workflows/{eval,labels}: allow testing labeling job in forks

A while ago, I added those "owner == NixOS" conditions, because I couldn't figure out why my fork kept failing those jobs, even though I had set up the apps correctly. Turns out, that when a label doesn't exist, those actions try to implicitly create it. But to do that, they actually need write permissions on the *issues* endpoint, the pull-requests endpoint is not enough. Even though the docs state otherwise. Thus, adding those permissions. This will also lead to new labels being created when they are added via code (for example in .github/labels.yml), even when they had not been created, yet. Labels created this way will initially be grayish color and without description - but we can always add those later, there is no point in failing pipelines for everyone in that case.
2025-06-09 19:13:26 +03:00 · 2025-05-26 15:48:15 +02:00 · 2025-05-26 15:48:15 +02:00 · d2ff68b564
commit d2ff68b564
parent 9d1de18194
2 changed files with 6 additions and 4 deletions
--- a/.github/workflows/eval.yml
+++ b/.github/workflows/eval.yml
@ -159,6 +159,7 @@ jobs:
    needs: [ prepare, outpaths ]
    if: needs.prepare.outputs.targetSha
    permissions:
+      issues: write # needed to create *new* labels
      pull-requests: write
      statuses: write
    steps:
@ -213,7 +214,7 @@ jobs:
        run: nix-build trusted/ci -A requestReviews

      - name: Labelling pull request
-        if: ${{ github.event_name == 'pull_request_target' && github.repository_owner == 'NixOS' }}
+        if: ${{ github.event_name == 'pull_request_target' }}
        env:
          GH_TOKEN: ${{ github.token }}
          REPOSITORY: ${{ github.repository }}
@ -247,7 +248,7 @@ jobs:
          done < <(comm -13 before after)

      - name: Add eval summary to commit statuses
-        if: ${{ github.event_name == 'pull_request_target' && github.repository_owner == 'NixOS' }}
+        if: ${{ github.event_name == 'pull_request_target' }}
        env:
          GH_TOKEN: ${{ github.token }}
          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
@ -279,7 +280,7 @@ jobs:
          permission-pull-requests: write

      - name: Requesting maintainer reviews
-        if: ${{ steps.app-token.outputs.token && github.repository_owner == 'NixOS' }}
+        if: ${{ steps.app-token.outputs.token }}
        env:
          GH_TOKEN: ${{ github.token }}
          REPOSITORY: ${{ github.repository }}
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@ -10,13 +10,14 @@ on:

 permissions:
  contents: read
+  issues: write # needed to create *new* labels
  pull-requests: write

 jobs:
  labels:
    name: label-pr
    runs-on: ubuntu-24.04-arm
-    if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
+    if: "!contains(github.event.pull_request.title, '[skip treewide]')"
    steps:
      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
        if: |