obsidian-metadata/.github/workflows/labeler.yml

---
name: Pull Request Labeler
on:
    - pull_request_target

jobs:
    label:
        permissions:
            contents: read
            pull-requests: write
        runs-on: ubuntu-latest
        steps:
            - name: Harden Runner
              uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
              with:
                  egress-policy: block
                  allowed-endpoints: >
                      api.github.com:443
                      github.com:443

            - uses: actions/labeler@v4
              with:
                  repo-token: ${{ secrets.GITHUB_TOKEN }}