diff options
| -rw-r--r-- | .github/workflows/check-by-name.yml | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/.github/workflows/check-by-name.yml b/.github/workflows/check-by-name.yml index da39846df408..7a3598dbe2a4 100644 --- a/.github/workflows/check-by-name.yml +++ b/.github/workflows/check-by-name.yml @@ -3,8 +3,10 @@ name: Check pkgs/by-name # The pre-built tool is fetched from a channel, -# making it work predictable on all PRs -on: pull_request +# making it work predictable on all PRs. +on: + # Using pull_request_target instead of pull_request avoids having to approve first time contributors + pull_request_target # The tool doesn't need any permissions, it only outputs success or not based on the checkout permissions: {} @@ -16,6 +18,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v23 - name: Determining channel to use for dependencies run: | |