mirror of
https://github.com/github/codeql.git
synced 2025-12-16 08:43:11 +01:00
b58c856756
Repositories can be configured with Default access (restricted) https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token Best practice says that workflows should declare the minimal permissions they require. Without declaring permissions, paranoid forks fail miserably.
16 lines
257 B
YAML
16 lines
257 B
YAML
name: "Pull Request Labeler"
|
|
on:
|
|
- pull_request_target
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
triage:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/labeler@v4
|
|
with:
|
|
repo-token: "${{ secrets.GITHUB_TOKEN }}"
|