From b4459e18e2bb730198fd5a3c50abd125e7d31daa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=B6=82=E7=91=9C?= <861506831@qq.com>
Date: Fri, 17 Apr 2026 12:06:58 +0800
Subject: [PATCH] ci(pr-agent): use pull_request_target with collaborator
 allowlist for fork PRs

---
 .github/workflows/pr-agent.yml | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/pr-agent.yml b/.github/workflows/pr-agent.yml
index 6dc5f63..12a43a1 100644
--- a/.github/workflows/pr-agent.yml
+++ b/.github/workflows/pr-agent.yml
@@ -1,8 +1,8 @@
 name: PR-Agent
 
 on:
-  pull_request:
-    types: [opened, reopened, ready_for_review]
+  pull_request_target:
+    types: [opened, reopened, ready_for_review, synchronize]
   pull_request_review_comment:
     types: [created]
   issue_comment:
@@ -15,7 +15,15 @@ permissions:
 
 jobs:
   pr_agent:
-    if: ${{ github.event.sender.type != 'Bot' }}
+    # Only run for trusted authors. External contributors' fork PRs will be
+    # skipped to avoid leaking secrets via workflow injection.
+    if: >
+      github.event.sender.type != 'Bot' &&
+      (github.event.pull_request.author_association == 'OWNER' ||
+       github.event.pull_request.author_association == 'MEMBER' ||
+       github.event.pull_request.author_association == 'COLLABORATOR' ||
+       github.event_name == 'issue_comment' ||
+       github.event_name == 'pull_request_review_comment')
     runs-on: ubuntu-latest
     name: Run PR-Agent
     steps:
@@ -24,6 +32,6 @@ jobs:
         env:
           OPENAI_KEY: ${{ secrets.api_key }}
           OPENAI_API_BASE: https://ark.cn-beijing.volces.com/api/coding/v3
-          CONFIG.AI_PROVIDER: openai
-          CONFIG.MODEL: MiniMax-M2.5
+          CONFIG__AI_PROVIDER: openai
+          CONFIG__MODEL: MiniMax-M2.5
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}