---
name: Pull Request Labeler
on:
    - pull_request_target

jobs:
    label:
        permissions:
            contents: read
            pull-requests: write
        runs-on: ubuntu-latest
        steps:
            - name: Harden Runner
              uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
              with:
                  egress-policy: block
                  allowed-endpoints: >
                      api.github.com:443
                      github.com:443

            - uses: actions/labeler@v4
              with:
                  repo-token: ${{ secrets.GITHUB_TOKEN }}