chore(ci): bump docker/login-action from 3.7.0 to 4.2.0 #97
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Labeler | |
| on: | |
| # pull_request_target runs in the context of the base repo and retains write | |
| # access even for fork PRs — required because the reusable labeler calls the | |
| # GitHub REST API to set labels and post comments (both need write tokens). | |
| # | |
| # Security: this workflow does NOT check out or execute any code from the PR | |
| # branch; it only passes the PR number / owner / repo name to a reusable | |
| # workflow that performs only API calls against the base repo. This matches | |
| # the pattern used by auto-add-to-project.yml and octo-pr-feed.yml. | |
| pull_request_target: # zizmor: ignore[dangerous-triggers] metadata-only automation; no PR code executed | |
| types: [opened, synchronize, reopened] | |
| permissions: {} | |
| jobs: | |
| label: | |
| uses: Mininglamp-OSS/.github/.github/workflows/reusable-pr-labeler.yml@v1 | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| repo_owner: ${{ github.repository_owner }} | |
| repo_name: ${{ github.event.repository.name }} | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| # secrets: intentionally omitted — reusable-pr-labeler.yml uses only the | |
| # inherited GITHUB_TOKEN granted via the job-level permissions above. |