69a3b54968
* feat: Add GitHub Actions workflows for security audits, CodeQL analysis, contributor updates, performance benchmarks, integration tests, fuzz testing, and reusable Rust build jobs - Implemented `sec-audit.yml` for Rust package security audits using `rustsec/audit-check` and `cargo-deny-action`. - Created `sec-codeql.yml` for CodeQL analysis scheduled twice daily. - Added `sync-contributors.yml` to update the NOTICE file with new contributors automatically. - Introduced `test-benchmarks.yml` for performance benchmarks using Criterion. - Established `test-e2e.yml` for running integration and end-to-end tests. - Developed `test-fuzz.yml` for fuzz testing with configurable runtime. - Created `test-rust-build.yml` as a reusable job for executing Rust commands with customizable parameters. - Documented main branch delivery flows in `main-branch-flow.md` for clarity on CI/CD processes. * ci(workflows): update workflow scripts and rename for clarity; remove obsolete lint feedback script * chore(ci): externalize workflow scripts and relocate main flow doc
48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
name: PR Labeler
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, reopened, synchronize, edited, labeled, unlabeled]
|
|
workflow_dispatch:
|
|
inputs:
|
|
mode:
|
|
description: "Run mode for managed-label governance"
|
|
required: true
|
|
default: "audit"
|
|
type: choice
|
|
options:
|
|
- audit
|
|
- repair
|
|
|
|
concurrency:
|
|
group: pr-labeler-${{ github.event.pull_request.number || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
issues: write
|
|
|
|
jobs:
|
|
label:
|
|
runs-on: blacksmith-2vcpu-ubuntu-2404
|
|
timeout-minutes: 10
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
|
|
|
- name: Apply path labels
|
|
if: github.event_name == 'pull_request_target'
|
|
uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
|
|
continue-on-error: true
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
sync-labels: true
|
|
|
|
- name: Apply size/risk/module labels
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
|
|
continue-on-error: true
|
|
with:
|
|
script: |
|
|
const script = require('./.github/workflows/scripts/pr_labeler.js');
|
|
await script({ github, context, core });
|