This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 5dea5a6 Add GitHub Actions PR labeler with pinned SHA and scoped
permissions
5dea5a6 is described below
commit 5dea5a671f08c695798b73d345b09c1fdf971b2a
Author: Ravi Kumar <[email protected]>
AuthorDate: Mon Dec 29 23:12:15 2025 +0530
Add GitHub Actions PR labeler with pinned SHA and scoped permissions
- Add PR labeler workflow for automatic labeling
- Pin actions/labeler to reviewed SHA per ASF security policy
- Scope permissions at the job level
---
.github/labeler.yml | 48 ++++++++++++++++++++++++++++++++++++++++
.github/workflows/pr-labeler.yml | 18 +++++++++++++++
2 files changed, 66 insertions(+)
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 0000000..8f6e5d0
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,48 @@
+documentation:
+ - changed-files:
+ - any-glob-to-any-file: "**/*.md"
+
+source:
+ - changed-files:
+ - any-glob-to-any-file: "**/*.py"
+
+workflows:
+ - changed-files:
+ - any-glob-to-any-file: ".github/**"
+
+tests:
+ - changed-files:
+ - any-glob-to-any-file:
+ - "tests/**"
+ - "playwright/**"
+
+routes:
+ - changed-files:
+ - any-glob-to-any-file: "atr/{get,post,shared}/**"
+
+storage:
+ - changed-files:
+ - any-glob-to-any-file: "atr/storage/**"
+
+migrations:
+ - changed-files:
+ - any-glob-to-any-file: "migrations/**"
+
+containers:
+ - changed-files:
+ - any-glob-to-any-file:
+ - "Dockerfile.alpine"
+ - "Dockerfile.ubuntu"
+ - "start-atr.sh"
+
+models:
+ - changed-files:
+ - any-glob-to-any-file: "atr/models/**"
+
+tasks:
+ - changed-files:
+ - any-glob-to-any-file: "atr/tasks/**"
+
+scripts:
+ - changed-files:
+ - any-glob-to-any-file: "scripts/**"
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
new file mode 100644
index 0000000..6068a74
--- /dev/null
+++ b/.github/workflows/pr-labeler.yml
@@ -0,0 +1,18 @@
+name: Pull Request Labeler
+
+on:
+ pull_request:
+ types: [opened, synchronize, reopened]
+
+jobs:
+ label:
+ permissions:
+ contents: read
+ pull-requests: write
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b
+ with:
+ repo-token: "${{ secrets.GITHUB_TOKEN }}"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
