mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-12-30 20:06:30 +01:00
e7631cf80c
- **What was changed**
- Added a new `handle-label-commands` job to
`.github/workflows/PR-Demo-Comment-with-react.yml` that processes PR
comments containing label commands and applies label changes to the
associated pull request.
- Introduced an authorization list `label_changer` in
`.github/config/repo_devs.json` to restrict who can manage labels via
comments.
- Implemented parsing of comment commands in the form:
- `add:🏷️:"Label Name"` to add a label.
- `rm:🏷️:"Label Name"` to remove a label.
- The workflow reads `.github/labels.yml` to build a canonical map of
allowed labels (case-insensitive matching, preserves original casing).
- Only labels defined in `.github/labels.yml` can be added; removal
allows best-effort even if the label is not found in the map.
- After successful processing, the original command comment is deleted
to keep the thread clean.
- Uses the existing local action `./.github/actions/setup-bot` to
authenticate as a GitHub App for applying labels.
- Added runner hardening via `step-security/harden-runner@v2.13.1` with
egress audit mode.
- **Why the change was made**
- Streamlines triage by enabling trusted maintainers to manage labels
directly from PR comments without needing full UI interactions.
- Ensures safety and consistency:
- Only **authorized** accounts (from `label_changer`) can execute label
commands.
- Only **known** labels (from `.github/labels.yml`) may be added,
preventing typos and drift.
- Reduces noise by deleting comma
19 lines
247 B
JSON
19 lines
247 B
JSON
{
|
|
"label_changer": [
|
|
"Frooodle",
|
|
"Ludy87",
|
|
"balazs-szucs"
|
|
],
|
|
"repo_devs": [
|
|
"Frooodle",
|
|
"sf298",
|
|
"Ludy87",
|
|
"LaserKaspar",
|
|
"sbplat",
|
|
"reecebrowne",
|
|
"DarioGii",
|
|
"ConnorYoh",
|
|
"EthanHealy01"
|
|
]
|
|
}
|