ci(action-semantic-pull-request): Fix for PRs from forks#941
Merged
MaxymVlasov merged 4 commits intomasterfrom Oct 9, 2025
Merged
ci(action-semantic-pull-request): Fix for PRs from forks#941MaxymVlasov merged 4 commits intomasterfrom
MaxymVlasov merged 4 commits intomasterfrom
Conversation
yermulnik
changed the title
yermulnik
changed the title
yermulnik
changed the title
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. 📝 WalkthroughSummary by CodeRabbit
WalkthroughSwitched GitHub Actions workflow trigger from Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Dev as Developer
participant GH as GitHub
participant WF as pr-title Workflow
Dev->>GH: Open / Edit / Synchronize / Reopen PR
Note right of GH #DDDDFF: Events: opened, edited, synchronize, reopened
GH-->>WF: emit pull_request_target
activate WF
WF->>WF: run title validation jobs/steps
WF-->>GH: post status / checks
deactivate WF
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
yermulnik
force-pushed
the
test/action-semantic-pull-request
branch
from
30aaa0d to
611dc08
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/pr-title.yml(1 hunks)
🧰 Additional context used
🪛 GitHub Actions: Common issues check
.github/workflows/pr-title.yml
[error] 3-9: Zizmor audit failure: dangerous workflow trigger detected (pull_request_target is insecure). Use of pull_request_target is almost always insecure; review workflow triggers.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)
- GitHub Check: 🧹 Linters / metadata-validation@🐍3.13@ubuntu-latest
- GitHub Check: 🧪 Tests / pytest@🐍3.11@windows-2025
- GitHub Check: 🧪 Tests / pytest@🐍3.10@ubuntu-24.04
- GitHub Check: 🧹 Linters / pre-commit@🐍3.13@ubuntu-latest
- GitHub Check: 🧪 Tests / pytest@🐍3.12@windows-2025
- GitHub Check: 🧪 Tests / pytest@🐍3.11@ubuntu-24.04
- GitHub Check: 🧪 Tests / pytest@🐍3.12@ubuntu-24.04
- GitHub Check: 🧪 Tests / pytest@🐍3.13@ubuntu-24.04
- GitHub Check: 🧪 Tests / pytest@🐍3.9@windows-2025
- GitHub Check: 🧪 Tests / pytest@🐍3.9@ubuntu-24.04
- GitHub Check: 🧪 Tests / pytest@🐍3.10@windows-2025
- GitHub Check: 🧪 Tests / pytest@🐍3.13@windows-2025
- GitHub Check: Lint GitHub Actions / 🔐 Analyze repo with zizmor 🌈
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates the GitHub Actions workflow for PR title validation to work with pull requests from forks by switching from pull_request to pull_request_target trigger and adding security configuration.
- Changed trigger from
pull_requesttopull_request_targetto enable fork compatibility - Added zizmor security linting ignore comment for the dangerous trigger
- Added
reopenedevent type to the workflow triggers
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
MaxymVlasov
approved these changes
Oct 9, 2025
Owner
|
This PR is included in version 1.102.0 🎉 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Suppress
zizmor's error: we do wantpull_request_target- https://github.com/amannn/action-semantic-pull-request#event-triggers