qwen-code/.github
易良 3026db3039
fix(ci): allow prechecked fork PR automation (#6160)
* fix(ci): allow triage for fork PRs that pass safety precheck

Fork PRs by non-write authors were blocked from triage even when the
safety precheck passed, because the authorize job gates on write
permission. Triage is read-only (checks out trusted base code, reads PR
via API), so precheck pass is sufficient to run it safely.

Split the pull_request_target and issue_comment authorization paths:
- pull_request_target: accept write permission OR precheck pass
- issue_comment /triage: still require write permission on the commenter

tmux-testing is unchanged — it executes PR code and must keep the write
permission gate.

* fix(ci): allow prechecked fork PR automation

* docs(ci): clarify PR review authorization routing

* test(ci): guard fork precheck authorization

* fix(ci): tighten fork precheck review guards

* test(ci): guard review-request authorization
2026-07-02 13:52:25 +08:00
..
actions/post-coverage-comment Upgrade GitHub Actions to latest versions (#3683) 2026-06-27 17:03:32 +00:00
ISSUE_TEMPLATE chore: re-organize labels for better triage results (#819) 2025-10-17 19:49:11 +08:00
scripts ci: add fork PR safety precheck (#5926) 2026-07-01 19:31:25 +00:00
workflows fix(ci): allow prechecked fork PR automation (#6160) 2026-07-02 13:52:25 +08:00
actionlint.yaml feat(ci): on-demand tmux real-user testing for PRs (#5203) 2026-06-21 11:56:29 +08:00
dependabot.yml Limit dependabot PRs to security updates (#6657) 2025-08-20 22:24:43 +00:00
pull_request_template.md docs(agents,pr-template): add Working Principles and restructure PR template (#4496) 2026-05-25 19:15:35 +08:00
release.yml chore: add .github/release.yml to support skip-changelog label (#4327) 2026-05-20 22:30:52 +08:00