Allow action to work on pull_request_target and update documentation

README.md

@@ -67,13 +67,19 @@ If you do end up adding this action in a non-PR context then it is designed to j
 
 ### Permissions
 
-As this action needs to be able to comment back to your PR it might be necessary to add an explicit permission to the job: 
+As this action needs to be able to comment back to your PR, and if you want to have this functionality work from PRs created from forks in a public repo you will need to setup your `GITHUB_TOKEN` to have enough permissions.
+
+If you read the [GitHub documentation on `GITHUB_TOKEN`](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) you will see that the "Maximum access \[level\] for pull requests from public forked repositories" is always `read` when you are using the `pull_request` event. If you want to allow forks to use the `continue-on-error-comment` action then you will need to update your workflow to be triggered by the `pull_request_target` event and **Make sure that you limit your permissions as demonstrated below**. If you don't limit the permissions on your workflow then the `GITHUB_TOKEN` will have standard read/write permissions as if you created the PR yourself and **this is a potential attack vector**. 
+
+You can limit the permissions that the `GITHUB_TOKEN` is given by specifying a `permissions` block in your workflow config.
 
 ```
 permissions:
   pull-requests: write
 ```
 
+You can read more about the permissions block in the [GitHub Actions Documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)
+
 ## Inputs
 
 ### `repo-token`

dist/index.js

@@ -9586,7 +9586,9 @@ __nccwpck_require__.a(__webpack_module__, async (__webpack_handle_async_dependen
 
 
 
-if(_actions_github__WEBPACK_IMPORTED_MODULE_1__.context.eventName !== 'pull_request') {
+const allowedEvents = ['pull_request', 'pull_request_target']
+
+if(!allowedEvents.includes(_actions_github__WEBPACK_IMPORTED_MODULE_1__.context.eventName)) {
   console.log(`continue-on-error-comment is designed to be used with pull request and does not work with a [${_actions_github__WEBPACK_IMPORTED_MODULE_1__.context.eventName}] event. We are ignoring this event.`);
 } else {
   try {

index.js

@@ -5,7 +5,9 @@ import getPullRequest from './lib/get-pull-request.js';
 
 import { signiture } from './lib/constants.js';
 
-if(context.eventName !== 'pull_request') {
+const allowedEvents = ['pull_request', 'pull_request_target']
+
+if(!allowedEvents.includes(context.eventName)) {
   console.log(`continue-on-error-comment is designed to be used with pull request and does not work with a [${context.eventName}] event. We are ignoring this event.`);
 } else {
   try {