diff --git a/.github/workflows/label_security_issue.yml b/.github/workflows/label_security_issue.yml new file mode 100644 index 0000000..e2a039f --- /dev/null +++ b/.github/workflows/label_security_issue.yml @@ -0,0 +1,27 @@ +name: Label Security Report + +on: + issues: + types: + - opened + +jobs: + label-security-report: + runs-on: ubuntu-latest + + steps: + - name: Check if issue title starts with "Security Report -" + id: check_title + run: echo "::set-output name=startsWithSecurityReport::$(echo ${{ github.event.issue.title }} | grep -q '^Security Report -' && echo true || echo false)" + + - name: Add labels + if: steps.check_title.outputs.startsWithSecurityReport == 'true' + uses: actions/github-script@v6 + with: + script: | + github.rest.issues.addLabels({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ["security", "reports"] + }) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 6319323..8620708 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -23,8 +23,6 @@ jobs: - name: Checkout Repo for .zap/rules.tsv uses: actions/checkout@v4 - with: - ref: main - name: ZAP Full Scan # https://github.com/zaproxy/action-full-scan @@ -34,12 +32,3 @@ jobs: rules_file_name: '.zap/rules.tsv' issue_title: 'Security Report - ${{ steps.set-now.outputs.NOW }}' artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}' - - - name: Add Security Label to Security Report - ${{ steps.set-now.outputs.NOW }} - # https://github.com/actions-ecosystem/action-add-labels - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith('Security Report - ${{ steps.set-now.outputs.NOW }}', '/add-labels')}} - with: - labels: | - security - reports