Skip to content

Update labeling action #932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Update labeling action #932

wants to merge 4 commits into from

Conversation

schavis
Copy link
Contributor

@schavis schavis commented Sep 10, 2025

Make the triggering events more explicit

@schavis
Update label-content-prs.yml
c966e07 
Clarify triggering events
@schavis schavis requested a review from a team as a code owner September 10, 2025 18:30
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 10, 2025
edited
Loading

Vercel Previews Deployed

Name Status Preview Updated (UTC)
Dev Portal ✅ Ready (Inspect) Visit Preview Thu Oct 16 19:32:11 UTC 2025
Unified Docs API ✅ Ready (Inspect) Visit Preview Thu Oct 16 19:25:15 UTC 2025

@williamdalessandro
Copy link
Contributor

Hey @schavis this PR looks good- however just a question about the implications this change this would have. From my research pull_request_target event (the current implementation) runs in the base repo context (with access to secrets) so it works for internal PRs but also for PRs from forked repos. Was this intentional behavior? The new change, on the other hand, works the same for internal PRs but with no secrets for forked PRs, so any automation requiring secrets will not work for PRs from forks. I'm all for the new change since it has added safety, but just wondering if there was a specific reason to use pull_request_target in the first place that I don't want to overlook

williamdalessandro
williamdalessandro approved these changes Oct 10, 2025
View reviewed changes
Copy link
Contributor

@williamdalessandro williamdalessandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving this PR, but just linking my previous comment here

@schavis
Copy link
Contributor Author

schavis commented Oct 10, 2025

@williamdalessandro tbh it was just about safety. We would still like contributor PRs to be properly labeled. Is there an alternative permission that makes sense (narrow scope without skilling fork-based PRs)? I'm not aware of one.

@williamdalessandro
Copy link
Contributor

williamdalessandro commented Oct 14, 2025
edited
Loading

@williamdalessandro tbh it was just about safety. We would still like contributor PRs to be properly labeled. Is there an alternative permission that makes sense (narrow scope without skilling fork-based PRs)? I'm not aware of one.

@schavis is

on:
  pull_request_target:
    types: [opened, synchronize, reopened]

not valid?

@schavis
Copy link
Contributor Author

schavis commented Oct 16, 2025
edited
Loading

@schavis is {snip} not valid?

I thought I tried that and it didn't work, but let me double check. I had a lot going on at the time 🙃

@schavis
Copy link
Contributor Author

schavis commented Oct 16, 2025

@williamdalessandro Testing worked in my fork. Let me know if it's still okay to merge :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@williamdalessandro williamdalessandro williamdalessandro approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@schavis @williamdalessandro