name: "Auto Pull Request Labeler V2"
on:
  pull_request_target:
    types: [opened, synchronize]

permissions:
  contents: read

jobs:
  labeler:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

      - name: Setup GitHub App Bot
        id: setup-bot
        uses: ./.github/actions/setup-bot
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

      - uses: srvaroa/labeler@0a20eccb8c94a1ee0bed5f16859aece1c45c3e55 # v1.13.0
        with:
          config_path: .github/labeler-config-srvaroa.yml
          use_local_config: false
          fail_on_error: true
        env:
          GITHUB_TOKEN: "${{ steps.setup-bot.outputs.token }}"