feat: enable self-detection of actions config via CLI

[abhinavgautam01]

fixes #16

descirption

Downstream tools (like Augur) that use this application to analyze repositories need to dynamically detect which label the maintainers have configured for AI usage. Previously, this required downstream tools to implement their own YAML parsers to figure it out...

This PR shifts that responsibility natively into the CLI, allowing it to inspect a repository's .github/workflows directory and expose the configured labels in a clean JSON format...

Changes Made

• Dependency Added: Added gopkg.in/yaml.v3 to robustly parse GitHub Action workflow files.
• Workflow Scanner: Created the workflow package which scans .github/workflows/*.yml, identifying any usage of chaoss/disclosure. It parses out the explicit with: label: parameter or correctly falls back to the default ai-detected label.
• CLI Subcommand: Added the disclosure actions [repo-path] subcommand to output the discovered labels in a machine-readable JSON format: {"labels": ["ai-detected"]}.
• Testing: Added rigorous unit tests in workflow_test.go to ensure accurate extraction logic and defaults.

Testing

• go test ./... passes cleanly.
• Running disclosure actions . against a repo containing the action correctly surfaces the AI labels in JSON.

[MoralCode]

i think the goal here would be to enable most, if not all, of the configuration values for the action to be surfaced through the CLI.

That way collection tools like CollectOSS would be able to store, and enable analysis to be run based on not only the projects own configured AI label name, but also things like their configured detection thresholds for what even counts as an "ai contribution" in the first place

To that end, i think the CLI would be better named something like disclosure find-config <path/to/repo>

[abhinavgautam01]

i think the goal here would be to enable most, if not all, of the configuration values for the action to be surfaced through the CLI.

That way collection tools like CollectOSS would be able to store, and enable analysis to be run based on not only the projects own configured AI label name, but also things like their configured detection thresholds for what even counts as an "ai contribution" in the first place

To that end, i think the CLI would be better named something like disclosure find-config <path/to/repo>

thanks for the feedback... i completely agree that surfacing all the configuration values gives downstream tools (like Augur and CollectOSS) much better visibility into the actual detection thresholds for a project....

i have pushed an update to this PR that:

1. Renames the CLI command from actions to find-config as suggested.
2. extracts and surfaces all core inputs for the action (including label, min-confidence and scan-pr-body), correctly falling back to defaults if they are omitted from the YAML.
3. Updates the JSON output to return an array of complete configuration objects rather than just an array of label strings.

let me know if this looks good to you or if you need any other tweaks..!