-
Notifications
You must be signed in to change notification settings - Fork 12.9k
40 lines (35 loc) · 1.65 KB
/
Copy pathlabel-pr.yml
File metadata and controls
40 lines (35 loc) · 1.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Label PR
# SECURITY: this workflow runs with write access to the base repo on fork PRs,
# because `pull_request_target` executes in the context of the base branch.
# Keep it metadata-only — do NOT add actions/checkout or any step that
# executes PR-supplied content (install scripts, build commands, etc.).
# See https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
on:
pull_request_target:
types: [opened, edited]
jobs:
label:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/github-script@v7
with:
script: |
const body = context.payload.pull_request.body || '';
const labels = [];
if (body.includes('[x] **Feature skill**')) { labels.push('PR: Skill'); labels.push('PR: Feature'); }
else if (body.includes('[x] **Utility skill**')) labels.push('PR: Skill');
else if (body.includes('[x] **Operational/container skill**')) labels.push('PR: Skill');
else if (body.includes('[x] **Fix**')) labels.push('PR: Fix');
else if (body.includes('[x] **Simplification**')) labels.push('PR: Refactor');
else if (body.includes('[x] **Documentation**')) labels.push('PR: Docs');
if (body.includes('contributing-guide: v1')) labels.push('follows-guidelines');
if (labels.length > 0) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
labels,
});
}