ci: add pull_request trigger to enable CI on fork PRs#3782
Merged
aterga merged 4 commits intodfinity:mainfrom Apr 16, 2026
Merged
ci: add pull_request trigger to enable CI on fork PRs#3782aterga merged 4 commits intodfinity:mainfrom
aterga merged 4 commits intodfinity:mainfrom
Conversation
Currently CI only runs on push, which means fork PRs never get checks. Adding pull_request trigger enables the "Approve and run" flow for maintainers to approve CI on external contributions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fork PR runs don't have access to repo secrets, so the checkout step fails with "Input required and not supplied: token". Using a fallback expression lets the checkout succeed with the default token on fork PRs while preserving the PAT behavior on push events. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The release job tries to create a GitHub release, which fails on fork PRs due to insufficient permissions. Guard it with an event check so it only runs on push events, matching the deploy job's existing pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Enables CI to run for pull requests (including from forks) by adding pull_request triggers to existing push-only workflows, and preventing release automation from running in PR contexts.
Changes:
- Add
pull_requesttriggers to Rust, frontend, and canister test workflows. - Use a fallback checkout token (
github.token) whensecrets.GIX_BOT_PATis unavailable (e.g., fork PRs). - Skip the canister
releasejob onpull_requestevents.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/rust.yml | Adds PR trigger and fallback checkout token for fork PR execution. |
| .github/workflows/frontend-checks.yml | Adds PR trigger and fallback checkout token for fork PR execution. |
| .github/workflows/canister-tests.yml | Adds PR trigger and prevents release automation from running on PR events. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sea-snake
previously approved these changes
Apr 16, 2026
Fork PRs have read-only tokens and run on a detached merge ref, so the auto-commit steps for formatting and type generation would fail. Restrict them to push events only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-actions
bot
dismissed
sea-snake’s stale review
Review dismissed by automation script.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sea-snake
approved these changes
Apr 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pull_requesttrigger tocanister-tests.yml,frontend-checks.yml, andrust.ymlpush, so fork PRs never get CI checkspull_requestadded, maintainers see an "Approve and run" button to trigger CI on external contributionsNotes
secrets.GIX_BOT_PAT, which is not available topull_requestruns from forks. Steps that depend on this token (e.g., auto-commit formatting fixes) will be skipped or fail on fork PRs, but the core checks (build, test, lint) should still work.