 16, 2025

This PR adds a convenient helper action to auto-label PRs with their subsystem label.

This will make it easier to isolate PRs relevant to individual components for highlighting in a release-drafter process or listing in a tracking issue.

Currently, it relies on the labels already being present,, but it could be modified to create the labels if it causes too much hassle.

@tobybellwood tobybellwood requested a review from bomoko May 16, 2025 00:21
@github-actions
Copy link

github-actions bot commented May 16, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities⚠️ 28 existing vulnerabilities detected
actions/actions/github-script 60a0d83039c74a4aee543508d2ffcb1c3799cdea 🟢 7.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 109 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 64 existing vulnerabilities detected
actions/tj-actions/changed-files ed68ef82c095e0d48ec87eccea555d944a631a4c 🟢 6.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/5 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 10all dependencies are pinned
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Files

  • .github/workflows/pr-labeller.yaml

@tobybellwood tobybellwood requested a review from Copilot May 16, 2025 00:21
Copilot AI reviewed May 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a GitHub Action workflow to automatically label pull requests based on the top-level folder(s) affected by the changes, simplifying PR triaging.

  • Adds a workflow to label PRs based on the folder structure
  • Uses third-party actions (tj-actions/changed-files and actions/github-script) to gather changes and apply labels

github-advanced-security[bot]
github-advanced-security bot found potential problems May 16, 2025
View reviewed changes
tobybellwood and others added 2 commits May 16, 2025 10:39
@tobybellwood @github-advanced-security
Fix for code scanning alert no. 110: Workflow does not contain permis…
09a263d 
…sions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@tobybellwood
Update .github/workflows/pr-labeller.yaml
2a2c7d3 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@tobybellwood tobybellwood merged commit 87b211a into main May 16, 2025
6 checks passed
@tobybellwood tobybellwood deleted the pr-labeller branch September 25, 2025 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bomoko bomoko Awaiting requested review from bomoko

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tobybellwood