openwrt/.github/workflows/labeler.yml
Alex Low 303b784cc8
build: harden GitHub workflow permissions
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.

Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 7152599407)
2022-12-04 17:36:57 +01:00

34 lines
967 B
YAML

name: 'Pull Request Labeler'
on:
- pull_request_target
permissions:
contents: read
jobs:
labeler:
permissions:
contents: read # to determine modified files (actions/labeler)
pull-requests: write # to add labels to PRs (actions/labeler)
name: Pull Request Labeler
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v4
with:
repo-token: '${{ secrets.GITHUB_TOKEN }}'
- name: Check Branch
id: check-branch
run: |
if echo "${{ github.base_ref }}" | grep -q -E 'openwrt-[0-9][0-9]\.[0-9][0-9]'; then
echo "release-tag=$(echo ${{ github.base_ref }} | sed 's/openwrt-/release\//')" >> $GITHUB_OUTPUT
fi
- uses: buildsville/add-remove-label@v2.0.0
if: ${{ steps.check-branch.outputs.release-tag }}
with:
token: ${{secrets.GITHUB_TOKEN}}
labels: ${{ steps.check-branch.outputs.release-tag }}
type: add