diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 5286993c..7a5d267e 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -1,7 +1,7 @@ name: Claude Code Review on: - pull_request_target: + pull_request: types: [opened, synchronize] # Optional: Only run on specific file changes # paths: @@ -13,12 +13,9 @@ on: jobs: claude-review: # Skip review for automated "Version Packages" PRs created by changesets - # For external PRs: requires manual approval via 'external-pr' environment - # For internal PRs: runs automatically without approval if: github.event.pull_request.title != 'Version Packages' runs-on: ubuntu-latest - environment: ${{ github.event.pull_request.head.repo.full_name != github.repository && 'external-pr' || null }} permissions: contents: read pull-requests: read @@ -29,7 +26,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 1 - name: Run Claude Code Review diff --git a/.github/workflows/pkg-pr-new.yml b/.github/workflows/pkg-pr-new.yml index ffabbad4..759a56e6 100644 --- a/.github/workflows/pkg-pr-new.yml +++ b/.github/workflows/pkg-pr-new.yml @@ -5,7 +5,7 @@ permissions: pull-requests: write # Required for pkg.pr.new to comment on PRs on: - pull_request_target: + pull_request: types: [opened, synchronize, reopened] paths: - '**' @@ -14,17 +14,13 @@ on: jobs: publish-preview: - # For external PRs: requires manual approval via 'external-pr' environment - # For internal PRs: runs automatically without approval runs-on: ubuntu-latest timeout-minutes: 15 - environment: ${{ github.event.pull_request.head.repo.full_name != github.repository && 'external-pr' || null }} steps: - name: Checkout code uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - name: Setup Node.js diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index b885cad0..3138cb55 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -4,8 +4,7 @@ permissions: contents: read on: - pull_request_target: - types: [opened, synchronize, reopened] + pull_request: concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -20,8 +19,6 @@ jobs: version: ${{ steps.get-version.outputs.version }} steps: - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - uses: actions/setup-node@v4 with: @@ -74,17 +71,12 @@ jobs: run: npm run test -w @repo/sandbox-container # E2E tests against deployed worker - # For external PRs: requires manual approval via 'external-pr' environment - # For internal PRs: runs automatically without approval e2e-tests: needs: unit-tests timeout-minutes: 30 runs-on: ubuntu-latest - environment: ${{ github.event.pull_request.head.repo.full_name != github.repository && 'external-pr' || null }} steps: - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - uses: actions/setup-node@v4 with: @@ -105,7 +97,7 @@ jobs: - name: Set environment name id: env-name run: | - if [ "${{ github.event_name }}" = "pull_request_target" ]; then + if [ "${{ github.event_name }}" = "pull_request" ]; then echo "env_name=pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT echo "worker_name=sandbox-e2e-test-worker-pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT else @@ -163,7 +155,7 @@ jobs: # Cleanup: Delete test worker and container (only for PR environments) - name: Cleanup test deployment - if: always() && github.event_name == 'pull_request_target' + if: always() && github.event_name == 'pull_request' continue-on-error: true run: | cd tests/e2e/test-worker