From 2593a70dceda48e7a675ba6ffc6430d68ab86b61 Mon Sep 17 00:00:00 2001
From: Okinea Dev <hi@okinea.dev>
Date: Mon, 20 Jan 2025 09:15:17 +0200
Subject: [PATCH 1/3] =?UTF-8?q?feat(ci):=20=F0=9F=94=96=20add=20labels=20t?=
 =?UTF-8?q?o=20PRs=20and=20use=20reusable=20workflows?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/add-labels.yml  | 28 ++++++++++++++++++++++++++++
 .github/workflows/build.yml       |  1 -
 .github/workflows/color-check.yml |  1 -
 .github/workflows/pr-closed.yml   | 24 +++++++-----------------
 .github/workflows/pr-title.yml    | 28 +++-------------------------
 5 files changed, 38 insertions(+), 44 deletions(-)
 create mode 100644 .github/workflows/add-labels.yml

diff --git a/.github/workflows/add-labels.yml b/.github/workflows/add-labels.yml
new file mode 100644
index 0000000000..d713520cc1
--- /dev/null
+++ b/.github/workflows/add-labels.yml
@@ -0,0 +1,28 @@
+name: 🔖 Add status labels
+
+on:
+  workflow_run:
+    workflows:
+      - 🛠️ Build + Test
+      - 🎨 Check SVG icon colors
+      - ✅ Check PR Title
+    types: [completed]
+
+jobs:
+  add-labels:
+    runs-on: ubuntu-latest
+
+    if: github.event.workflow_run.event == 'pull_request'
+
+    steps:
+      - name: 🏷️ Manage label based on workflow result
+        uses: material-extensions/add-labels@60e0e247ae419e306ff73fff891bbf9bcf7d85c4 # v1.0.5
+        with:
+          labels: |
+            ${{ github.event.workflow_run.name == '🛠️ Build + Test'          && '❌ build failed'   ||
+                github.event.workflow_run.name == '🎨 Check SVG icon colors' && '🎨 wrong colors' ||
+                github.event.workflow_run.name == '✅ Check PR Title'        && '📝 invalid title'  }}
+
+          action: ${{ github.event.workflow_run.conclusion == 'failure' && 'add' || 'remove' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1f0edbdad4..090b2db63c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -48,7 +48,6 @@ jobs:
         run: bun install --frozen-lockfile
 
       - name: 🚀 Test + Build
-        id: build
         run: |
           bun test
           bun run vscode:prepublish
diff --git a/.github/workflows/color-check.yml b/.github/workflows/color-check.yml
index 6a9ccc7064..10ad7fa0cc 100644
--- a/.github/workflows/color-check.yml
+++ b/.github/workflows/color-check.yml
@@ -32,7 +32,6 @@ jobs:
           git fetch origin $TARGET_BRANCH
 
       - name: 🎨 Check colors
-        id: color-check
         run: |
           svgFiles=$(git diff origin/$TARGET_BRANCH --diff-filter=ACMRTUX  --name-only | grep '.svg$')
           npx svg-color-linter --config material-colors.yml ${svgFiles}
diff --git a/.github/workflows/pr-closed.yml b/.github/workflows/pr-closed.yml
index 4f2ad5798a..7190a833d3 100644
--- a/.github/workflows/pr-closed.yml
+++ b/.github/workflows/pr-closed.yml
@@ -1,7 +1,7 @@
 name: 🎉 PR closed
 
 on:
-  pull_request:
+  pull_request_target:
     types:
       - closed
 
@@ -11,23 +11,13 @@ permissions:
 
 jobs:
   thank-you:
-    runs-on: ubuntu-latest
-
     if: github.event.pull_request.merged == true
 
-    steps:
-      - name: 🙏 Post Thank You Comment
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `
-              ## Merge Successful
+    uses: material-extensions/workflows/.github/workflows/pr-closed.yml@main
+    with:
+      comment: |
+        ## Merge Successful
 
-              Thanks for your contribution! 🎉
+        Thanks for your contribution! 🎉
 
-              The changes will be part of the upcoming update on the Marketplace.`
-            })
+        The changes will be part of the upcoming update on the Marketplace.
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index a920a3d0b4..08f7636a7a 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -4,32 +4,10 @@ on:
   pull_request:
     types: [opened, edited]
 
-permissions:
-  pull-requests: write
-
 jobs:
   lint-pr-title:
-    name: Check PR Title
-
-    runs-on: ubuntu-latest
-
     if: ${{ github.event.action == 'opened' || github.event.changes.title != null }}
 
-    steps:
-      - name: 📥 Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          # Only fetch the config file from the repository
-          sparse-checkout-cone-mode: false
-          sparse-checkout: |
-            commitlint.config.js
-
-      - name: 📦 Install dependencies
-        run: npm install --global @commitlint/config-conventional commitlint
-
-      - name: 🔍 Check PR title with commitlint
-        id: title-check
-        env:
-          PR_TITLE: ${{ github.event.pull_request.title }}
-          HELP_URL: https://github.com/material-extensions/vscode-material-icon-theme/blob/main/CONTRIBUTING.md#conventional-pull-request-titles
-        run: echo "$PR_TITLE" | npx commitlint --help-url $HELP_URL
+    uses: material-extensions/workflows/.github/workflows/pr-title.yml@main
+    with:
+      commitlint-help-url: https://github.com/material-extensions/vscode-material-icon-theme/blob/main/CONTRIBUTING.md#conventional-pull-request-titles

From 7512b147ec15d958256f2e9f3c6c01da695356c6 Mon Sep 17 00:00:00 2001
From: Okinea Dev <hi@okinea.dev>
Date: Mon, 20 Jan 2025 09:26:15 +0200
Subject: [PATCH 2/3] =?UTF-8?q?fix:=20=F0=9F=9B=A1=EF=B8=8F=20fix=20securi?=
 =?UTF-8?q?ty=20backdoors.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/add-labels.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/add-labels.yml b/.github/workflows/add-labels.yml
index d713520cc1..a876dbd6fe 100644
--- a/.github/workflows/add-labels.yml
+++ b/.github/workflows/add-labels.yml
@@ -8,6 +8,10 @@ on:
       - ✅ Check PR Title
     types: [completed]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   add-labels:
     runs-on: ubuntu-latest

From 6beb5edf0545646d1d41e50ae0eed65a572bc8c9 Mon Sep 17 00:00:00 2001
From: Okinea Dev <hi@okinea.dev>
Date: Tue, 21 Jan 2025 08:34:35 +0200
Subject: [PATCH 3/3] =?UTF-8?q?chore(ci):=20=F0=9F=94=A7=20remove=20unnece?=
 =?UTF-8?q?ssary=20permissions=20in=20PR=20closed=20workflow?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Removed `contents: read` permission from the `pr-closed.yml` workflow.
---
 .github/workflows/pr-closed.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/pr-closed.yml b/.github/workflows/pr-closed.yml
index 7190a833d3..c870517cef 100644
--- a/.github/workflows/pr-closed.yml
+++ b/.github/workflows/pr-closed.yml
@@ -6,7 +6,6 @@ on:
       - closed
 
 permissions:
-  contents: read
   pull-requests: write
 
 jobs: