From 3151996af3677204d8a8f1632b2db4f067155fc3 Mon Sep 17 00:00:00 2001
From: Philipp Kief <philipp.kief@gmx.de>
Date: Mon, 6 Jan 2025 21:48:18 +0100
Subject: [PATCH] fix(workflows): :ambulance: fix permissions of workflows with
 label management

---
 .github/{actions => scripts}/update-status-label.sh | 0
 .github/workflows/build.yml                         | 3 ++-
 .github/workflows/color-check.yml                   | 5 +++--
 .github/workflows/pr-title.yml                      | 5 +++--
 4 files changed, 8 insertions(+), 5 deletions(-)
 rename .github/{actions => scripts}/update-status-label.sh (100%)

diff --git a/.github/actions/update-status-label.sh b/.github/scripts/update-status-label.sh
similarity index 100%
rename from .github/actions/update-status-label.sh
rename to .github/scripts/update-status-label.sh
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d2b37943e9..f3e861de74 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,6 +28,7 @@ on:
 permissions:
   contents: read
   pull-requests: write
+  issues: write # Update issue labels
 
 jobs:
   build:
@@ -57,6 +58,6 @@ jobs:
 
       - name: 🏷️ Manage label based on build result
         if: ${{ github.event_name == 'pull_request' }}
-        run: .github/actions/update-status-label.sh ${{ github.event.pull_request.number }} ${{ steps.build.outcome }} "❌ failed build"
+        run: .github/scripts/update-status-label.sh ${{ github.event.pull_request.number }} ${{ steps.build.outcome }} "❌ failed build"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/color-check.yml b/.github/workflows/color-check.yml
index aea4c242bd..51066e0706 100644
--- a/.github/workflows/color-check.yml
+++ b/.github/workflows/color-check.yml
@@ -8,6 +8,7 @@ on:
 permissions:
   contents: read
   pull-requests: write
+  issues: write # Update issue labels
 
 jobs:
   color-check:
@@ -23,7 +24,7 @@ jobs:
           persist-credentials: false
           sparse-checkout-cone-mode: false
           sparse-checkout: |
-            .github/actions/update-status-label.sh
+            .github/scripts/update-status-label.sh
             material-colors.yml
             icons/
 
@@ -39,6 +40,6 @@ jobs:
 
       - name: 🏷️ Manage label based on color check result
         if: always()
-        run: .github/actions/update-status-label.sh ${{ github.event.pull_request.number }} ${{ steps.color-check.outcome }} "🎨 invalid colors"
+        run: .github/scripts/update-status-label.sh ${{ github.event.pull_request.number }} ${{ steps.color-check.outcome }} "🎨 invalid colors"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index ee3f951662..48ffaae668 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -6,6 +6,7 @@ on:
 
 permissions:
   pull-requests: write
+  issues: write # Update issue labels
 
 jobs:
   lint-pr-title:
@@ -22,7 +23,7 @@ jobs:
           sparse-checkout-cone-mode: false
           sparse-checkout: |
             commitlint.config.js
-            .github/actions/update-status-label.sh
+            .github/scripts/update-status-label.sh
 
       - name: 📦 Install dependencies
         run: npm install --global @commitlint/config-conventional commitlint
@@ -36,6 +37,6 @@ jobs:
 
       - name: 🏷️ Manage label based on PR title check result
         if: always()
-        run: .github/actions/update-status-label.sh ${{ github.event.pull_request.number }} ${{ steps.title-check.outcome }} "🔤 invalid title"
+        run: .github/scripts/update-status-label.sh ${{ github.event.pull_request.number }} ${{ steps.title-check.outcome }} "🔤 invalid title"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}