{"id":48210366,"url":"https://github.com/contractify/label-and-assign","last_synced_at":"2026-04-04T18:48:05.823Z","repository":{"id":61402544,"uuid":"550940345","full_name":"contractify/label-and-assign","owner":"contractify","description":"A GitHub action which automatically labels and assigns new pull requests based on the paths of files being changed","archived":false,"fork":false,"pushed_at":"2026-03-26T06:38:38.000Z","size":2834,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-27T02:07:43.755Z","etag":null,"topics":["github","github-actions"],"latest_commit_sha":null,"homepage":"https://contractify.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/contractify.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-10-13T15:15:24.000Z","updated_at":"2026-03-26T06:38:41.000Z","dependencies_parsed_at":"2023-01-11T17:23:46.493Z","dependency_job_id":"bac98026-ae1a-4479-b845-bfa18219031e","html_url":"https://github.com/contractify/label-and-assign","commit_stats":{"total_commits":97,"total_committers":3,"mean_commits":"32.333333333333336","dds":0.3298969072164949,"last_synced_commit":"a8f8915aa25e25e62bd461e028cc14db5a7fc8f6"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/contractify/label-and-assign","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/contractify%2Flabel-and-assign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/contractify%2Flabel-and-assign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/contractify%2Flabel-and-assign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/contractify%2Flabel-and-assign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/contractify","download_url":"https://codeload.github.com/contractify/label-and-assign/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/contractify%2Flabel-and-assign/sbom","scorecard":{"id":303611,"data":{"date":"2025-08-11","repo":{"name":"github.com/contractify/label-and-assign","commit":"60a48bf70f9e24b6bd88dee4d37ebd98cb4505ff"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":-1,"reason":"Found no human activity in the last 15 changesets","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/automation.yml:13","Warn: no topLevel permission defined: .github/workflows/build_test.yml:1","Warn: no topLevel permission defined: .github/workflows/check-dist.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"19 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/automation.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/contractify/label-and-assign/automation.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/automation.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/contractify/label-and-assign/automation.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/contractify/label-and-assign/build_test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/contractify/label-and-assign/build_test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/contractify/label-and-assign/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/contractify/label-and-assign/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/contractify/label-and-assign/check-dist.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/build_test.yml:24","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   1 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T21:25:11.811Z","repository_id":61402544,"created_at":"2025-08-17T21:25:11.811Z","updated_at":"2025-08-17T21:25:11.811Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31409470,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","github-actions"],"created_at":"2026-04-04T18:48:01.827Z","updated_at":"2026-04-04T18:48:05.808Z","avatar_url":"https://github.com/contractify.png","language":"TypeScript","readme":"# Pull Request Label and Assign\n\nAt [Contractify](https://contractify.io), we like to keeps things nice, tidy and\norganized. We are using [Jira](https://www.atlassian.com/nl/software/jira) for\nour issue management and [GitHub](https://www.github.com) for our version control.\n\nSince we are keen on reducing the manual work related to pull requests, we\ncreated a [GitHub action](https://github.com/features/actions) that helps us in\nassigning labels, reviewers and owners to a pull request, based on the files\nchanged in the pull request.\n\nThe current version allows you to:\n\n- Assign labels based on file patterns\n- Assign reviewers based on labels\n- Assign the sender of the pull request as the owner (we don't like pull\n  requests which are owned by nobody)\n\n## Sample action setup\n\nTo get started, you will need to create a GitHub action workflow file. If you\nneed more information on how to set that up, check\n[here](https://docs.github.com/en/actions/quickstart).\n\nIn our repositories, we keep these actions in a separate workflow, so we usually\nadd a file called `.github/workflows/automation.yml` to our repository and put\nthe following content in there:\n\n### Create `.github/label-and-assign.yml`\n\nCreate a `.github/label-and-assign.yml` file containing:\n\n```yaml\nlabels:\n  dependencies:\n  - composer.json\n  - composer.lock\n  - package.json\n  - package-lock.json\n  - nova-components/ModuleSelector/package.json\n  - nova-components/ModuleSelector/package-lock.json\n\n  gihub_actions:\n  - '.github/**/*'\n\n  javascript:\n  - ./**/*.vue\n  - ./**/*.js\n\n  php:\n  - ./**/*.php\n\nassign:\n  dependencies:\n  - user1\n  - user2\n\n  gihub_actions:\n  - user1\n\n  php:\n  - user2\n  - user3\n\n  database:\n  - user2\n  - user3\n\n  javascript:\n  - user4\n```\n\nThis file contains the mapping of the labels against the file patterns and the\nreviewers based on the labels.\n\n### Create the workflow file\n\nYou will need to create a GitHub action workflow file. If you\nneed more information on how to set that up, check\n[here](https://docs.github.com/en/actions/quickstart).\n\nIn our repositories, we keep these actions in a separate workflow, so we usually\nadd a file called `.github/workflows/automation.yml` to our repository and put\nthe following content in there:\n\n\n```yaml\nname: PR Automation\n\non:\n  [ push ]\n\npermissions:\n  contents: write\n  checks: write\n  pull-requests: write\n\njobs:\n  automation:\n    runs-on: ubuntu-latest\n    steps:\n    - name: Assign Labels and Users\n      uses: contractify/label-and-assign@v2.1.0\n      if: ${{ github.actor != 'dependabot[bot]' }}\n      with:\n        token: \"${{ secrets.GITHUB_TOKEN }}\"\n```\n\n## Inputs\n\nVarious inputs are defined in [`action.yml`](action.yml) to let you configure the actions:\n\n| Name | Description | Default |\n| - | - | - |\n| `token` | Token to use to authorize label changes. Typically the GITHUB_TOKEN secret, with `contents:read` and `pull-requests:write` access | N/A |\n| `configuration-path` | The path to the label configuration file | `.github/labeler.yml` |\n\n## In Detail\n\n### Order of the actions\n\nThe action always runs the steps in the following order:\n\n1. Detect which files are changed\n2. Assign the labels based on the changed files\n3. Assign the reviewers based on the labels\n4. Assign the owner if not present yet\n\n### Detection of the changed files\n\nYou might notice that there is no `checkout` step in the workflow. This is done\non purpose as the list of changed files is extracted from the pull request\ndetails using the GitHub API. This is much faster than having to do a full\ncheckout of your repository.\n\n## About Contractify\n\nContractify is a blooming Belgian SaaS scale-up offering contract management software and services.\n\nWe help business leaders, legal \u0026 finance teams to\n- 🗄️ centralize contracts \u0026 responsibilities, even in a decentralized organization.\n- 📝 keep track of all contracts \u0026 related mails or documents in 1 tool\n- 🔔 automate \u0026 collaborate on contract follow-up tasks\n- ✒️ approve \u0026 sign documents safely \u0026 fast\n- 📊 report on custom contract data\n\nThe cloud platform is easily supplemented with full contract management support, including:\n- ✔️ registration and follow up of your existing \u0026 new contracts\n- ✔️ expert advice on contract management\n- ✔️ periodic reporting \u0026 status updates\n\nStart automating your contract management for free with Contractify on:\nhttps://info.contractify.io/free-trial\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontractify%2Flabel-and-assign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontractify%2Flabel-and-assign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontractify%2Flabel-and-assign/lists"}