vikunja/.github/workflows
Copilot b38780e246
feat(ci): update Docker PR push build strategy for forked PRs (#1812)
This change switches from pull_request to pull_request_target trigger,
allowing PRs from forks to successfully build and push Docker images.

The pull_request trigger provides a read-only GITHUB_TOKEN for fork PRs,
even when permissions.packages is set to write. This caused builds to fail
for external contributors.

Using pull_request_target is safe here because:
- We explicitly checkout the PR's head SHA
- Only Docker build happens (isolated, no arbitrary code execution)
- No untrusted scripts are run in the workflow context

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-11-13 08:52:20 +00:00
..
ci.yml ci: remove concurrency from test workflow (#863) 2025-07-01 20:55:58 +02:00
crowdin.yml chore(deps): update crowdin/github-action digest to 08713f0 (#1687) 2025-10-20 10:11:01 +00:00
issue-closed-comment.yml chore(deps): update actions/create-github-app-token action to v2 (#1809) 2025-11-12 22:46:44 +00:00
pr-docker.yml feat(ci): update Docker PR push build strategy for forked PRs (#1812) 2025-11-13 08:52:20 +00:00
release.yml chore(deps): update softprops/action-gh-release digest to 5be0e66 (#1777) 2025-11-10 22:44:00 +00:00
test.yml chore(deps): update cypress/browsers:latest docker digest to e85371f (#1798) 2025-11-12 21:08:47 +01:00