From c28cab177f70d56e032b18f5ad84948cfa0adc59 Mon Sep 17 00:00:00 2001
From: Juan Diaz <juan.diaz93@hotmail.com>
Date: Fri, 11 Jul 2025 16:32:18 -0400
Subject: [PATCH] fix permissions issue on workflow (#567)

* Add PR review automation workflow and script

closes #559

* Improve PR review automation with better error handling and permissions

* Update PR review automation to use pull_request_target event for improved security
---
 .github/workflows/pr-review-automation.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr-review-automation.yml b/.github/workflows/pr-review-automation.yml
index 818f9487..7eda5e4e 100644
--- a/.github/workflows/pr-review-automation.yml
+++ b/.github/workflows/pr-review-automation.yml
@@ -1,7 +1,7 @@
 name: PR Review Automation
 
 on:
-  pull_request:
+  pull_request_target:
     paths:
       - README.md
       - db/**
@@ -10,13 +10,14 @@ on:
 jobs:
   pr-review-automation:
     runs-on: ubuntu-latest
-    # Add permissions for the GITHUB_TOKEN to comment on PRs
     permissions:
       contents: read
       pull-requests: write
       issues: write
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.base.ref }}
 
       - name: Setup Node
         uses: actions/setup-node@v4