name: 🏷️🔀Merge Conflict Labeler

on:
  push:
    branches: [develop]
  # SECURITY: pull_request_target runs with the base repo's write token and secrets.
  # This job only labels via the API and is safe ONLY because it never checks out or
  # runs the PR head's code. NEVER add `actions/checkout` of the PR head (or any `run:`
  # that interpolates PR-controlled data) to this workflow — that would turn it into a
  # full repo-compromise vector.
  pull_request_target:
    branches: [develop]
    types: [synchronize]

jobs:
  label:
    name: 🏷️ Labeling Merge Conflicts
    runs-on: ubuntu-24.04
    if: ${{ github.repository == 'streamyfin/streamyfin' }}
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: 🚩 Apply merge conflict label
        uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3
        with:
          dirtyLabel: '⚔️ merge-conflict'
          commentOnDirty: 'This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.'
          repoToken: '${{ secrets.GITHUB_TOKEN }}'