chore: re-enable CLA for external contributors BED-7616

[superlinkx]

Description

Re-enable external contributors to sign CLA by changing back to pull_request_target

Motivation and Context

Resolves BED-7616

Now that we've had time to carefully review this action for potential exploits, we're comfortable re-enabling it. There's no other known way to make the CLA function, but the permissions and access are properly scoped and the configuration/code has been vetted.

How Has This Been Tested?

Revert of known trigger, tested prior to it being removed

Types of changes

• Chore (a change that does not modify the application functionality)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README BloodHound#672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• Chores
  • Updated the pull-request workflow trigger used for CLA verification.
  • Adjusted workflow permissions to explicitly allow required read/write actions.
  • Upgraded the CLA verification action to a newer release.
  • Minor whitespace and formatting cleanups with no behavioral impact.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0ebad81e-8d6d-42b4-a0ed-162b1cfd0ef3

📥 Commits

Reviewing files that changed from the base of the PR and between e32e562 and 2e4ee18.

📒 Files selected for processing (1)

• .github/workflows/cla.yml

---

Walkthrough

The workflow file .github/workflows/cla.yml was updated to use the pull_request_target event, added explicit permissions for the workflow, and bumped the CLA Assistant action version; the step condition was adjusted to check github.event_name == 'pull_request_target'.

Changes

Cohort / File(s)	Summary
GitHub Workflow Configuration .github/workflows/cla.yml	Switched workflow trigger from pull_request to pull_request_target; added permissions block (contents: read, actions: write, pull-requests: write, statuses: write); updated CLA Assistant action from v2.2.1 to v2.6.1; adjusted step condition to github.event_name == 'pull_request_target'; minor whitespace tweaks.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I hopped through YAML, keen and spry,
Switched the trigger to reach the sky,
Gave permissions a tidy little shove,
Bumped the action — a gentle shove,
Now CLA checks land safe from high above.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: re-enabling CLA for external contributors via a GitHub Actions workflow trigger modification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BED-7616

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/cla.yml:
- Around line 35-37: The GitHub Action step named "CLA Assistant" is pinned to
an outdated version (contributor-assistant/github-action@v2.2.1); update the
uses entry for that step to contributor-assistant/github-action@v2.6.1 (or
`@latest`) to pick up the newer release and fixes—locate the workflow step with
name "CLA Assistant" and replace the uses value accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ed7cba03-d672-43e9-824f-dfca871deff2

📥 Commits

Reviewing files that changed from the base of the PR and between 04f79ab and e32e562.

📒 Files selected for processing (1)

• .github/workflows/cla.yml