mirror of
https://github.com/go-vikunja/vikunja.git
synced 2026-04-24 22:25:15 +00:00
b38780e246
This change switches from pull_request to pull_request_target trigger, allowing PRs from forks to successfully build and push Docker images. The pull_request trigger provides a read-only GITHUB_TOKEN for fork PRs, even when permissions.packages is set to write. This caused builds to fail for external contributors. Using pull_request_target is safe here because: - We explicitly checkout the PR's head SHA - Only Docker build happens (isolated, no arbitrary code execution) - No untrusted scripts are run in the workflow context Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com> Co-authored-by: kolaente <k@knt.li>