Update milestone and label workflows for maintainers, developers, and bots

[Copilot]

The milestone.yml workflow only auto-assigned the next-release milestone for bot-authored PRs. This extends it to also trigger for PRs opened by project maintainers/developers. Additionally, a new label.yml workflow centralizes dependency label assignment for bot PRs, replacing the duplicate label configuration in dependabot.yml.

Changes proposed in this pull request

• Renamed workflow from "Assign milestone to automated PRs" → "Assign milestone to PRs" to reflect the broader scope
• Added BornToBeRoot to the allowed PR authors list in milestone.yml so the next-release milestone is also assigned to maintainer/developer PRs
• Added new .github/workflows/label.yml workflow that assigns the :heavy_check_mark: dependencies label to PRs opened by dependabot[bot], transifex-integration[bot], and imgbot[bot]
• Removed duplicate labels entries from all three package ecosystems (nuget, dotnet-sdk, npm) in .github/dependabot.yml since label assignment is now handled by the new workflow

Related issue(s)

Copilot generated summary

Copilot summary

Three GitHub configuration files were updated. milestone.yml was renamed from "Assign milestone to automated PRs" to "Assign milestone to PRs" and extended to include BornToBeRoot in its author filter, so the next-release milestone is automatically assigned to maintainer PRs as well as bot PRs. A new label.yml workflow was added that triggers on pull_request_target for opened/reopened events and uses actions/github-script@v7 to add the :heavy_check_mark: dependencies label to PRs from dependabot[bot], transifex-integration[bot], and imgbot[bot]. Correspondingly, the labels field was removed from all three package ecosystem entries in dependabot.yml to eliminate the now-duplicate label configuration.

To-Do

• Update documentation to reflect this changes
• Update changelog to reflect this changes

Contributing

By submitting this pull request, I confirm the following:

• I have read and understood the contributing guidelines and the code of conduct.
• I have have added my name, username or email to the contributors list or don't want to.
• The code or resource is compatible with the GNU General Public License v3.0.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[BornToBeRoot]

@copilot Can you also add a workflow for transifex, dependabot, imgbot to add the label :heavy_check_mark: dependencies. And remove the label from the dependabot config (it's a duplicate then)

[Copilot]

@copilot Can you also add a workflow for transifex, dependabot, imgbot to add the label :heavy_check_mark: dependencies. And remove the label from the dependabot config (it's a duplicate then)

Done in c115055. Added .github/workflows/label.yml that assigns the :heavy_check_mark: dependencies label to PRs from dependabot[bot], transifex-integration[bot], and imgbot[bot] on open/reopen. Removed the duplicate labels entries from all three ecosystems in .github/dependabot.yml.

[Copilot]

Pull request overview

Updates GitHub Actions automation so PRs from trusted maintainers/developers and common bots get consistent milestone/label management, and removes duplicated Dependabot label configuration.

Changes:

• Broaden milestone.yml to assign the next-release milestone for maintainer/developer PRs in addition to bot PRs.
• Add a new label.yml workflow to apply the :heavy_check_mark: dependencies label to bot-authored PRs.
• Remove Dependabot labels configuration now that labeling is handled via workflow.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/milestone.yml	Expands author filter and updates workflow name for milestone assignment.
.github/workflows/label.yml	New workflow to apply the dependencies label to bot PRs.
.github/dependabot.yml	Removes duplicate label settings now handled by label.yml.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The job requests both issues: write and pull-requests: write, but the script only calls the Issues API (listMilestones / issues.update). Consider dropping pull-requests: write here to follow least-privilege permissions.

Suggested change

pull-requests: write

[Copilot]

This workflow name is quite generic, but the workflow only assigns a single, specific label (dependencies). Renaming it to something like "Assign dependencies label" would make it easier to identify in the Actions UI and in audit logs.

Suggested change

	name: Assign label to PRs
	name: Assign dependencies label

[Copilot]

The job grants pull-requests: write, but the step only uses github.rest.issues.addLabels (Issues API). Consider removing pull-requests: write and keeping only issues: write to minimize the token’s scope.

Suggested change

pull-requests: write