Skip to content

feat: add new workflow file for automated pull request labeling #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 7, 2025
Merged

feat: add new workflow file for automated pull request labeling #210

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .github/workflows/labeler.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
name: PR Autolabeler

on:
# pull_request event is required for autolabeler
pull_request:
types: [opened, reopened, synchronize]

jobs:
draft-release:
uses: commit-check/.github/.github/workflows/release-drafter.yml@main
Comment on lines +8 to +10
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Define required permissions explicitly.

The workflow is missing explicit permissions configuration. This is important for security and following the principle of least privilege.

Add permissions configuration:

 jobs:
+  permissions:
+    pull-requests: write  # Required for labeling PRs
+    contents: read       # Required for accessing repository content
   draft-release:
     uses: commit-check/.github/.github/workflows/release-drafter.yml@main

Committable suggestion skipped: line range outside the PR's diff.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Use commit SHA instead of @main for workflow reference

Replace the @main reference with the specific commit SHA:

uses: commit-check/.github/.github/workflows/release-drafter.yml@fae5593179f0ab50401e4b42ff5a019fc488bfde
🔗 Analysis chain

Avoid using @main branch reference directly.

Using @main for external workflows can lead to unexpected behavior if the referenced repository makes breaking changes. Consider:

  1. Using a specific commit SHA or tag for better stability
  2. Documenting the expected version/functionality of the external workflow

Let's verify if the external workflow exists and check its recent changes:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the external workflow existence and its recent changes
gh api repos/commit-check/.github/contents/.github/workflows/release-drafter.yml

# Check recent commits to the workflow
gh api repos/commit-check/.github/commits \
  --jq '.[] | select(.commit.message | contains("release-drafter.yml"))' \
  | jq -r '["Date:", .commit.author.date, "Message:", .commit.message] | join(" ")'

Length of output: 2733

Script:

#!/bin/bash
# Decode and examine the workflow content
echo "bmFtZTogUmVsZWFzZSBEcmFmdGVyCgpvbjoKICB3b3JrZmxvd19jYWxsOgogICAgaW5wdXRzOgogICAgICBjb21taXRpc2g6CiAgICAgICAgcmVxdWlyZWQ6IGZhbHNlCiAgICAgICAgdHlwZTogc3RyaW5nCiAgICAgICAgZGVmYXVsdDogIm1haW4iCiAgICAgICAgZGVzY3JpcHRpb246IFRoZSByZWxlYXNlIHRhcmdldCwgaS5lLiBicmFuY2ggb3IgY29tbWl0IGl0IHNob3VsZCBwb2ludCB0by4KCmpvYnM6CiAgdXBkYXRlX3JlbGVhc2VfZHJhZnQ6CiAgICBwZXJtaXNzaW9uczoKICAgICAgIyB3cml0ZSBwZXJtaXNzaW9uIGlzIHJlcXVpcmVkIHRvIGNyZWF0ZSBhIGdpdGh1YiByZWxlYXNlCiAgICAgIGNvbnRlbnRzOiB3cml0ZQogICAgICAjIHdyaXRlIHBlcm1pc3Npb24gaXMgcmVxdWlyZWQgZm9yIGF1dG9sYWJlbGVyCiAgICAgICMgb3RoZXJ3aXNlLCByZWFkIHBlcm1pc3Npb24gaXMgcmVxdWlyZWQgYXQgbGVhc3QKICAgICAgcHVsbC1yZXF1ZXN0czogd3JpdGUKICAgIHJ1bnMtb246IHVidW50dS1sYXRlc3QKICAgIHN0ZXBzOgogICAgICAjIERyYWZ0IHlvdXIgbmV4dCBSZWxlYXNlIG5vdGVzIGFzIFB1bGwgUmVxdWVzdHMgYXJlIG1lcmdlZCBpbnRvIHRoZSBkZWZhdWx0IGJyYW5jaAogICAgICAtIHVzZXM6IHJlbGVhc2UtZHJhZnRlci9yZWxlYXNlLWRyYWZ0ZXJAdjYKICAgICAgICB3aXRoOgogICAgICAgICAgY29tbWl0aXNoOiAnJHt7IGlucHV0cy5jb21taXRpc2ggfX0nCiAgICAgICAgZW52OgogICAgICAgICAgR0lUSFVCX1RPS0VOOiAke3sgc2VjcmV0cy5HSVRIVUJfVE9LRU4gfX0K" | base64 -d

# Get the commit SHA
echo "fae5593179f0ab50401e4b42ff5a019fc488bfde"

Length of output: 1269

Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy