Aaron Powell 18654630ab fix: use pull_request_target trigger for external plugin PR quality gates (#2043) ...

The workflow was using the pull_request trigger which restricts
GITHUB_TOKEN to read-only for fork PRs, causing the sync-pr-state
job to fail with 403 when trying to add labels.

Switching to pull_request_target runs the workflow in the base
repo context so declared permissions (issues: write, pull-requests:
write) are honoured for cross-repository PRs.

The workflow is safe to use pull_request_target because:
- detect-changed-plugins reads files via the GitHub API only (no checkout)
- run-quality-gates checks out the trusted staged branch, not the PR head
- sync-pr-state also checks out the staged branch

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-06-18 10:57:33 +10:00

..

agents

updating agentic workflows (#1666)

2026-05-11 11:29:18 +10:00

aw

Agentic Workflows update (#1727)

2026-05-15 16:33:29 +10:00

extensions/external-plugins-board

Render issue bodies as markdown in external plugins board (#1946)

2026-06-09 15:53:42 +10:00

ISSUE_TEMPLATE

Splitting ref and sha into two fields correctly for the intake form (#1788)

2026-05-22 10:54:34 +10:00

plugin

Update modernize-dotnet plugin to 1.0.1157-preview1 (#2039)

2026-06-18 10:03:45 +10:00

workflows

fix: use pull_request_target trigger for external plugin PR quality gates (#2043)

2026-06-18 10:57:33 +10:00

copilot-instructions.md

Deprecate Collections in favour of Plugins

2026-02-13 15:38:37 +11:00

pull_request_template.md

feat: add canvas extension validation and labeling (#2017)

2026-06-17 09:44:13 +10:00