diff --git a/.github/workflows/branch-e2e.yml b/.github/workflows/branch-e2e.yml
index ad53bb63..7f4c0e05 100644
--- a/.github/workflows/branch-e2e.yml
+++ b/.github/workflows/branch-e2e.yml
@@ -1,7 +1,11 @@
 name: Branch E2E Checks
 
+# pull_request_target runs in the base repo context with write permissions,
+# enabling fork PRs to push docker images to GHCR and run e2e tests.
+# Security: the test:e2e label is a maintainer trust gate — only org members
+# can apply it, signalling that the PR code has been reviewed.
 on:
-  pull_request:
+  pull_request_target:
     types: [opened, synchronize, reopened, labeled]
 
 permissions:
@@ -16,6 +20,7 @@ jobs:
       component: gateway
       platform: linux/arm64
       runner: build-arm64
+      ref: ${{ github.event.pull_request.head.sha }}
 
   build-cluster:
     if: contains(github.event.pull_request.labels.*.name, 'test:e2e')
@@ -24,10 +29,12 @@ jobs:
       component: cluster
       platform: linux/arm64
       runner: build-arm64
+      ref: ${{ github.event.pull_request.head.sha }}
 
   e2e:
     needs: [build-gateway, build-cluster]
     uses: ./.github/workflows/e2e-test.yml
     with:
-      image-tag: ${{ github.sha }}
+      image-tag: ${{ github.event.pull_request.head.sha }}
       runner: build-arm64
+      ref: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 16a8447c..6a50de9c 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -32,6 +32,11 @@ on:
         required: false
         type: string
         default: ""
+      ref:
+        description: "Git ref to checkout (defaults to the triggering event ref)"
+        required: false
+        type: string
+        default: ""
 
 env:
   MISE_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -55,7 +60,7 @@ jobs:
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock
     env:
-      IMAGE_TAG: ${{ github.sha }}
+      IMAGE_TAG: ${{ inputs.ref || github.sha }}
       IMAGE_REGISTRY: ghcr.io/nvidia/openshell
       DOCKER_PUSH: ${{ inputs.push && '1' || '0' }}
       DOCKER_PLATFORM: ${{ inputs.platform }}
@@ -63,6 +68,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          ref: ${{ inputs.ref || '' }}
 
       - name: Mark workspace safe for git
         run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
index f14ccb88..d9a523b7 100644
--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@@ -12,6 +12,11 @@ on:
         required: false
         type: string
         default: "build-amd64"
+      ref:
+        description: "Git ref to checkout (defaults to the triggering event ref)"
+        required: false
+        type: string
+        default: ""
 
 permissions:
   contents: read
@@ -40,6 +45,8 @@ jobs:
       OPENSHELL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref || '' }}
 
       - name: Log in to GHCR
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin