Skip to content

chore(ci): add sop:*, type:*, security:*, scope:*, auto-merge labels [PYSDK-94]#581

Merged
helmut-hoffer-von-ankershoffen merged 1 commit intomainfrom
chore/PYSDK-94-pr-labels
Apr 24, 2026
Merged

chore(ci): add sop:*, type:*, security:*, scope:*, auto-merge labels [PYSDK-94]#581
helmut-hoffer-von-ankershoffen merged 1 commit intomainfrom
chore/PYSDK-94-pr-labels

Conversation

@helmut-hoffer-von-ankershoffen
Copy link
Copy Markdown
Contributor

@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen commented Apr 24, 2026

🛡️ Resolves PYSDK-94 following CC-SOP-01 Change Control, part of our ISO 13485-certified QMS | Ketryx Project.

What

Adds 16 new labels to .github/labels.yml across five axes (2 sop:* + 9 type:* + 2 security:* + 2 scope:* + 1 auto-merge). The existing labels-sync.yml workflow fires on push to main touching this file, so the labels become live as soon as this PR merges. (The labels were also pre-created via gh label create so today's in-flight PRs could be retroactively labelled — the YAML change makes that durable and source-of-truth.)

Added labels

SOP axis (mandatory, one per PR) — 2:

  • sop:pr-sop-01 — PR-SOP-01 Problem Resolution (bug / anomaly fix)
  • sop:cc-sop-01 — CC-SOP-01 Change Control (feature / planned change)

Type axis (one per PR, rounds out conventional commits) — 9:

  • type:feature, type:fix, type:chore, type:refactor, type:docs, type:test, type:perf, type:build, type:ci

Security axis (orthogonal, 0–2 per PR) — 2:

  • security — addresses a security advisory / CVE
  • security:supply-chain — dependency-chain vulnerability remediation

Scope axis (orthogonal, 0–1 per PR) — 2:

  • scope:sdk-consumers — affects downstream SDK consumers (uvx aignostics / uv add aignostics)
  • scope:dev-only — affects only our dev/CI env

Automation — 1:

  • auto-merge — eligible for auto-merge once CI is green

Rejected during design review

  • release:breaking / release:no-impact — semver in the tag already carries this signal
  • security:sbom — too fine-grained; SBOM changes roll up into either type:chore or security:supply-chain
  • scope:docs-only — duplicates type:docs
  • scope:infra — overlaps type:chore + type:ci
  • Retiring legacy bug / documentation / enhancement — they remain as GitHub defaults for issue templates

Why

PRs previously had no SOP trail, only three type:*-equivalent labels (bug/documentation/enhancement), no security axis, no consumer-vs-dev scope, and no auto-merge marker. Reviewers now have clean label-sidebar filters for every axis that matters for compliance and day-to-day triage.

Test plan

Follow-up (separate PRs)

The cc-sop-01, pr-sop-01, and audit-vulnerabilities skills will be updated to apply matching sop:*, type:*, security:*, scope:* labels automatically on PR creation.

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings April 24, 2026 20:20
@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen requested a review from a team as a code owner April 24, 2026 20:20
@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen added skip:test:long_running Skip long-running tests (≥5min) sop:cc-sop-01 CC-SOP-01 Change Control (feature / planned change) type:ci CI/CD change scope:dev-only Affects only our dev/CI env; consumers unaffected auto-merge Eligible for auto-merge once CI is green labels Apr 24, 2026
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds new GitHub label namespaces to support SOP/compliance tracing and improved PR triage, and makes them durable via the repo’s label-sync source of truth.

Changes:

  • Add SOP labels (sop:*) intended to provide a governance trail per PR.
  • Add expanded conventional-commit style labels (type:*) plus security*, scope:*, and auto-merge axes.
  • Extend .github/labels.yml so .github/workflows/labels-sync.yml can sync these labels on merge to main.

Comment thread .github/labels.yml
Comment on lines +137 to +151
# SOP Labels — governance trail on every PR (one mandatory)
- name: sop:pr-sop-01
description: PR-SOP-01 Problem Resolution (bug / anomaly fix)
color: "5319e7"

- name: sop:cc-sop-01
description: CC-SOP-01 Change Control (feature / planned change)
color: "1d76db"

# Type Labels — conventional-commits taxonomy (one per PR)
# Extends the legacy `bug` / `documentation` / `enhancement` labels with
# the rest of the conventional-commit vocabulary. Legacy labels remain
# for backward-compatibility with issue templates and external tooling;
# the `type:*` namespace is the source of truth for PR-level filtering.
- name: type:feature
Copy link

Copilot AI Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR description says this adds 14 new labels, but this diff introduces 16 (2 sop:* + 9 type:* + 2 security* + 2 scope:* + auto-merge). Please reconcile the count in the PR description (or remove/adjust labels) so the change record matches the actual source-of-truth config.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, thanks — the count was wrong. It's 16 new labels (2 sop:* + 9 type:* + 2 security:* + 2 scope:* + 1 auto-merge), not 14. Fixed in the PR description and in the linked Jira ticket PYSDK-94. The commit message still says "14" and will stay as is on this branch; when auto-merge squashes it, I'll let the PR title be the source of truth (it already reads just 'add sop:, type:, security:, scope:, auto-merge labels' with no count).

…[PYSDK-94]

Adds 14 new labels to .github/labels.yml across SOP, type, security, scope,
and auto-merge axes. The existing labels-sync.yml workflow fires on push to
main touching this file, so the labels become live as soon as this PR
merges — no manual `gh label create` needed (labels were already pre-created
to enable retroactive labelling of today's PRs).

- sop:pr-sop-01, sop:cc-sop-01 — SOP trail on the PR itself
- type:feature|fix|chore|refactor|docs|test|perf|build|ci — conventional-commit
  taxonomy extending legacy bug/documentation/enhancement (which remain)
- security, security:supply-chain — orthogonal security axis
- scope:sdk-consumers, scope:dev-only — consumer-vs-dev-only exposure
- auto-merge — eligible for auto-merge once CI is green

Rejected during review: release:breaking / release:no-impact (semver covers
it), security:sbom (rolls up into chore or supply-chain), scope:docs-only
(duplicates type:docs), scope:infra (overlaps type:chore / type:ci).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen merged commit 234e358 into main Apr 24, 2026
8 checks passed
@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen deleted the chore/PYSDK-94-pr-labels branch April 24, 2026 20:30
@sonarqubecloud
Copy link
Copy Markdown

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 24, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.
see 20 files with indirect coverage changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auto-merge Eligible for auto-merge once CI is green scope:dev-only Affects only our dev/CI env; consumers unaffected skip:test:long_running Skip long-running tests (≥5min) sop:cc-sop-01 CC-SOP-01 Change Control (feature / planned change) type:ci CI/CD change

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants