Feature: Added management bot for comments

[TreyWW]

Description

Added a management bot for issue + pr comments to allow for better labelling

Progress:

• [x] /add_label(s)
• [x] /remove_label(s)
• [ ] Ability to "wait for reply" and dynamically set labels

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

.github/management_bot/pulumi/requirements.txt

Package	Version	License	Issue Type
pulumi-aws	>= 6.0.2,< 7.0.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/pulumi	>= 3.0.0,< 4.0.0	:green_circle: 6.4	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :green_circle: 8 5 out of the last 5 releases have a total of 5 signed artifacts. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 9 binaries present in source code Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :warning: 1 9 existing vulnerabilities detected
pip/pulumi-aws	>= 6.0.2,< 7.0.0	Unknown	Unknown
actions/actions/checkout	2.*.*	:green_circle: 7.5	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 9 security policy file detected Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/actions/setup-python	2.*.*	:green_circle: 5.4	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 3 2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 9 security policy file detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :warning: 0 49 existing vulnerabilities detected
actions/actions/upload-artifact	2.*.*	:green_circle: 6.7	Details Check Score Reason Code-Review :green_circle: 9 Found 10/11 approved changesets -- score normalized to 9 Maintained :green_circle: 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Packaging :warning: -1 packaging workflow not detected Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1 SAST :green_circle: 9 SAST tool detected but not run on all commits Security-Policy :green_circle: 9 security policy file detected Vulnerabilities :green_circle: 6 4 existing vulnerabilities detected

Scanned Manifest Files

.github/management_bot/pulumi/requirements.txt

• pulumi@>= 3.0.0,< 4.0.0
• pulumi-aws@>= 6.0.2,< 7.0.0

.github/workflows/management_bot_lambda.yml

• actions/checkout@2.*.*
• actions/setup-python@2.*.*
• actions/upload-artifact@2.*.*

[TreyWW]

/help

[myfinances-management[bot]]

Hi @TreyWW,

My available commands:

| Command | Description | Arg Types | Example | |---------|-------------|--------|--------| | /add_label | Adds one label | string | /add_label bug | | /add_labels | Adds multiple labels | list[string] | /add_label bug enhancement | | /remove_label | Removes one label | string | /remove_label bug | | /remove_labels | Removes multiple labels | list[string] | /remove_labels bug enhancement |

[TreyWW]

Added responses

[TreyWW]

/add_contributor @TreyWW "Testing Now" 👑 🐞

[TreyWW]

/add_contributor @TreyWW "Testing Again" 👑 🐞