From 433537113fcba3dfac886b0dfe05a66de40598e3 Mon Sep 17 00:00:00 2001
From: jupblb <michal.kielbowicz@sourcegraph.com>
Date: Wed, 17 Jun 2026 11:36:08 +0200
Subject: [PATCH 1/2] proto-review: run on pull_request_target so forks get a
 write token

---
 .github/workflows/proto-review.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/proto-review.yaml b/.github/workflows/proto-review.yaml
index e3001257..d8963295 100644
--- a/.github/workflows/proto-review.yaml
+++ b/.github/workflows/proto-review.yaml
@@ -1,7 +1,7 @@
 name: SCIP protocol review
 
 on:
-  pull_request:
+  pull_request_target:
     paths: [scip.proto]
   pull_request_review:
 
@@ -11,6 +11,10 @@ permissions:
 
 jobs:
   proto-review:
+    # `pull_request_review` is still read-only on forks
+    if: >-
+      github.event_name == 'pull_request_target' ||
+      github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
     steps:
       - uses: Automattic/action-required-review@v5

From 55b14e387c156db43b8be6026151bf668f16350f Mon Sep 17 00:00:00 2001
From: jupblb <michal.kielbowicz@sourcegraph.com>
Date: Wed, 17 Jun 2026 17:37:52 +0200
Subject: [PATCH 2/2] Fix wording

---
 .github/workflows/proto-review.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/proto-review.yaml b/.github/workflows/proto-review.yaml
index d8963295..dbcfb759 100644
--- a/.github/workflows/proto-review.yaml
+++ b/.github/workflows/proto-review.yaml
@@ -11,7 +11,9 @@ permissions:
 
 jobs:
   proto-review:
-    # `pull_request_review` is still read-only on forks
+    # `pull_request_review` is read-only on forks; otherwise the workflow would
+    # use a GitHub token without the necessary permissions. Restart the failed
+    # workflow once all approvals are gathered.
     if: >-
       github.event_name == 'pull_request_target' ||
       github.event.pull_request.head.repo.full_name == github.repository