diff --git a/.github/workflows/circleci_pull_request.yml b/.github/workflows/circleci_pull_request.yml
new file mode 100644
index 00000000..511c4b21
--- /dev/null
+++ b/.github/workflows/circleci_pull_request.yml
@@ -0,0 +1,23 @@
+---
+name: Trigger CircleCI
+on:
+  pull_request_target:
+    types: [assigned]
+jobs:
+  approve: # First step
+    runs-on: ubuntu-latest
+    steps:
+    - name: Approve
+      run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
+  trigger-circleci:
+    runs-on: ubuntu-latest
+    needs: [approve] # Require the first step to finish
+    environment:
+      name: CI Check # Our dummy environment
+    steps:
+      - name: secretflow-yacl-ci
+        id: secretflow-yacl-ci
+        uses: CircleCI-Public/trigger-circleci-pipeline-action@v1.1.0
+        env:
+          CCI_TOKEN: ${{ secrets.CCI_TOKEN }}
+          TARGET_BRANCH: ${{ github.event.pull_request.head.ref }}
diff --git a/.github/workflows/circleci.yml b/.github/workflows/circleci_push.yml
similarity index 79%
rename from .github/workflows/circleci.yml
rename to .github/workflows/circleci_push.yml
index 408291d3..f1bd27a9 100644
--- a/.github/workflows/circleci.yml
+++ b/.github/workflows/circleci_push.yml
@@ -1,12 +1,7 @@
 ---
 name: Trigger CircleCI
 on:
-  push:
-    branches:
-    - main
-  pull_request:
-    branches:
-    - main
+  push
 jobs:
   trigger-circleci:
     runs-on: ubuntu-latest