Avoid using pull_request_target as it is allowing all users to use the Quay.io credentials (not directly but indirectly, which shouldn't be allowed inside GH Actions) in building the Oracle workflow for pull requests. Instead use pull_request and make sure it is build rightly.

For example this https://github.com/debezium/debezium/actions/runs/4474291408 is a build from the user who doesn't have credentials but the build was successful.