diff --git a/scripts/compliance-audit.sh b/scripts/compliance-audit.sh index 4a18ca3a..6e8d85f2 100755 --- a/scripts/compliance-audit.sh +++ b/scripts/compliance-audit.sh @@ -1752,6 +1752,29 @@ ensure_required_labels() { done } +# Create all required labels (idempotent — uses --force to update if present) +ensure_required_labels() { + local repo="$1" + # Format: "name|color|description" (pipe-delimited to avoid colon conflicts) + local label_configs=( + "security|d93f0b|Security-related PRs and issues" + "dependencies|0075ca|Dependency update PRs" + "scorecard|d93f0b|OpenSSF Scorecard findings" + "bug|d73a4a|Bug reports" + "enhancement|a2eeef|Feature requests" + "documentation|0075ca|Documentation changes" + ) + + for config in "${label_configs[@]}"; do + IFS='|' read -r name color description <<< "$config" + gh label create "$name" \ + --repo "$ORG/$repo" \ + --description "$description" \ + --color "$color" \ + --force 2>/dev/null || true + done +} + create_issue_for_finding() { local repo="$1" category="$2" check="$3" severity="$4" detail="$5" standard_ref="$6" diff --git a/standards/workflows/dependency-audit.yml b/standards/workflows/dependency-audit.yml index bfad3f42..a1f83996 100644 --- a/standards/workflows/dependency-audit.yml +++ b/standards/workflows/dependency-audit.yml @@ -1,6 +1,6 @@ # ───────────────────────────────────────────────────────────────────────────── # SOURCE OF TRUTH: petry-projects/.github/standards/workflows/dependency-audit.yml -# Standard: petry-projects/.github/standards/ci-standards.md#5-dependency-audit-dependency-auditym +# Standard: petry-projects/.github/standards/ci-standards.md#7-dependency-audit-dependency-audityml # Reusable: petry-projects/.github/.github/workflows/dependency-audit-reusable.yml # # AGENTS — READ BEFORE EDITING: