From cb73c05cf6ba047f5a7716afff3c3bb6f5ab31ac Mon Sep 17 00:00:00 2001 From: Alex Verkhovsky Date: Sat, 7 Feb 2026 09:27:57 -0700 Subject: [PATCH] fix: use pull_request_target for CodeRabbit review trigger (#1583) The workflow was failing with 403 "Resource not accessible by integration" on fork PRs because pull_request events get read-only GITHUB_TOKEN permissions for cross-repository PRs. Switching to pull_request_target runs the workflow in the base repo context, granting write permissions needed to post the @coderabbitai review comment. This is safe because the workflow only posts a comment and does not check out or execute any code from the PR branch. Co-authored-by: Claude Opus 4.6 --- .github/workflows/coderabbit-review.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coderabbit-review.yaml b/.github/workflows/coderabbit-review.yaml index db59d22f4..fb284d664 100644 --- a/.github/workflows/coderabbit-review.yaml +++ b/.github/workflows/coderabbit-review.yaml @@ -1,7 +1,7 @@ name: Trigger CodeRabbit on Ready for Review on: - pull_request: + pull_request_target: types: [ready_for_review] jobs: