name: 'Pull Request Labeler' on: - pull_request_target # zizmor: ignore[dangerous-triggers] no attacker inputs are used here permissions: {} jobs: labeler: permissions: contents: read pull-requests: write runs-on: ubuntu-latest steps: - id: token uses: immich-app/devtools/actions/create-workflow-token@9db058b2e6eec20e07760b0e17a0505c78ec3191 # create-workflow-token-action-v2.0.1 with: client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }} private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }} - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0 with: repo-token: ${{ steps.token.outputs.token }}