Fix welcome workflow permission errors from forked PRs

[Copilot]

Welcome workflow fails with "Resource not accessible by integration" when triggered by pull requests from forks. GitHub restricts GITHUB_TOKEN to read-only for pull_request events from forks, preventing the action from posting comments.

Changes

• Changed event trigger from pull_request to pull_request_target in .github/workflows/welcome.yml

Why pull_request_target is safe here

The wow-actions/welcome action only reads PR metadata and posts comments—it doesn't checkout or execute any code from the PR. Running in base repo context is required for write permissions and poses no security risk.

on:
  pull_request_target:  # Runs in base repo context, has write permissions
    types: [opened, closed]
  issues:
    types: [opened]

Original prompt

---

This section details on the original issue you should resolve

<issue_title>The welcome workflow fails in some occasions</issue_title>
<issue_description>You can see here that the welcome workflow fails in some occasions. The root cause isn't clear yet, investigation is needed. Seems the earlier solution no longer works

Since logs of a workflow get truncated after time here is one for reference:

2025-12-02T08:33:31.7434460Z Current runner version: '2.329.0'
2025-12-02T08:33:31.7457896Z ##[group]Runner Image Provisioner
2025-12-02T08:33:31.7458694Z Hosted Compute Agent
2025-12-02T08:33:31.7459248Z Version: 20251016.436
2025-12-02T08:33:31.7459799Z Commit: 8ab8ac8bfd662a3739dab9fe09456aba92132568
2025-12-02T08:33:31.7460620Z Build Date: 2025-10-15T20:44:12Z
2025-12-02T08:33:31.7461215Z ##[endgroup]
2025-12-02T08:33:31.7461713Z ##[group]Operating System
2025-12-02T08:33:31.7462338Z Ubuntu
2025-12-02T08:33:31.7462785Z 24.04.3
2025-12-02T08:33:31.7463229Z LTS
2025-12-02T08:33:31.7463716Z ##[endgroup]
2025-12-02T08:33:31.7464205Z ##[group]Runner Image
2025-12-02T08:33:31.7464727Z Image: ubuntu-24.04
2025-12-02T08:33:31.7465275Z Version: 20251112.124.1
2025-12-02T08:33:31.7466554Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20251112.124/images/ubuntu/Ubuntu2404-Readme.md
2025-12-02T08:33:31.7468129Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20251112.124
2025-12-02T08:33:31.7469072Z ##[endgroup]
2025-12-02T08:33:31.7470205Z ##[group]GITHUB_TOKEN Permissions
2025-12-02T08:33:31.7472020Z Issues: read
2025-12-02T08:33:31.7472564Z Metadata: read
2025-12-02T08:33:31.7473097Z PullRequests: read
2025-12-02T08:33:31.7473629Z ##[endgroup]
2025-12-02T08:33:31.7475581Z Secret source: None
2025-12-02T08:33:31.7476501Z Prepare workflow directory
2025-12-02T08:33:31.7791869Z Prepare all required actions
2025-12-02T08:33:31.7830765Z Getting action download info
2025-12-02T08:33:32.2029834Z Download action repository 'wow-actions/welcome@v1' (SHA:68019c2c271561f63162fea75bb7707ef8a02c85)
2025-12-02T08:33:33.0694719Z Complete job name: run
2025-12-02T08:33:33.1317195Z ##[group]Run wow-actions/welcome@v1
2025-12-02T08:33:33.1318031Z with:
2025-12-02T08:33:33.1319525Z   FIRST_ISSUE: 🚀 @{{ author }}, thanks for your contribution! Every idea, bug report, and discussion helps make this project better. Your input is invaluable, and we appreciate the time you took to share it. A maintainer will review it soon—stay awesome! 💡✨

2025-12-02T08:33:33.1321915Z   FIRST_PR: 🎉 You're making a difference! We appreciate your effort and dedication. A reviewer will check it out soon, but in the meantime, give yourself a pat on the back. Keep up the great work! 💪🚀

2025-12-02T08:33:33.1324257Z   FIRST_PR_MERGED: 💖 Welcome @{{ author }} as first-time contributor! Your efforts matter, and we’re so grateful for your contribution. Open source thrives because of people like you. Keep going, keep learning, and know that your work is truly valued. 🌱✨

2025-12-02T08:33:33.1326886Z   STAR_MESSAGE: ⭐ Enjoying contributing? Star the project! ⭐Your contributions help this project grow, and we'd love your support in another way too! If you find this repo helpful, consider leaving a star 🌟 on GitHub.

2025-12-02T08:33:33.1328445Z   GITHUB_TOKEN: ***
2025-12-02T08:33:33.1329215Z ##[endgroup]
2025-12-02T08:33:44.0397236Z ##[error]HttpError: Resource not accessible by integration
2025-12-02T08:33:44.0405382Z ##[error]Resource not accessible by integration
2025-12-02T08:33:44.0571268Z Cleaning up orphan processes
```</issue_description>

<agent_instructions>Please future out what the issue is and suggest changes to the workflow</agent_instructions>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

• Fixes The welcome workflow fails in some occasions #855

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[DannyvdSluijs]

Indeed safe to use pull_request_target since we're not checkout code as mentioned in the docs as well.

If your workflow scenario simply requires commenting on the PR, but does not require a check out of the modified code, using pull_request_target is a logical shortcut.
src