chore: security update (#4447)

.github/workflows/fastgpt-preview-image.yml

@@ -1,10 +1,15 @@
 name: Preview FastGPT images
 on:
-  pull_request_target:
+  pull_request:
   workflow_dispatch:
 
 jobs:
   preview-fastgpt-images:
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
@@ -48,20 +53,13 @@ jobs:
           --cache-to=type=local,dest=/tmp/.buildx-cache \
           -t ${DOCKER_REPO_TAGGED} \
           .
-      # Add write md step after build
-      - name: Write md
-        run: |
-          echo "# 🤖 Generated by deploy action" > report.md
-          echo "📦 Preview Image: \`${DOCKER_REPO_TAGGED}\`" >> report.md
-          cat report.md
-
-      - name: Gh Rebot for Sealos
-        uses: labring/gh-rebot@v0.0.6
-        if: ${{ (github.event_name == 'pull_request_target') }}
+      - uses: actions/github-script@v7
         with:
-          version: v0.0.6
-        env:
-          GH_TOKEN: '${{ secrets.GH_PAT }}'
-          SEALOS_TYPE: 'pr_comment'
-          SEALOS_FILENAME: 'report.md'
-          SEALOS_REPLACE_TAG: 'DEFAULT_REPLACE_DEPLOY'
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Preview Image: ${{ env.DOCKER_REPO_TAGGED }}'
+            })