Established Actions run not loading secrets (external PR)

It has been some time since we’ve had a PR from an external contributor on one of public repos. This repository has two Actions files, one to build, test and lint on PR’s and the second to build, test, lint and deploy on merge to master.

An external contributor submitted a PR from their fork. When the Action runs for this PR, the secret defined doesn’t load, failing the action. I noticed there has been security changes around this, but I am unable to figure out how I get my CI working again with external contributions. It can’t be this difficult, I must be missing something. Thank you for your time.

So I guess what I am looking for here is guidance on how we run Actions on external PR’s so they can be vetted before merge, etc.

Is it changing the event to pull_request_target from pull_request? It sounds like this may be it, though it really isn’t clear in the docs.