# yaml-language-server: $schema=https://json.schemastore.org/github-action.json # permissions: # - issues: write # Required for syncing labels --- name: Sync labels description: Sync labels from a YAML file to a GitHub repository author: Ismo Vuorinen branding: icon: tag color: blue inputs: labels: description: 'Path to the labels YAML file' required: true default: 'labels.yml' token: description: 'GitHub token for authentication' required: false default: ${{ github.token }} outputs: labels: description: 'Path to the labels YAML file' value: ${{ inputs.labels }} runs: using: 'composite' steps: - name: Validate Inputs id: validate shell: sh env: LABELS_FILE: ${{ inputs.labels }} GITHUB_TOKEN: ${{ inputs.token }} run: | set -eu # Validate labels file path format case "$LABELS_FILE" in *".."*|"/"*) echo "::error::Invalid labels file path: '$LABELS_FILE'. Path traversal not allowed" exit 1 ;; esac # Validate labels file extension case "$LABELS_FILE" in *.yml|*.yaml) ;; *) echo "::error::Invalid labels file extension: '$LABELS_FILE'. Expected .yml or .yaml file" exit 1 ;; esac # Validate token is provided (basic check) if [ -z "$GITHUB_TOKEN" ]; then echo "::error::GitHub token is required for label synchronization" exit 1 fi - name: ⤵️ Download latest labels definitions shell: sh env: LABELS_FILE: ${{ inputs.labels }} run: | set -eu curl -s --retry 5 \ "https://raw.githubusercontent.com/ivuorinen/actions/main/sync-labels/labels.yml" \ > "$LABELS_FILE" - name: 🚀 Run Label Syncer uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0 env: GITHUB_TOKEN: ${{ inputs.token }} with: manifest: ${{ inputs.labels }}