diff --git a/.github/workflows/add-cve-label.yml b/.github/workflows/add-cve-label.yml new file mode 100644 index 0000000000..f971147a5e --- /dev/null +++ b/.github/workflows/add-cve-label.yml @@ -0,0 +1,63 @@ +name: Add CVE Label +on: + issues: + types: + - labeled + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + add-comment: + if: ${{ contains(github.event.label.name, 'dependency security vulnerability') }} + runs-on: ubuntu-latest + steps: + - name: Get Issue Title + id: get_title + run: | + issue_title="${{ github.event.issue.title }}" + severity="$(echo $issue_title | sed -n 's/.*(\(.*\)).*/\1/p')" + echo "severity=$severity" >> $GITHUB_ENV + - name: Check and Create label + id: check_create_label + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + result-encoding: string + script: | + const labelName = "v${{ env.severity }}"; + let labelFound = false; + try { + const label = await github.rest.issues.getLabel({ + owner: context.repo.owner, + repo: context.repo.repo, + name: labelName + }); + labelFound = true; + } catch (error) { + if (error.status === 404) { + const randomColor = Math.floor(Math.random() * 16777215).toString(16); + const newLabel = { + owner: context.repo.owner, + repo: context.repo.repo, + name: labelName, + color: randomColor, + description: "CVE severity " + labelName + }; + await github.rest.issues.createLabel(newLabel); + labelFound = true; + } else { + throw error; + } + } + console.log(labelFound); + return labelFound + - name: Add CVE Label + uses: actions/github-script@v6 + with: + script: | + github.rest.issues.addLabels({ + issue_number: ${{ github.event.issue.number }}, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ${{ env.severity }} + })