The switch from pull_request to pull_request_target (for fork PR secret access) broke claude-code-action default OIDC-based GitHub App authentication. Pass github_token explicitly to bypass OIDC.
The switch from pull_request to pull_request_target (for fork PR secret access) broke claude-code-action default OIDC-based GitHub App authentication. Pass github_token explicitly to bypass OIDC.