fix(zap_scan): Label issues correctly (#204)

* fix(zap_scan): check out ref associated with run

* fix(zap_scan): use actions/github-script for labeling issues

.github/workflows/label_security_issue.yml

@@ -0,0 +1,27 @@
+name: Label Security Report
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  label-security-report:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check if issue title starts with "Security Report -"
+        id: check_title
+        run: echo "::set-output name=startsWithSecurityReport::$(echo ${{ github.event.issue.title }} | grep -q '^Security Report -' && echo true || echo false)"
+
+      - name: Add labels
+        if: steps.check_title.outputs.startsWithSecurityReport == 'true'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ["security", "reports"]
+            })

.github/workflows/security.yml

@@ -23,8 +23,6 @@ jobs:
 
       - name: Checkout Repo for .zap/rules.tsv
         uses: actions/checkout@v4
-        with:
-          ref: main
 
       - name: ZAP Full Scan
         # https://github.com/zaproxy/action-full-scan
@@ -34,12 +32,3 @@ jobs:
           rules_file_name: '.zap/rules.tsv'
           issue_title: 'Security Report - ${{ steps.set-now.outputs.NOW }}'
           artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}'
-
-      - name: Add Security Label to Security Report - ${{ steps.set-now.outputs.NOW }}
-        # https://github.com/actions-ecosystem/action-add-labels
-        uses: actions-ecosystem/action-add-labels@v1
-        if: ${{ startsWith('Security Report - ${{ steps.set-now.outputs.NOW }}', '/add-labels')}}
-        with:
-          labels: |
-            security
-            reports