Skip to content

chore: fix label-pr verification step #10118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
paulbalandan merged 2 commits into from
Apr 13, 2026
+20 −35
Merged

chore: fix label-pr verification step #10118

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
90df341
chore: fix label-pr verification step
paulbalandan Apr 13, 2026
8d6ef83
revert to pull request target
paulbalandan Apr 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 20 additions & 35 deletions .github/workflows/label-pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,7 @@ on:
- pull_request_target

jobs:
validate-source:
permissions:
contents: read
pull-requests: read
runs-on: ubuntu-24.04
outputs:
valid: ${{ steps.check.outputs.valid }}

steps:
- name: Check if PR is from the main repository
id: check
run: |
if [[ "$HEAD_REPO" == "codeigniter4/CodeIgniter4" ]]; then
echo "valid=true" >> $GITHUB_OUTPUT
else
echo "valid=false" >> $GITHUB_OUTPUT
fi
env:
HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}

add-labels:
needs: validate-source
permissions:
contents: read
pull-requests: write
Expand All @@ -41,20 +20,26 @@ jobs:
persist-credentials: false

- name: Verify PR source for workflow file changes
run: |
# Get changed files in this PR
git fetch origin "refs/pull/${{ github.event.pull_request.number }}/merge"
CHANGED_FILES=$(git diff --name-only origin/develop FETCH_HEAD 2>/dev/null || echo "")

# Check if this workflow file is being modified
if echo "$CHANGED_FILES" | grep -q "\.github/workflows/label-pr\.yml"; then
if [[ "$IS_VALID" != "true" ]]; then
echo "::error::Changes to label-pr.yml can only be made from the main repository."
exit 1
fi
fi
env:
IS_VALID: ${{ needs.validate-source.outputs.valid }}
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with:
script: |
const prFiles = await github.paginate(github.rest.pulls.listFiles.endpoint.merge({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.pull_request.number,
}));
const workflowFileChanged = prFiles.some(file => file.filename === '.github/workflows/label-pr.yml');

if (workflowFileChanged) {
if (context.payload.pull_request.head.repo.full_name !== 'codeigniter4/CodeIgniter4') {
throw new Error('Changes to label-pr.yml are not allowed from forks.');
}

console.log('Workflow file changed, but PR is from the main repository. Proceeding with label addition.');
return;
}

console.log('No changes to workflow file detected, proceeding with label addition.');

- name: Add labels
uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
Expand Down