generic/.github/workflows/release-drafter.yml

name: Release Drafter

on:
  push:
    branches: main

permissions:
  contents: read

jobs:
  update-release-draft:
    permissions:
      contents: write  # for release-drafter/release-drafter to create a github release
      pull-requests: write  # for release-drafter/release-drafter to add label to PR
    runs-on: ubuntu-latest
    if: "!contains(github.event.head_commit.message, 'skip ci')"
    steps:
      # Drafts your next Release notes as Pull Requests are merged into "main"
      - name: Harden Runner
        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
        with:
          egress-policy: audit

      - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}