From 39b0381c93c9ec92bb2177b0e8c85a886bf2eb9a Mon Sep 17 00:00:00 2001
From: Igor Pecovnik <igor@armbian.com>
Date: Mon, 14 Apr 2025 06:58:03 +0200
Subject: [PATCH] Label on approved is running with wrong permissions

pull_request_review might not grant required permissions. pull_request_target runs in the context of the base repository (i.e., the one the PR is targeting),
giving the correct access to secrets and permissions.
---
 .github/workflows/pr-label-on-approved.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr-label-on-approved.yml b/.github/workflows/pr-label-on-approved.yml
index 35e701d02..d01041d46 100644
--- a/.github/workflows/pr-label-on-approved.yml
+++ b/.github/workflows/pr-label-on-approved.yml
@@ -1,5 +1,5 @@
-on: pull_request_review
-name: Label approved pull requests
+name: "Label approved pull requests"
+on: pull_request_target
 
 permissions:
   contents: read          # Required for checking changed files
@@ -9,10 +9,10 @@ permissions:
 jobs:
   labelWhenApproved:
     if: ${{ github.repository_owner == 'armbian' }}
-    name: Label when approved
+    name: "Label when approved"
     runs-on: ubuntu-latest
     steps:
-    - name: Label when approved
+    - name: "Label when approved"
       uses: pullreminders/label-when-approved-action@master
       env:
         APPROVALS: "1"