feat(ci): tag triaged Linear issues with the source repository

[brendan-kellam]

Summary

Tags each Linear issue created by the vulnerability-triage workflow with a label named after the source repository (e.g. sourcebot-dev/sourcebot), in addition to the existing CVE label. This makes triaged issues filterable by repo in Linear.

How

• In the Match existing Linear issues step, after resolving the team/CVE-label/state/viewer, resolve a team label whose name equals ${{ github.repository }}. If it doesn't exist yet, create it via issueLabelCreate (team-scoped, like the CVE label). Expose it as a repo_label_id step output.
• In the Create Linear issues step, attach both the CVE label and the repository label (any that failed to resolve are dropped).

The label is created at most once — subsequent runs find the existing one. Reopened issues are unchanged (they already carry their labels).

Notes

• The label uses the full github.repository (owner/repo) to match the [owner/repo] title-prefix scoping already used, which keeps it unambiguous across sibling repos (e.g. sourcebot-dev/sourcebot-helm-chart). Easy to switch to the short repo name if you'd prefer.
• No CHANGELOG entry — internal CI/security-automation change, not user-facing.

Testing

Verified the label-array construction in jq (both labels present, repo label missing → only CVE, both missing → no labelIds sent) and that the workflow YAML parses.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Improved vulnerability issue tracking workflow to include repository-specific labeling in addition to existing categorization. Enhanced label resolution and assignment logic for better organization of security-related issues.

[github-actions]

@brendan-kellam your pull request is missing a changelog!

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f1b15233-e845-48d5-b726-c0a86ece9066

📥 Commits

Reviewing files that changed from the base of the PR and between 18d41ba and 09e6caa.

📒 Files selected for processing (1)

• .github/workflows/vulnerability-triage.yml

---

Walkthrough

The vulnerability triage workflow's "Match existing Linear issues" step is extended to query or create a Linear label named after github.repository and export its id. The "Create Linear issues" step consumes that id, warns if unavailable, and assigns both the CVE label and the repository label when creating new issues.

Changes

Repository-scoped Linear label resolution and assignment

Layer / File(s)	Summary
Resolve/create repo label in matching step and export id .github/workflows/vulnerability-triage.yml	The matching step queries Linear for a label named after github.repository, creates it if it does not exist, and writes repo_label_id to GITHUB_OUTPUT.
Consume repo label id and apply to new issues .github/workflows/vulnerability-triage.yml	The creation step reads REPO_LABEL_ID from the match step outputs, logs a warning when it is unavailable, and builds a filtered labelIds array combining the CVE label id and the repository label id before passing it to issue creation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• sourcebot-dev/sourcebot#1334: Updates the same "Match existing Linear issues" and "Create Linear issues" steps in vulnerability-triage.yml to rewire Linear metadata resolution, directly preceding the label changes introduced here.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding repository-scoped labels to Linear issues in the vulnerability-triage workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch brendan/vuln-triage-repo-label

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}