alteropen/streamyfin
1
0
Fork 0
mirror of https://github.com/streamyfin/streamyfin.git synced 2026-06-26 07:40:31 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
chore/security-hardening
streamyfin/.github/workflows/conflict.yml
Gauvino 7035c6f853 chore(security): bump merge-conflict labeler to v3.1.0 and default-deny perms 
Pin eps1lon/actions-label-merge-conflict to v3.1.0 (0273be7) and add a
top-level permissions: {} so the workflow defaults to no permissions and the
job grants only contents:read and pull-requests:write.
2026-06-05 13:16:18 +02:00

32 lines
1.2 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: 🏷🔀Merge Conflict Labeler
on:
push:
branches: [develop]
# SECURITY: pull_request_target runs with the base repo's write token and secrets.
# This job only labels via the API and is safe ONLY because it never checks out or
# runs the PR head's code. NEVER add `actions/checkout` of the PR head (or any `run:`
# that interpolates PR-controlled data) to this workflow — that would turn it into a
# full repo-compromise vector.
pull_request_target:
branches: [develop]
types: [synchronize]
permissions: {}
jobs:
label:
name: 🏷️ Labeling Merge Conflicts
runs-on: ubuntu-24.04
if: ${{ github.repository == 'streamyfin/streamyfin' }}
permissions:
contents: read
pull-requests: write
steps:
- name: 🚩 Apply merge conflict label
uses: eps1lon/actions-label-merge-conflict@0273be72a0bbd58fcd71d0d6c02c209b50d1e5e1 # v3.1.0
with:
dirtyLabel: '⚔️ merge-conflict'
commentOnDirty: 'This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.'
repoToken: '${{ secrets.GITHUB_TOKEN }}'
Reference in New Issue View Git Blame Copy Permalink