# This workflow will triage pull requests and apply a label based on the
# paths that are modified in the pull request.
#
# For more information, see:
# https://github.com/actions/labeler

name: Labeler
on:
  pull_request_target:
    types: [opened, reopened]

permissions:
  contents: read

jobs:
  label:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
    - name: Harden the runner (Audit all outbound calls)
      uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
      with:
        egress-policy: audit

    - uses: actions/labeler@f1a63e87db0c6baf19c5713083f8d00d789ca184 # v6.0.0
      with:
        repo-token: "${{ secrets.GITHUB_TOKEN }}"
        configuration-path: ".github/labels.yml"
        sync-labels: false