Update labeler configuration

llucax · stefan-brus-frequenz · commit e392bb3ffc2d · 2023-09-07T11:16:18.000+02:00
We include new files that have been added to the repository and support
and match files starting with a dot when specifying patterns.

Signed-off-by: Leandro Lucarella &lt;luca-frequenz@llucax.com&gt;
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -6,26 +6,30 @@
 # For more details on the configuration please see:
 # https://github.com/marketplace/actions/labeler
 
-"part:docs": 
+"part:docs":
   - "**/*.md"
+  - "docs/**"
+  - "examples/**"
   - LICENSE
 
 "part:tests":
-  - "tests/**"
+  - "pytests/**"
 
 "part:tooling":
+  - "**/*.ini"
+  - "**/*.toml"
+  - "**/*.yaml"
+  - "**/*.yml"
+  - ".editorconfig"
   - ".git*"
   - ".git*/**"
-  - "**/*.toml"
-  - "**/*.ini"
+  - "docs/*.py"
   - CODEOWNERS
   - MANIFEST.in
-  - "*requirements*.txt"
-  - setup.py
-  - setup.cfg
+  - noxfile.py
 
 "part:protobuf":
   - "proto/**"
-  
+
 "part:python":
   - "py/**"
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -1,13 +1,5 @@
 name: Pull Request Labeler
 
-# XXX: !!! SECURITY WARNING !!!
-# pull_request_target has write access to the repo, and can read secrets. We
-# need to audit any external actions executed in this workflow and make sure no
-# checked out code is run (not even installing dependencies, as installing
-# dependencies usually can execute pre/post-install scripts). We should also
-# only use hashes to pick the action to execute (instead of tags or branches).
-# For more details read:
-# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
 on: [pull_request_target]
 
 jobs:
@@ -18,7 +10,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Labeler
-        # Only use hashes, see the security comment above
+        # XXX: !!! SECURITY WARNING !!!
+        # pull_request_target has write access to the repo, and can read secrets. We
+        # need to audit any external actions executed in this workflow and make sure no
+        # checked out code is run (not even installing dependencies, as installing
+        # dependencies usually can execute pre/post-install scripts). We should also
+        # only use hashes to pick the action to execute (instead of tags or branches).
+        # For more details read:
+        # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
         uses: actions/labeler@0776a679364a9a16110aac8d0f40f5e11009e327  # 4.0.4
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          dot: true
