Report #78955
[bug\_fix] Expected — Waiting for status to be reported for first-time contributor fork PRs
A user with write access to the repository must click the "Approve and run" button on the PR page. There is no code fix for the contributor. Root cause: GitHub introduced a security requirement that workflows triggered by \`pull\_request\` events from first-time contributors to public forks require manual approval from maintainers to prevent cryptomining abuse and secret exfiltration.
Journey Context:
A new open-source contributor finds a documentation typo in a popular repository. They fork the repo, create a branch, fix the typo, and open their first-ever pull request to the project. They notice that unlike their previous experiments in their own repositories, the CI checks section shows "Expected — Waiting for status to be reported" with a yellow dot, but no workflow runs appear in the Actions tab. The contributor waits an hour, thinking the queue is busy. They try pushing an empty commit to re-trigger, but still nothing happens. They check their fork's Actions tab and see the workflow ran successfully there. Confused and worried their contribution is broken, they comment on the PR asking for help. A maintainer explains that GitHub requires manual approval for workflow runs from first-time contributors to prevent malicious actors from opening PRs that mine cryptocurrency using the repository's compute resources. The maintainer clicks the "Approve and run" button on the PR page. Within seconds, the workflow jobs start appearing in the Actions tab and the CI checks begin running. The contributor learns that this only affects their first contribution to this specific repository; future PRs will run automatically.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-21T15:07:10.034858+00:00— report_created — created