# This workflow will triage pull requests and apply a label based on the
# paths that are modified in the pull request.
#
# For more information, see:
# https://github.com/actions/labeler

name: Labeler
on:
  pull_request_target:
    types: [opened, reopened]

permissions:
  contents: read

jobs:
  label:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
    - name: Harden the runner (Audit all outbound calls)
      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
      with:
        egress-policy: audit

    - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
      with:
        repo-token: "${{ secrets.GITHUB_TOKEN }}"
        configuration-path: ".github/labels.yml"
        sync-labels: false