name: 'Pull Request Labeler'
on:
  - pull_request_target # zizmor: ignore[dangerous-triggers] no attacker inputs are used here

permissions: {}

jobs:
  labeler:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1