From 1b78b68e3319aedbd6a29aa9a2ec03241ac5db74 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 23 Sep 2025 09:30:17 +0000
Subject: [PATCH] Remove insecure pull_request_target trigger from workflow

Co-authored-by: Kvarkas <3611964+Kvarkas@users.noreply.github.com>
---
 .github/workflows/add_PR_2_chlog.yml | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/add_PR_2_chlog.yml b/.github/workflows/add_PR_2_chlog.yml
index 51d4c8381..112f4afb2 100644
--- a/.github/workflows/add_PR_2_chlog.yml
+++ b/.github/workflows/add_PR_2_chlog.yml
@@ -6,11 +6,7 @@ on:
     branches:
       - v1.78.2-dev
 
-  # 2) Auto when a PR is closed (so you can merge manually via the UI)
-  pull_request_target:
-    types: [closed]
-
-  # 3) Manual trigger
+  # 2) Manual trigger
   workflow_dispatch:
     inputs:
       dryRun:
@@ -23,12 +19,10 @@ jobs:
     runs-on: ubuntu-latest
 
     # Only proceed if…
-    # - manual dispatch  
-    # - OR a closed PR that was merged by you  
-    # - OR a push to default branch  
+    # - manual dispatch
+    # - OR a push to default branch
     if: |
       github.event_name == 'workflow_dispatch' ||
-      (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true && github.actor == 'Dimitrij') ||
       github.event_name == 'push'
 
     steps: