Skip to content

fix(ci): run PR automation via pull_request_target for fork PRs#169

Open
jmeridth wants to merge 1 commit into
mainfrom
fix/pr-automation-fork-token
Open

fix(ci): run PR automation via pull_request_target for fork PRs#169
jmeridth wants to merge 1 commit into
mainfrom
fix/pr-automation-fork-token

Conversation

@jmeridth

@jmeridth jmeridth commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Proposed Changes

The auto-author-assign and mark-ready-when-ready workflows trigger on pull_request. For PRs from forks, GitHub caps the GITHUB_TOKEN at read-only regardless of the declared permissions: block, so both jobs fail:

  • auto-author-assign: Resource not accessible by integration on the assignees API.
  • mark-ready-when-ready: Token is missing required permissions: contents: write.

This switches both to pull_request_target, which runs in the base-repo context and receives a read-write token even for fork PRs.

This is safe because neither workflow checks out or executes PR-head code:

  • pull_request_target runs the workflow definition from the base branch, so a fork PR cannot alter these workflows to abuse the elevated token.
  • toshimaru/auto-author-assign assigns the author purely via the API from the event payload.
  • kenyonj/mark-ready-when-ready reads the PR number, draft flag, labels, and head.sha from the event payload (verified it uses github.event.pull_request.head.sha, not github.sha) and acts only via gh api.

No checkout step exists in either workflow, so there is no untrusted code execution.

Verification

actionlint and the repo's pre-commit hooks pass on both files.

Readiness Checklist

Author/Contributor

  • If documentation is needed for this change, has that been included in this pull request (no user-facing docs change needed)

The auto-author-assign and mark-ready-when-ready workflows trigger on
pull_request, so PRs from forks get a read-only GITHUB_TOKEN and both jobs
fail (assignees API denied; contents: write denied). Switch both to
pull_request_target, which runs in the base-repo context with a read-write
token even for fork PRs.

This is safe because neither workflow checks out or executes PR-head code.
Both actions operate purely on the event payload (PR number, draft flag,
labels, head SHA) via the API, so the base-repo context evaluates no
untrusted code.

## What/Why

Auto-assign and auto-mark-ready silently fail on every external fork PR
because pull_request gives forks a read-only token; pull_request_target
restores a read-write token without executing fork code.

## Proof it works

actionlint and pre-commit pass. Verified kenyonj/mark-ready-when-ready reads
github.event.pull_request.head.sha (not github.sha) and toshimaru/auto-author-assign
acts via the assignees API, so neither depends on a PR-head checkout.

## Risk + AI role

Low. CI-only. Edits drafted with Claude Opus 4.8, reviewed by a human. The
main review concern is confirming neither workflow ever adds a PR-code
checkout in future edits, which would turn pull_request_target into a
pwn-request vector.

## Review focus

Whether pull_request_target is acceptable here versus gating the jobs to skip
on fork PRs (which would drop the feature for external contributors instead).

Signed-off-by: jmeridth <jmeridth@gmail.com>
@jmeridth jmeridth self-assigned this Jul 8, 2026
@jmeridth jmeridth marked this pull request as ready for review July 8, 2026 18:11
@jmeridth jmeridth requested a review from zkoppert as a code owner July 8, 2026 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant