chore(ci): add sop:*, type:*, security:*, scope:*, auto-merge labels [PYSDK-94]#581
Conversation
helmut-hoffer-von-ankershoffen
added
skip:test:long_running
There was a problem hiding this comment.
Pull request overview
Adds new GitHub label namespaces to support SOP/compliance tracing and improved PR triage, and makes them durable via the repo’s label-sync source of truth.
Changes:
- Add SOP labels (
sop:*) intended to provide a governance trail per PR. - Add expanded conventional-commit style labels (
type:*) plussecurity*,scope:*, andauto-mergeaxes. - Extend
.github/labels.ymlso.github/workflows/labels-sync.ymlcan sync these labels on merge tomain.
| # SOP Labels — governance trail on every PR (one mandatory) | ||
| - name: sop:pr-sop-01 | ||
| description: PR-SOP-01 Problem Resolution (bug / anomaly fix) | ||
| color: "5319e7" | ||
|
|
||
| - name: sop:cc-sop-01 | ||
| description: CC-SOP-01 Change Control (feature / planned change) | ||
| color: "1d76db" | ||
|
|
||
| # Type Labels — conventional-commits taxonomy (one per PR) | ||
| # Extends the legacy `bug` / `documentation` / `enhancement` labels with | ||
| # the rest of the conventional-commit vocabulary. Legacy labels remain | ||
| # for backward-compatibility with issue templates and external tooling; | ||
| # the `type:*` namespace is the source of truth for PR-level filtering. | ||
| - name: type:feature |
There was a problem hiding this comment.
PR description says this adds 14 new labels, but this diff introduces 16 (2 sop:* + 9 type:* + 2 security* + 2 scope:* + auto-merge). Please reconcile the count in the PR description (or remove/adjust labels) so the change record matches the actual source-of-truth config.
There was a problem hiding this comment.
Good catch, thanks — the count was wrong. It's 16 new labels (2 sop:* + 9 type:* + 2 security:* + 2 scope:* + 1 auto-merge), not 14. Fixed in the PR description and in the linked Jira ticket PYSDK-94. The commit message still says "14" and will stay as is on this branch; when auto-merge squashes it, I'll let the PR title be the source of truth (it already reads just 'add sop:, type:, security:, scope:, auto-merge labels' with no count).
…[PYSDK-94] Adds 14 new labels to .github/labels.yml across SOP, type, security, scope, and auto-merge axes. The existing labels-sync.yml workflow fires on push to main touching this file, so the labels become live as soon as this PR merges — no manual `gh label create` needed (labels were already pre-created to enable retroactive labelling of today's PRs). - sop:pr-sop-01, sop:cc-sop-01 — SOP trail on the PR itself - type:feature|fix|chore|refactor|docs|test|perf|build|ci — conventional-commit taxonomy extending legacy bug/documentation/enhancement (which remain) - security, security:supply-chain — orthogonal security axis - scope:sdk-consumers, scope:dev-only — consumer-vs-dev-only exposure - auto-merge — eligible for auto-merge once CI is green Rejected during review: release:breaking / release:no-impact (semver covers it), security:sbom (rolls up into chore or supply-chain), scope:docs-only (duplicates type:docs), scope:infra (overlaps type:chore / type:ci). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
helmut-hoffer-von-ankershoffen
force-pushed
the
chore/PYSDK-94-pr-labels
branch
from
839740c to
9271fd4
Compare
|
Codecov Report✅ All modified and coverable lines are covered by tests. |
🛡️ Resolves PYSDK-94 following CC-SOP-01 Change Control, part of our ISO 13485-certified QMS | Ketryx Project.
What
Adds 16 new labels to
.github/labels.ymlacross five axes (2sop:*+ 9type:*+ 2security:*+ 2scope:*+ 1auto-merge). The existinglabels-sync.ymlworkflow fires on push tomaintouching this file, so the labels become live as soon as this PR merges. (The labels were also pre-created viagh label createso today's in-flight PRs could be retroactively labelled — the YAML change makes that durable and source-of-truth.)Added labels
SOP axis (mandatory, one per PR) — 2:
sop:pr-sop-01— PR-SOP-01 Problem Resolution (bug / anomaly fix)sop:cc-sop-01— CC-SOP-01 Change Control (feature / planned change)Type axis (one per PR, rounds out conventional commits) — 9:
type:feature,type:fix,type:chore,type:refactor,type:docs,type:test,type:perf,type:build,type:ciSecurity axis (orthogonal, 0–2 per PR) — 2:
security— addresses a security advisory / CVEsecurity:supply-chain— dependency-chain vulnerability remediationScope axis (orthogonal, 0–1 per PR) — 2:
scope:sdk-consumers— affects downstream SDK consumers (uvx aignostics/uv add aignostics)scope:dev-only— affects only our dev/CI envAutomation — 1:
auto-merge— eligible for auto-merge once CI is greenRejected during design review
release:breaking/release:no-impact— semver in the tag already carries this signalsecurity:sbom— too fine-grained; SBOM changes roll up into eithertype:choreorsecurity:supply-chainscope:docs-only— duplicatestype:docsscope:infra— overlapstype:chore+type:cibug/documentation/enhancement— they remain as GitHub defaults for issue templatesWhy
PRs previously had no SOP trail, only three
type:*-equivalent labels (bug/documentation/enhancement), no security axis, no consumer-vs-dev scope, and no auto-merge marker. Reviewers now have clean label-sidebar filters for every axis that matters for compliance and day-to-day triage.Test plan
sop:*,type:*,scope:*on PRs chore: update compass.yml — Jira board, status page, tier, lifecycle and metadata [PYSDK-82] #570–chore(deps): sweep Renovate/Dependabot bumps into pyproject.toml lower bounds [PYSDK-93] #580)labels-sync.ymlfires on merge to main and confirms all 16 labelsFollow-up (separate PRs)
The
cc-sop-01,pr-sop-01, andaudit-vulnerabilitiesskills will be updated to apply matchingsop:*,type:*,security:*,scope:*labels automatically on PR creation.🤖 Generated with Claude Code