CI(label-for-external-users): check membership using secrets #31

	name: Add `external` label to issues and PRs created by external users

	on:
	push:
	issues:
	types:
	- opened
	pull_request:
	types:
	- opened

	# No permission for GITHUB_TOKEN by default; the minimal required set of permissions should be granted in each job.
	permissions: {}

	env:
	LABEL: external

	jobs:
	check-user:
	runs-on: ubuntu-22.04

	outputs:
	is-member: ${{ steps.check-user.outputs.is-member }}

	steps:
	- name: Check whether `${{ github.actor }}` is a member of `${{ github.repository_owner }}`
	id: check-user
	env:
	HAS_ACCESS_TO_SECRETS: ${{ secrets.DUMMY }}
	run: \|
	if [ -n "${HAS_ACCESS_TO_SECRETS}" ]; then
	is_member=true
	else
	is_member=false
	fi

	echo "is-member=${is_member}" \| tee -a ${GITHUB_OUTPUT}

	add-label:
	if: needs.check-user.outputs.is-member == 'false'
	needs: [ check-user ]

	runs-on: ubuntu-22.04
	permissions:
	pull-requests: write # for `gh pr edit`
	issues: write # for `gh issue edit`

	steps:
	- name: Label new ${{ github.event_name }}
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	ITEM_NUMBER: ${{ github.event[github.event_name == 'pull_request' && 'pull_request' \|\| 'issue'].number }}
	GH_CLI_COMMAND: ${{ github.event_name == 'pull_request' && 'pr' \|\| 'issue' }}
	run: \|
	gh ${GH_CLI_COMMAND} --repo ${GITHUB_REPOSITORY} edit --add-label=${LABEL} ${ITEM_NUMBER}

Provide feedback