Describe the enhancement
Several workflows use pull_request_target as a trigger. This trigger runs in the context of the base branch and has access to secrets, which requires careful handling. These workflows should be reviewed to ensure they follow best practices.
Affected files
.github/workflows/dev_pr.yml.github/workflows/pr_bot.yml.github/workflows/pr_review_trigger.yml
Component(s)
Continuous Integration
Describe the enhancement
Several workflows use
pull_request_targetas a trigger. This trigger runs in the context of the base branch and has access to secrets, which requires careful handling. These workflows should be reviewed to ensure they follow best practices.Affected files
.github/workflows/dev_pr.yml.github/workflows/pr_bot.yml.github/workflows/pr_review_trigger.ymlComponent(s)
Continuous Integration