From 35d8a7e03b7c164601a8b032cd9f941d1b97786b Mon Sep 17 00:00:00 2001
From: jdx <216188+jdx@users.noreply.github.com>
Date: Tue, 12 May 2026 13:01:58 +0000
Subject: [PATCH] ci: remove pull_request_target workflow

Removes the semantic PR title lint workflow that ran on pull_request_target.
This trigger grants secrets/write tokens to workflows triggered from forks,
which is risky. Drop the workflow rather than rewire it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/semantic-pr.yml | 21 ---------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 .github/workflows/semantic-pr.yml

diff --git a/.github/workflows/semantic-pr.yml b/.github/workflows/semantic-pr.yml
deleted file mode 100644
index 4b7e30a..0000000
--- a/.github/workflows/semantic-pr.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: "Lint Pull Request"
-
-on:
-  pull_request_target:
-    types:
-      - opened
-      - edited
-      - synchronize
-
-permissions:
-  pull-requests: read
-
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-jobs:
-  main:
-    name: Validate Pull Request title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v5