vikunja/.github
Copilot b38780e246
feat(ci): update Docker PR push build strategy for forked PRs (#1812)
This change switches from pull_request to pull_request_target trigger,
allowing PRs from forks to successfully build and push Docker images.

The pull_request trigger provides a read-only GITHUB_TOKEN for fork PRs,
even when permissions.packages is set to write. This caused builds to fail
for external contributors.

Using pull_request_target is safe here because:
- We explicitly checkout the PR's head SHA
- Only Docker build happens (isolated, no arbitrary code execution)
- No untrusted scripts are run in the workflow context

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-11-13 08:52:20 +00:00
..
ISSUE_TEMPLATE chore: add feature issue template 2025-08-30 16:47:32 +02:00
actions/setup-frontend chore(deps): update actions/setup-node action to v6 (#1654) 2025-10-14 12:12:21 +02:00
workflows feat(ci): update Docker PR push build strategy for forked PRs (#1812) 2025-11-13 08:52:20 +00:00
FUNDING.yml chore: update funding links 2023-02-03 11:48:44 +01:00