diff options
Diffstat (limited to 'nixpkgs/.github/workflows/check-by-name.yml')
-rw-r--r-- | nixpkgs/.github/workflows/check-by-name.yml | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/nixpkgs/.github/workflows/check-by-name.yml b/nixpkgs/.github/workflows/check-by-name.yml index e2126152fe5b..7a3598dbe2a4 100644 --- a/nixpkgs/.github/workflows/check-by-name.yml +++ b/nixpkgs/.github/workflows/check-by-name.yml @@ -3,8 +3,10 @@ name: Check pkgs/by-name # The pre-built tool is fetched from a channel, -# making it work predictable on all PRs -on: pull_request +# making it work predictable on all PRs. +on: + # Using pull_request_target instead of pull_request avoids having to approve first time contributors + pull_request_target # The tool doesn't need any permissions, it only outputs success or not based on the checkout permissions: {} @@ -15,7 +17,10 @@ jobs: # as specified in nixos/release-combined.nix runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v23 - name: Determining channel to use for dependencies run: | |