From 1ffd0f4a9243d68af71a2cb8ee4197c47914485c Mon Sep 17 00:00:00 2001
From: Prudhvi Godithi <pgodithi@amazon.com>
Date: Wed, 11 Oct 2023 15:50:51 -0700
Subject: [PATCH] Add CVE Label

Signed-off-by: Prudhvi Godithi <pgodithi@amazon.com>
---
 .github/workflows/add-cve-label.yml | 63 +++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 .github/workflows/add-cve-label.yml

diff --git a/.github/workflows/add-cve-label.yml b/.github/workflows/add-cve-label.yml
new file mode 100644
index 0000000000..dead420769
--- /dev/null
+++ b/.github/workflows/add-cve-label.yml
@@ -0,0 +1,63 @@
+name: Add CVE Label
+on:
+  issues:
+    types:
+      - labeled
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+jobs:
+  add-comment:
+    if: ${{ contains(github.event.label.name, 'dependency security vulnerability') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Issue Title
+        id: get_title
+        run: |
+          issue_title="${{ github.event.issue.title }}"
+          severity="$(echo $issue_title | sed -n 's/.*(\(.*\)).*/\1/p')"
+          echo "severity=$severity" >> $GITHUB_ENV
+      - name: Check and Create label
+        id: check_create_label
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          result-encoding: string
+          script: |
+            const labelName = "${{ env.severity }}";
+            let labelFound = false;
+            try {
+              const label = await github.rest.issues.getLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                name: labelName
+              });
+              labelFound = true;
+            } catch (error) {
+              if (error.status === 404) {
+                const randomColor = Math.floor(Math.random() * 16777215).toString(16);
+                const newLabel = {
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  name: labelName,
+                  color: randomColor,
+                  description: "CVE severity " + labelName
+                };
+                await github.rest.issues.createLabel(newLabel);
+                labelFound = true;
+              } else {
+                throw error;
+              }
+            }
+            console.log(labelFound);
+            return labelFound
+      - name: Add CVE Label
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: ${{ github.event.issue.number }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ${{ env.severity }}
+            })