Assisted-by: Antigravity with Gemini --------- Co-authored-by: Dana Jansens <danakj@orodu.net>
@@ -7,6 +7,10 @@ on:
pull_request_target:
types: [opened, synchronize, labeled, unlabeled]
+# This workflow runs as `pull_request_target` so that the check can't be
+# disabled or bypassed by the PR, but it doesn't need any permissions.
+permissions: {}
+
jobs:
check_label:
runs-on: ubuntu-latest
Chandler Carruth