Issue: CI workflow not running on fork PRs
PR #7 (switch to agent identity unionsdk) from malu/dev/identity-unionsdk targets main but CI never runs.
Root cause
The repo has "Require approval for all outside collaborators" enabled in Actions settings. Since the PR is from a fork (git-malu/agentarts-sdk-python), the workflow triggers a run but creates zero jobs — stuck at action_required until a maintainer manually approves.
What needs action
| # |
Action |
Why |
| 1 |
Give @malu write access to the main repo |
Direct branches avoid fork approval entirely — standard for internal team dev |
| 2 |
Change Actions setting to "Require approval for first-time contributors only" |
Existing contributors aren't blocked, unknown ones still require approval |
Why this is safe
The test.yml workflow uses pull_request (not pull_request_target), meaning fork PRs already can't access repo secrets. The only risk is compute resource abuse — negligible for this project.
Optional improvement
Make the pull_request trigger unconditional (already done in this PR):
on:
push:
branches: [main, master, develop]
pull_request: # no branch filter — catch all PRsRun history as proof
| PR |
Branch |
Event |
Conclusion |
| #7 (fork) |
malu/dev/identity-unionsdk |
pull_request |
action_required |
| #6 (direct) |
feature/runtime |
pull_request |
success |
Short version: give malu write access and switch to first-time-contributor-only approval.
Issue: CI workflow not running on fork PRs
PR #7 (
switch to agent identity unionsdk) frommalu/dev/identity-unionsdktargetsmainbut CI never runs.Root cause
The repo has "Require approval for all outside collaborators" enabled in Actions settings. Since the PR is from a fork (
git-malu/agentarts-sdk-python), the workflow triggers a run but creates zero jobs — stuck ataction_requireduntil a maintainer manually approves.What needs action
Why this is safe
The
test.ymlworkflow usespull_request(notpull_request_target), meaning fork PRs already can't access repo secrets. The only risk is compute resource abuse — negligible for this project.Optional improvement
Make the
pull_requesttrigger unconditional (already done in this PR):Run history as proof
malu/dev/identity-unionsdkaction_requiredfeature/runtimesuccessShort version: give malu write access and switch to first-time-contributor-only approval.