You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@streampipes.apache.org by bo...@apache.org on 2023/02/18 10:23:37 UTC
[streampipes] branch dev updated: [#1308][CI] label-pr workflow fails on fork-based PRs (#1309)
This is an automated email from the ASF dual-hosted git repository.
bossenti pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/streampipes.git
The following commit(s) were added to refs/heads/dev by this push:
new 0c35f6189 [#1308][CI] label-pr workflow fails on fork-based PRs (#1309)
0c35f6189 is described below
commit 0c35f61899d12321531fb9a4877d0ddd8c7f6762
Author: Steve Yurong Su <ro...@apache.org>
AuthorDate: Sat Feb 18 18:23:32 2023 +0800
[#1308][CI] label-pr workflow fails on fork-based PRs (#1309)
---
.github/workflows/pr-labeler.yml | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index e9871360b..58f0b5a0f 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -16,9 +16,10 @@
name: "Pull Request Labeler"
run-name: Pull request labeler for ${{ github.ref_name }}
-on:
- pull_request:
- types: [opened]
+# NOTE: security risk from this action.
+# DO NOT add actions in here which need a checkout of the repo, and
+# DO NOT use any caching in here.
+on: pull_request_target
jobs:
label-pr:
@@ -26,7 +27,9 @@ jobs:
github.event.pull_request.user.login != 'octobot' &&
github.event.pull_request.user.login != 'dependabot[bot]'
permissions:
+ # for actions/labeler to determine modified files
contents: read
+ # for actions/labeler to add labels to PRs
pull-requests: write
runs-on: ubuntu-latest
steps:
@@ -34,4 +37,5 @@ jobs:
with:
configuration-path: .github/pr-labeler-config.yml
repo-token: "${{ secrets.GITHUB_TOKEN }}"
+ # Remove labels when matching files are reverted
sync-labels: true