Skip to content

github-action: use ephemeral tokens with the required permissions #160

github-action: use ephemeral tokens with the required permissions

github-action: use ephemeral tokens with the required permissions #160

Workflow file for this run

name: "Issue Labeler"
on:
issues:
types: [opened]
pull_request_target:
types: [opened]
# '*: write' permissions for https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#add-labels-to-an-issue
permissions:
contents: read
issues: write
pull-requests: write
jobs:
triage:
runs-on: ubuntu-latest
steps:
- id: is_elastic_member
uses: elastic/apm-pipeline-library/.github/actions/is-member-elastic-org@current
with:
username: ${{ github.actor }}
token: ${{ secrets.APM_TECH_USER_TOKEN }}
- name: Add community and triage labels
if: contains(steps.is_elastic_member.outputs.result, 'false') && github.actor != 'dependabot[bot]'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ["community", "triage"]
})