From d355c17dc3b7f3349d1dfe919df9bc40b25e4ed3 Mon Sep 17 00:00:00 2001
From: Igor Pecovnik <igor@armbian.com>
Date: Thu, 31 Oct 2024 08:39:50 +0100
Subject: [PATCH] Change pull request trigger in order to get permissions back
 in order

---
 .github/workflows/pr-auto-labeler.yml      | 7 ++++---
 .github/workflows/pr-build-artifacts.yml   | 8 +++-----
 .github/workflows/pr-label-on-approved.yml | 3 ++-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/pr-auto-labeler.yml b/.github/workflows/pr-auto-labeler.yml
index d0765980a..fd2aa5d8d 100644
--- a/.github/workflows/pr-auto-labeler.yml
+++ b/.github/workflows/pr-auto-labeler.yml
@@ -4,9 +4,7 @@ run-name: 'Set labels - PR #${{ github.event.pull_request.number }} ("${{ github
 # Set labels for pull requests automatically based on size (modified via job 'label-size') and file categories (modified via .github/labeler)
 #
 
-on:
-  pull_request:
-    types: [opened, reopened, synchronize]
+on: pull_request_target
 
 jobs:
   label-remove:
@@ -17,6 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: PauMAVA/add-remove-label-action@v1.0.3
+        if: ${{ github.event.action == opened || github.event.action == reopened || github.event.action == synchronize }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           add: ""
@@ -33,6 +32,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: actions/labeler@v5
+        if: ${{ github.event.action == opened || github.event.action == reopened || github.event.action == synchronize }}
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
 
@@ -47,6 +47,7 @@ jobs:
     steps:
       - name: size-label
         uses: "pascalgn/size-label-action@v0.5.5"
+        if: ${{ github.event.action == opened || github.event.action == reopened || github.event.action == synchronize }}
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
diff --git a/.github/workflows/pr-build-artifacts.yml b/.github/workflows/pr-build-artifacts.yml
index 3ef7c49f6..a4cb8f819 100644
--- a/.github/workflows/pr-build-artifacts.yml
+++ b/.github/workflows/pr-build-artifacts.yml
@@ -5,22 +5,20 @@ run-name: "Generate artifacts - PR #${{ github.event.pull_request.number }} - by
 # In the run name, ${{ github.actor }} shows who's privileges are used for this run.
 #
 
-on:
-  pull_request:
-    types: [opened, reopened, synchronize, labeled]
+on: pull_request_target
 
 jobs:
   Check:
     permissions:
       pull-requests: read
 
-    name: Check label and authorization
-    if: contains(github.event.pull_request.labels.*.name, 'Build')
+    name: Check label and authorization  
     runs-on: Linux
     outputs:
       member: ${{ steps.checkUserMember.outputs.isTeamMember }}
     steps:
       - uses: tspascoal/get-user-teams-membership@v3
+        if: contains(github.event.pull_request.labels.*.name, 'Build')
         id: checkUserMember
         with:
           username: ${{ github.actor }}
diff --git a/.github/workflows/pr-label-on-approved.yml b/.github/workflows/pr-label-on-approved.yml
index 01407cbe3..07cdb3909 100644
--- a/.github/workflows/pr-label-on-approved.yml
+++ b/.github/workflows/pr-label-on-approved.yml
@@ -1,7 +1,8 @@
-on: pull_request_review
+on: pull_request_target
 name: Label approved pull requests
 jobs:
   labelWhenApproved:
+    if: github.event.review.state == 'approved'
     name: Label when approved
     runs-on: ubuntu-latest
     steps: