Phase 1: Add org-wide PR template, labels, and reusable workflows#1
Closed
bryanbeverly wants to merge 3 commits into
Closed
Phase 1: Add org-wide PR template, labels, and reusable workflows#1bryanbeverly wants to merge 3 commits into
bryanbeverly wants to merge 3 commits into
Conversation
This is Phase 1 of the PR Labeling & Hygiene rollout. It populates this repo
with the building blocks that consumer repos in the org will call:
* `.github/PULL_REQUEST_TEMPLATE.md` — default template for repos without one
* `labels.yml` — single source of truth for the 11-label taxonomy
* `.github/workflows/pr-labeler-reusable.yml` — size/risk/checkbox labeling
* `.github/workflows/label-sync-reusable.yml` — sync labels.yml into callers
* `.github/workflows/stale-reusable.yml` — wraps actions/stale (14d/16d)
* `.github/scripts/{pr_labeler,label_sync}.py` — labeler/sync logic
* `.github/scripts/test_pr_labeler.py` — 35 unit tests for labeler logic
* `.github/workflows/test-scripts.yml` — runs unit tests on PRs and pushes
No reusable workflow declares `permissions:` — they inherit from callers, so
each consumer must grant the minimum needed (documented in README).
Phase 2 (per-repo caller workflows) follows in separate PRs once this merges
and the org-level UI settings are configured (see plan: PR Labeling & Hygiene).
Made-with: Cursor
…eration - PR template: replace internal-looking example path with a generic placeholder - README: stop enumerating internal repo names in the manual-sync example These files live in a public repo (trufflesecurity/.github), so we avoid publicly listing the names of private/internal consumer repos. Made-with: Cursor
Establishes formatting/linting consistent with the org's lint.yml convention (triggers, permissions, naming) while picking checkers appropriate to this repo's file types: * ruff check + format --check for the Python scripts in .github/scripts * actionlint for the workflow YAML \u2014 especially valuable here since this repo provides reusable workflows to 7 consumers; a typo blasts everywhere Existing scripts were reformatted in this commit to make ruff format pass. No logic changes; all 35 unit tests still pass. Made-with: Cursor
Contributor
Author
|
Reopening as a fresh PR with clean (single-commit) history -- the original branch's intermediate commit publicly enumerated the 7 internal consumer repo names in the README diff. Replacement PR coming next with identical final state. |
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This is Phase 1 of the PR Labeling & Hygiene plan -- it populates
trufflesecurity/.githubwith the building blocks the other 7 private repos will call.What this PR adds:
.github/PULL_REQUEST_TEMPLATE.mdlabels.ymlsize/*,risk/*,review/urgent,status/stale,complexity/high).github/workflows/pr-labeler-reusable.yml.github/workflows/label-sync-reusable.ymllabels.ymlinto a caller repo.github/workflows/stale-reusable.ymlactions/stale@v9(14d stale, 16d close, exemptsreview/urgentand drafts).github/scripts/pr_labeler.py.github/scripts/label_sync.pygh label create --force(additive).github/scripts/test_pr_labeler.py.github/workflows/test-scripts.ymlREADME.mdPermissions model: No reusable workflow declares its own `permissions:` block -- they inherit from callers. Each consumer caller declares the minimum its reusable needs (documented in README and the plan).
Versioning: Caller workflows reference these reusables at `@main`. Pushes to this branch immediately affect every consumer once they merge their callers (Phase 2). Branch protection on `main` requires PR review.
Required follow-up after merge (manual UI steps)
Both must be done by an org admin in the GitHub web UI:
Test plan
Phase 2 preview
Once this merges + the two UI steps are done, separate PRs will land per repo to:
integrations' empty templatesync-labels.ymlcaller in each of 7 repos, then trigger sync to populate the 11 labelspr-labeler.ymlcaller in each of 7 reposstale.ymlcaller in each of 7 reposPlan reference: `/Users/bryan.beverly/.cursor/plans/pr_labeling_and_hygiene_5b9ac6e6.plan.md`
Made with Cursor
Note
Medium Risk
Introduces org-wide GitHub Actions that can mutate labels and auto-close PRs across consumer repos; misconfiguration or regex/threshold mistakes could cause incorrect labeling or unintended staling once adopted org-wide.
Overview
Adds org-level PR hygiene building blocks: a default
PULL_REQUEST_TEMPLATE.md, a centralizedlabels.ymltaxonomy, and reusable workflows to sync labels, auto-label PRs, and mark/close stale PRs.Implements Python automation to (1) sync labels into a target repo via
gh label create --force(additive) and (2) label PRs based on diff size, BugbotCURSOR_SUMMARYrisk parsing, and PR-template checkboxes, with unit tests plus CI workflows forpytest,ruff, andactionlint.Reviewed by Cursor Bugbot for commit a191d1f. Bugbot is set up for automated code reviews on this repo. Configure here.