The workflow was failing with 403 "Resource not accessible by integration"
on fork PRs because pull_request events get read-only GITHUB_TOKEN
permissions for cross-repository PRs. Switching to pull_request_target
runs the workflow in the base repo context, granting write permissions
needed to post the @coderabbitai review comment.
This is safe because the workflow only posts a comment and does not
check out or execute any code from the PR branch.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CodeRabbit doesn't reliably handle the ready_for_review webhook
event, so draft PRs that are marked ready never get auto-reviewed.
This workflow posts @coderabbitai review when a PR transitions
from draft to ready, working around the limitation.
Alex Verkhovsky