`pull_request_target` not triggering workflow


I’m attempting to debug running integration tests through GitHub actions. I’d like to access the link to the repo from which I’m making the PR. When i use the pull_request event, github.repository points to the repo I’m trying to merge in, instead of a fork making the PR.

Based on this doc, I tired using pull_request_target to access the repo making the PR. However, that just doesn’t trigger the workflow at all.

Here is the exact change I’m trying to make: [Fix] Run CI in forked context by annieke · Pull Request #248 · ethereum-optimism/contracts · GitHub

Thanks so much!

1 Like

Xin loi chung toi se co gan khac phuc

1 Like

I have the exactly same issue.
i’m trying to figure out solution since this behavior change introduced GitHub Actions: Workflows triggered by Dependabot PRs will run with read-only permissions - GitHub Changelog

name: CI

    branches: [master]
    branches: [master]
    types: [opened, synchronize]

but the workflow is never triggered at all

is there any org/repo settings i missed?

Did you ever figure this out? Either of you?

1 Like

Bumping this, as I’m having exactly the same issue

You have to commit your workflow with the pull_request_target trigger on your target / base branch of your Pull Request.

I have the feeling you thought pull_request_target will behave like the pull_request trigger which uses the workflow (potentially modified by an attacker) from your PR branch.

If you now open a PR against your target / base branch (doesn’t have to be your default branch), the pull_request_target trigger of your target / base branchs workflow is executed without any workflow changes of your pull request.

For example if you want to open a PR against your master branch, you have to commit your workflow with the pull_request_target before you open your PR against your master branch. Any changes to the workflow of your pr are ignored, to protect your repository and secrets from an attacker.