From 7ff5faa46f188aa9081b1fb19ed429173c140d9b Mon Sep 17 00:00:00 2001
From: Yaroslav Gusev <59017579+GoldenJaden@users.noreply.github.com>
Date: Wed, 28 Feb 2024 19:33:50 +0700
Subject: [PATCH] Change workflows trigger (#2595)

---
 .github/workflows/bump-version-on-merge-next.yml | 9 ++++++++-
 .github/workflows/create-a-release-draft.yml     | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bump-version-on-merge-next.yml b/.github/workflows/bump-version-on-merge-next.yml
index 3cfa5e1c..28c34688 100644
--- a/.github/workflows/bump-version-on-merge-next.yml
+++ b/.github/workflows/bump-version-on-merge-next.yml
@@ -1,7 +1,14 @@
 name: Bump version on merge
 
+# Caution: 
+# the use of "pull_request_target" trigger allows to successfully
+# run workflow even when triggered from a fork. The trigger grants
+# access to repo's secrets and gives write permission to the runner.
+# This can be used to run malicious code on untrusted PR, so, please
+# DO NOT checkout any PR's ongoing commits (aka github.event.pull_request.head.sha)
+# while using this trigger.
 on:
-  pull_request:
+  pull_request_target:
     branches:
       - next
     types: [closed]
diff --git a/.github/workflows/create-a-release-draft.yml b/.github/workflows/create-a-release-draft.yml
index c4c5d332..176fe285 100644
--- a/.github/workflows/create-a-release-draft.yml
+++ b/.github/workflows/create-a-release-draft.yml
@@ -1,7 +1,14 @@
 name: Create a release draft
 
+# Caution: 
+# the use of "pull_request_target" trigger allows to successfully
+# run workflow even when triggered from a fork. The trigger grants
+# access to repo's secrets and gives write permission to the runner.
+# This can be used to run malicious code on untrusted PR, so, please
+# DO NOT checkout any PR's ongoing commits (aka github.event.pull_request.head.sha)
+# while using this trigger.
 on:
-  pull_request:
+  pull_request_target:
     branches:
       - next
     types: [closed]