From b31ed61776f46930b63d8af98cafdea58e5644b7 Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Sun, 12 Apr 2026 01:18:50 +0800 Subject: [PATCH 1/2] chore: fix labeler workflow --- .github/labeler.yml | 8 +++---- .github/workflows/label-pr.yml | 44 +++++++++++++++++++++++++++++++++- 2 files changed, 47 insertions(+), 5 deletions(-) diff --git a/.github/labeler.yml b/.github/labeler.yml index 380ff441c04a..69cb0c51e123 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -10,14 +10,14 @@ - any-glob-to-any-file: - '.github/workflows/*' -# Add the `documentation` label to PRs that change any file in the `user_guide_src/source/` directory. +# Add the `documentation` label to PRs for documentation only. 'documentation': - changed-files: - any-glob-to-all-files: - - 'user_guide_src/source/*' + - 'user_guide_src/source/**' -# Add the `testing` label to PRs that change files in the `tests/` directory ONLY. +# Add the `testing` label to PRs that changes tests only. 'testing': - changed-files: - any-glob-to-all-files: - - 'tests/*' + - 'tests/**' diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml index 730c98f271c1..0cf24c8d6f98 100644 --- a/.github/workflows/label-pr.yml +++ b/.github/workflows/label-pr.yml @@ -4,16 +4,58 @@ name: Add Labels to PRs # in a PR, and then change it back to `pull_request_target` before merging. # @see https://github.com/actions/labeler?tab=readme-ov-file#updating-major-version-of-the-labeler on: - - pull_request_target + - pull_request jobs: + validate-source: + permissions: + contents: read + pull-requests: read + runs-on: ubuntu-24.04 + outputs: + valid: ${{ steps.check.outputs.valid }} + + steps: + - name: Check if PR is from the main repository + id: check + run: | + if [[ "$HEAD_REPO" == "codeigniter4/CodeIgniter4" ]]; then + echo "valid=true" >> $GITHUB_OUTPUT + else + echo "valid=false" >> $GITHUB_OUTPUT + fi + env: + HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }} + add-labels: + needs: validate-source permissions: contents: read pull-requests: write runs-on: ubuntu-24.04 steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Verify PR source for workflow file changes + run: | + # Get changed files in this PR + git fetch origin "refs/pull/${{ github.event.pull_request.number }}/merge" + CHANGED_FILES=$(git diff --name-only origin/develop FETCH_HEAD 2>/dev/null || echo "") + + # Check if this workflow file is being modified + if echo "$CHANGED_FILES" | grep -q "\.github/workflows/label-pr\.yml"; then + if [[ "$IS_VALID" != "true" ]]; then + echo "::error::Changes to label-pr.yml can only be made from the main repository." + exit 1 + fi + fi + env: + IS_VALID: ${{ needs.validate-source.outputs.valid }} + - name: Add labels uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 with: From 739220754d205e162be58d03b63930e3745bfc7f Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Sun, 12 Apr 2026 03:40:26 +0800 Subject: [PATCH 2/2] revert now to use pull_request_target --- .github/workflows/label-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml index 0cf24c8d6f98..bc93f5e49dac 100644 --- a/.github/workflows/label-pr.yml +++ b/.github/workflows/label-pr.yml @@ -4,7 +4,7 @@ name: Add Labels to PRs # in a PR, and then change it back to `pull_request_target` before merging. # @see https://github.com/actions/labeler?tab=readme-ov-file#updating-major-version-of-the-labeler on: - - pull_request + - pull_request_target jobs: validate-source: