1
# Licensed to the Apache Software Foundation (ASF) under one or more
2
# contributor license agreements. See the NOTICE file distributed with
3
# this work for additional information regarding copyright ownership.
4
# The ASF licenses this file to You under the Apache License, Version 2.0
5
# (the "License"); you may not use this file except in compliance with
6
# the License. You may obtain a copy of the License at
8
# http://www.apache.org/licenses/LICENSE-2.0
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS,
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
# See the License for the specific language governing permissions and
14
# limitations under the License.
18
# CAUTION! The pull_request_target is generally consider UNSAFE. This is because it will
19
# run untrusted code on the GHA infra with access to secrets and elevated permissions. We must
20
# not run any code from the pull request here. Instead, this workflow is for things like adding
21
# comments or labels to the pull request.
24
# * https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target
25
# * https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
27
types: [opened, reopened, synchronize]
35
runs-on: ubuntu-latest
38
uses: actions/checkout@v4
39
- uses: actions/labeler@v5
41
configuration-path: .github/configs/labeler.yml
42
- name: check small label
44
GH_TOKEN: ${{ github.token }}
45
PR_NUM: ${{github.event.number}}
47
./.github/scripts/label_small.sh