From 9799d2adf16d591432c70775c41c42890f4fc8c6 Mon Sep 17 00:00:00 2001
From: Jacob Walls <jacobtylerwalls@gmail.com>
Date: Fri, 10 Apr 2026 08:21:46 -0400
Subject: [6.0.x] Removed unused code checkout step from labels.yml GitHub
 Action.

Backport of f0b75f46fd0ee98c10887b3c5dc4593d2bccf821 from main.
---
 .github/workflows/labels.yml | 4 ----
 zizmor.yml                   | 2 ++
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index 807563322f..3042f4d228 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -21,10 +21,6 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-
       - name: "Check title and manage labels"
         uses: actions/github-script@v8
         with:
diff --git a/zizmor.yml b/zizmor.yml
index 76e53f73cc..5bf79eb8cc 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -1,5 +1,7 @@
 rules:
   dangerous-triggers:
+    # Before ignoring a file, assume all inputs are malicious, assign explicit
+    # minimal permissions, and do not use actions/checkout.
     ignore:
       - labels.yml
       - new_contributor_pr.yml
-- 
cgit v1.3