name: External PR labelling

on:
  # We need "write" permissions on the PR to be able to add a label.
  pull_request_target: # zizmor: ignore[dangerous-triggers] We need this to have labelling permissions. There are no user inputs here, so we should be fine.
    types:
      - opened

permissions: {}

jobs:
  label-if-external:
    name: Add 'pr/external' label if the PR is external
    if: github.event.pull_request.author_association != 'MEMBER' && github.event.pull_request.author_association != 'OWNER'
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write # to write the label

    steps:
      - name: Add the 'pr/external' label
        env:
          PR_NUMBER: ${{ github.event.pull_request.number }}
        run: |
          echo "Adding 'pr/external' label to the PR"
          gh pr edit "$PR_NUMBER" --add-label pr/external