Cannot use event pull_request on OSS repositories, GitHub token is read-only

[matks]

Hello, this GitHub Action works well if you are using the same repository for all contributors.

But if you use it with a OSS repository that require contributors to use their fork, it does not work because the GitHub API token has read-only permissions only, so it cannot add labels to a PR. See reference https://github.community/t/github-actions-are-severely-limited-on-prs/18179

The solution suggested by GitHub is to rely on GA event pull_request_target

In order to solve this, we’ve added a new pull_request_target event, which behaves in an almost identical way to the pull_request event with the same set of filters and payload. However, instead of running against the workflow and code from the merge commit, the event runs against the workflow and code from the base of the pull request. This means the workflow is running from a trusted source and is given access to a read/write token as well as secrets enabling the maintainer to safely comment on or label a pull request. This event can be used in combination with the private repository settings as well.

[matks]

I submit a Pull Request #26

[ffittschen]

Thanks for the heads up and the PR 🙂 I actually did not use it with a fork workflow so far so I didn't notice this before

[matks]

We started using it on https://github.com/prestashop/docs 😉 so we quickly noticed