mirror of
https://github.com/quay/quay.git
synced 2026-01-26 06:21:37 +03:00
44c7209481
Refactor PR auto-labeling using two-workflow pattern to handle fork PRs securely. The label-status job is replaced with capture-pr-data (read-only) and a new pr-status-labeler workflow that runs with write permissions via workflow_run trigger. Fixes 403 errors when labeling PRs from forks. Signed-off-by: Brady Pratt <bpratt@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>
47 lines
1.1 KiB
YAML
47 lines
1.1 KiB
YAML
name: PR Auto-Labeler
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened]
|
|
pull_request_review:
|
|
types: [submitted, dismissed]
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
issues: write
|
|
|
|
jobs:
|
|
label-components:
|
|
name: Label Components
|
|
runs-on: ubuntu-latest
|
|
# Only run on PR events, not review events
|
|
if: github.event_name == 'pull_request_target'
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
with:
|
|
ref: ${{ github.event.pull_request.base.ref }}
|
|
|
|
- name: Apply area labels
|
|
uses: actions/labeler@v6
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
configuration-path: .github/labeler.yml
|
|
sync-labels: true
|
|
|
|
capture-pr-data:
|
|
name: Capture PR Data
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Save PR number
|
|
run: |
|
|
mkdir -p ./pr-data
|
|
echo ${{ github.event.pull_request.number }} > ./pr-data/pr_number.txt
|
|
|
|
- name: Upload PR data
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: pr-data-${{ github.event.pull_request.number }}
|
|
path: pr-data/
|