Skip to content

fix: add-to-triage does not work on PRs from fork #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nzakas merged 4 commits into from
Aug 11, 2025
Merged

fix: add-to-triage does not work on PRs from fork #11

nzakas merged 4 commits into from
Aug 11, 2025

Conversation

@lumirlumir
Copy link
Member

@lumirlumir lumirlumir commented Aug 7, 2025
edited
Loading

Prerequisites checklist

What is the purpose of this pull request?

Hi,

In this PR, I've fixed the issue where the add-to-triage workflow wasn't working on PRs from forks.

The workflow works for members who have direct access to create branches, but it doesn't work for forked repositories.

Currently, this problem arises in the Markdown repository when contributors make contributions.

https://github.com/eslint/markdown/actions/runs/16787402125/job/47558666610?pr=500

image

I've found the solution for this at the link below:

actions/add-to-project#422

We need to use the pull_request_target event instead of the pull_request event to ensure it works with forked repositories.

The difference between pull_request_target and pull_request is:

  • The pull_request event runs in the PR's HEAD branch. So, if I'm working on the lumirlumir/markdown repository, the workflow runs on that repository, and contributors never have access to the token information since their forked repository doesn't have the secret key.

  • The pull_request_target event runs in the main branch of the original repository. So, even if I'm working on the lumirlumir/markdown repository, the workflow runs in the main branch of the eslint/markdown repository. This way, contributors can benefit from the workflow because the secret key exists in the eslint/markdown repository.

From my research, this seems to be the common pattern for allowing workflows to run even in forked repositories.

The reason other workflows work fine, but this one caused an error, is that this workflow requires secret information that's set by the ESLint organization.

What changes did you make? (Give an overview)

I've updated the event from pull_request to pull_request_target.

Related Issues

N/A

Is there anything you'd like reviewers to focus on?

This fix only applies to this repository, since the workflow event should be set at the repository level.

My plan is to test whether it works as expected here first, and then create a fix PR when I set up the stale.yml workflow in each repository.

I should have checked more carefully—sorry for causing repetitive work.

@eslint-github-bot eslint-github-bot bot added the bug Something isn't working label Aug 7, 2025
lumirlumir
lumirlumir commented Aug 7, 2025
View reviewed changes
.github/workflows/add-to-triage.yml
- transferred

pull_request:
pull_request_target:
Copy link
Member Author

@lumirlumir lumirlumir Aug 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here is a guide for pull_request_target event:

https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target

image

Also, pull_request event:

https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request

@lumirlumir lumirlumir marked this pull request as ready for review August 7, 2025 08:00
@lumirlumir lumirlumir added this to Triage Aug 7, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in Triage Aug 7, 2025
@lumirlumir lumirlumir requested a review from nzakas August 7, 2025 08:01
@lumirlumir
Copy link
Member Author

lumirlumir commented Aug 7, 2025

The add-to-triage workflow isn’t working as expected here, since pull_request_target only takes effect once it’s merged and in the main branch.

This was referenced Aug 7, 2025
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@lumirlumir lumirlumir marked this pull request as draft August 7, 2025 14:10
@lumirlumir lumirlumir mentioned this pull request Aug 7, 2025
Merged
2 tasks
lumirlumir
lumirlumir commented Aug 7, 2025
View reviewed changes
@lumirlumir lumirlumir marked this pull request as ready for review August 7, 2025 14:23
@lumirlumir
Copy link
Member Author

lumirlumir commented Aug 8, 2025

I’ve also updated PROJECT_BOT_TOKEN to project_bot_token for consistency, since the GitHub example uses lowercase as well. (af8cd1e)

image

@lumirlumir lumirlumir moved this from Needs Triage to Implementing in Triage Aug 11, 2025
@lumirlumir lumirlumir added the accepted There is consensus among the team that this change meets the criteria for inclusion label Aug 11, 2025
nzakas
nzakas approved these changes Aug 11, 2025
View reviewed changes
Copy link
Member

@nzakas nzakas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@nzakas nzakas merged commit c069e25 into main Aug 11, 2025
3 checks passed
@nzakas nzakas deleted the lumirlumir-patch-2 branch August 11, 2025 14:17
@github-project-automation github-project-automation bot moved this from Implementing to Complete in Triage Aug 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nzakas nzakas nzakas approved these changes

Assignees

No one assigned

Labels

accepted There is consensus among the team that this change meets the criteria for inclusion bug Something isn't working

Projects

Triage
Status: Complete

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lumirlumir @nzakas