Fix resyntax permissions issue

The current Resyntax workflow runs on `pull_request`, which gives it a github token with **read-only** access when run on pull requests from forks. Using `pull_request_target` instead gives it a read-write token and allows the action to submit pull request reviews for pull requests from forks.
racket · Jul 3, 2022 · f534722 · f534722
1 parent fa598b6
commit f534722
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/.github/workflows/resyntax.yml b/.github/workflows/resyntax.yml
@@ -1,7 +1,9 @@
 name: Resyntax
 
 on:
-  pull_request:
+  # See https://github.community/t/github-actions-are-severely-limited-on-prs/18179 for
+  # why this uses pull_request_target instead of pull_request
+  pull_request_target:
     types:
       - opened
       - edited
@@ -17,9 +19,13 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
-        # See https://github.com/actions/checkout/issues/118.
         with:
+          # See https://github.com/actions/checkout/issues/118 for why the fetch depth needs to be zero
           fetch-depth: 0
+          # See https://github.community/t/github-actions-are-severely-limited-on-prs/18179/17 for why
+          # we need to specify the ref to checkout
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
       - uses: Bogdanp/[email protected]
         with:
           version: current