The pull_request_target event is an alternative to the pull_request event but with some different security considerations. Docs.
We use it on private repositories to allow dependabot access to our secrets, safe in the knowledge that a private repo can't expose our secrets to drive-by malicious PRs.
This is a simple change that extends the logic for "pull_request" to "pull_request_target" for comparisons of changes, etc.
The
pull_request_targetevent is an alternative to thepull_requestevent but with some different security considerations. Docs.We use it on private repositories to allow dependabot access to our secrets, safe in the knowledge that a private repo can't expose our secrets to drive-by malicious PRs.
This is a simple change that extends the logic for "pull_request" to "pull_request_target" for comparisons of changes, etc.