Skip to content

fix: use pull_request_target for PR title linting #689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dlevy-msft-sql wants to merge 3 commits into from
Closed

fix: use pull_request_target for PR title linting #689

dlevy-msft-sql wants to merge 3 commits into from
+24 −0

Conversation

@dlevy-msft-sql
Copy link
Contributor

@dlevy-msft-sql dlevy-msft-sql commented Feb 1, 2026
edited
Loading

Summary

Fixes 'Resource not accessible by integration' error for fork PRs.

Root Cause

  • Fork PRs get read-only GITHUB_TOKEN with the pull_request trigger
  • amannn/action-semantic-pull-request needs access to PR metadata which fails with insufficient permissions

Fix

  • Use pull_request_target trigger which runs in base repo context
  • This is safe because we do NOT checkout or execute any PR code
  • Added statuses: write permission for the action to post status checks

Testing

  • This workflow change will be tested by any subsequent fork PR

@dlevy-msft-sql
fix: use pull_request_target for PR title linting
4f756be 
Fixes 'Resource not accessible by integration' error for fork PRs.
The pull_request_target trigger runs in base repo context, giving
the GITHUB_TOKEN sufficient permissions to read PR metadata.

This is safe because we do not checkout or execute any PR code.
@dlevy-msft-sql dlevy-msft-sql self-assigned this Feb 2, 2026
@dlevy-msft-sql dlevy-msft-sql added bug Something isn't working Priority: 0 Breaking things; must fix immediately Size: S Small issue (less than one week effort) github-actions needs-work labels Feb 2, 2026
Copilot AI reviewed Feb 2, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new GitHub workflow to enforce Conventional Commits format for pull request titles. The workflow uses pull_request_target trigger to ensure it works correctly for fork PRs by running in the base repository's context with appropriate permissions.

Changes:

  • Added new workflow file .github/workflows/pr-title-lint.yml that validates PR titles using amannn/action-semantic-pull-request action

@dlevy-msft-sql
style: add copyright header and version comment
41962f3 
Address Copilot review feedback:
- Add Microsoft copyright header for consistency
- Add version comment (v5.5.3) and verify command for pinned SHA
Copilot AI reviewed Feb 2, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

.github/workflows/pr-title-lint.yml
- name: Check PR title follows Conventional Commits
# Pinned to commit SHA for supply chain security (CWE-829)
# Verify: gh api repos/amannn/action-semantic-pull-request/git/ref/tags/v5.5.3 --jq '.object.sha'
uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
Copy link

Copilot AI Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding configuration to customize the Conventional Commits validation if the project has specific requirements. The action supports several configuration options (e.g., custom types, scopes, subject pattern) that can be specified with 'with:' parameters.

For example, if the project wants to enforce specific commit types (feat, fix, docs, etc.) or require scopes, these can be configured. Review the action's documentation to determine if the default configuration meets the project's needs.

Suggested change
uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
with:
types: |
feat
fix
docs
style
refactor
perf
test
build
ci
chore
revert
requireScope: false

Copilot uses AI. Check for mistakes.
.github/workflows/pr-title-lint.yml

on:
pull_request_target:
types: [opened, edited, synchronize, reopened]
Copy link

Copilot AI Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 'synchronize' event type is unnecessary for PR title linting. This event triggers when new commits are pushed to the PR, but the PR title doesn't change during synchronization. This will cause the workflow to run unnecessarily on every commit push.

Consider removing 'synchronize' from the types list to avoid redundant workflow runs. The workflow should only run when the PR title can actually change: 'opened', 'edited', and 'reopened'.

Suggested change
types: [opened, edited, synchronize, reopened]
types: [opened, edited, reopened]

Copilot uses AI. Check for mistakes.
@dlevy-msft-sql
Copy link
Contributor Author

dlevy-msft-sql commented Feb 2, 2026

@copilot fix the review items

@dlevy-msft-sql
Copy link
Contributor Author

dlevy-msft-sql commented Feb 2, 2026

Redundant with #681

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@dlevy-msft-sql dlevy-msft-sql

Labels

bug Something isn't working github-actions needs-work Priority: 0 Breaking things; must fix immediately Size: S Small issue (less than one week effort)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dlevy-msft-sql