fixing workflows issue

Author: kapilsingh421

.github/actions/authorize-pr/action.yml

@@ -1,9 +1,9 @@
 name: Authorize PR
 description: >
-  Security gate for pull_request_target workflows. Checks actor write
-  permission, author association, and label presence for external fork PRs.
-  Strips the gate label on synchronize events from non-writers to force
-  re-review after new commits.
+  Security gate for pull_request_target workflows only. Checks actor
+  write permission, author association, and label presence for external
+  fork PRs. Strips the gate label on synchronize events from non-writers
+  to force re-review after new commits.
 
 inputs:
   label:
@@ -50,7 +50,7 @@ runs:
         LABELS_JSON: ${{ toJSON(github.event.pull_request.labels.*.name) }}
       run: |
         # Non-PR events (push, workflow_dispatch, workflow_call) are always trusted
-        if [ "$EVENT" != "pull_request_target" ] && [ "$EVENT" != "pull_request" ]; then
+        if [ "$EVENT" != "pull_request_target" ]; then
           echo "::notice::Non-PR event ($EVENT) — authorized"
           echo "allowed=true" >> "$GITHUB_OUTPUT"
           exit 0

.github/workflows/ci-pr.yml

@@ -14,6 +14,7 @@ concurrency:
 
 jobs:
   authorize:
+    if: github.event.action != 'labeled' || github.event.label.name == 'verify'
     runs-on: ubuntu-latest
     permissions:
       contents: read

.github/workflows/ci-push.yml

@@ -2,7 +2,7 @@ name: Push CI
 
 on:
   push:
-    branches: main
+    branches: [main]
 
 permissions:
   contents: read