chore: allow forks run private repo tests

.github/workflows/private-repo-test.yaml

@@ -1,7 +1,7 @@
 name: Private Repo Testing
 
 on:
-  pull_request:
+  pull_request_target:
     branches:
       - main
 
@@ -20,6 +20,7 @@
         uses: actions/checkout@v5
         with:
           fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha || github.ref }}
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
@@ -34,48 +35,48 @@
         uses: pnpm/action-setup@v4
         with:
           version: latest
       - name: Install UI dependencies
         run: pnpm install
       - name: Build UI
         run: pnpm --prefix web/client run build
       - name: Install Python dependencies
         run: |
           python -m venv .venv
           source .venv/bin/activate
           pip install build twine setuptools_scm
       - name: Generate development version
         id: version
         run: |
           source .venv/bin/activate
           # Generate a PEP 440 compliant unique version including run attempt
           BASE_VERSION=$(python .github/scripts/get_scm_version.py)
           COMMIT_SHA=$(git rev-parse --short HEAD)
           # Use PEP 440 compliant format: base.devN+pr.sha.attempt
           UNIQUE_VERSION="${BASE_VERSION}+pr${{ github.event.pull_request.number }}.${COMMIT_SHA}.run${{ github.run_attempt }}"
           echo "version=$UNIQUE_VERSION" >> $GITHUB_OUTPUT
           echo "Generated unique version with run attempt: $UNIQUE_VERSION"
       - name: Build package
         env:
           SETUPTOOLS_SCM_PRETEND_VERSION: ${{ steps.version.outputs.version }}
         run: |
           source .venv/bin/activate
           python -m build
       - name: Configure PyPI for private repository
         env:
           TOBIKO_PRIVATE_PYPI_URL: ${{ secrets.TOBIKO_PRIVATE_PYPI_URL }}
           TOBIKO_PRIVATE_PYPI_KEY: ${{ secrets.TOBIKO_PRIVATE_PYPI_KEY }}
         run: ./.circleci/update-pypirc.sh
       - name: Publish to private PyPI
         run: |
           source .venv/bin/activate
           python -m twine upload -r tobiko-private dist/*
       - name: Publish Python Tests package
         env:
           SETUPTOOLS_SCM_PRETEND_VERSION: ${{ steps.version.outputs.version }}
         run: |
           source .venv/bin/activate
           unset TWINE_USERNAME TWINE_PASSWORD && make publish-tests
       - name: Get GitHub App token
         id: get_token
         uses: actions/create-github-app-token@v2
         with: