name: "Label PR"

on:
  - pull_request_target

# WARNING:
# When extending this action, be aware that $GITHUB_TOKEN allows some write
# access to the GitHub API. This means that it should not evaluate user input in
# a way that allows code injection.

permissions:
  contents: read
  pull-requests: write

jobs:
  labels:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'nix-community'
    steps:
      - uses: actions/labeler@v5
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          sync-labels: true