Skip to content

Enact security policy #1907

Enact security policy

Enact security policy #1907

Workflow file for this run

# This workflow will triage pull requests and apply a label based on the
# paths that are modified in the pull request.
#
# To use this workflow, you will need to set up a .github/labeler.yml
# file with configuration. For more information, see:
# https://github.com/actions/labeler/blob/master/README.md
name: Labeler
on: [pull_request_target]
# Note: potential security risk from this action using pull_request_target.
# Do not add actions in here which need a checkout of the repo, and do not use any caching in here.
# See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
permissions:
contents: read
jobs:
label:
name: Label
runs-on: ubuntu-latest
permissions:
checks: write
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- uses: actions/[email protected]
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"