Approval of Forked PRs to access restricted contexts.
This would allow OSS projects, or even non-OSS projects using forked PRs to run sensitive jobs upon the approval of an organizational member.
This would allow a team member to review the PR for any potentially malicious changes to config or code that would leak secrets.
Currently contexts are excluded from forked PRs just like project level secrets. I feel that restricted contexts that consider the actor would address security concerns of roque PRs, while allowing important testing jobs that require tokens to be successfully validated prior to merge.
The work-arounds today are overly complex that involve staging to intermediate branches and multiple PRs (one forked, one internal) that move changes from forked PR->Internal branch -> master branch.