obsidian-metadata/.github/workflows/labeler.yml

---
name: Pull Request Labeler
on:
    - pull_request_target

jobs:
    label:
        permissions:
            contents: read
            pull-requests: write
        runs-on: ubuntu-latest
        steps:
            - name: Harden Runner
              uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v2.2.0
              with:
                  egress-policy: block
                  allowed-endpoints: >
                      api.github.com:443
                      github.com:443

            - uses: actions/labeler@v4
              with:
                  repo-token: ${{ secrets.GITHUB_TOKEN }}