From ca983966d92b42f53d9f00e06861e8936c39cc6f Mon Sep 17 00:00:00 2001
From: Rodrigo Pombo <pombopombopombo@gmail.com>
Date: Mon, 23 Dec 2024 17:34:38 +0100
Subject: [PATCH] Use pull_request_target for write permissions

---
 .github/workflows/pr-merged.yml  | 4 +++-
 .github/workflows/pr-updated.yml | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml
index f0d31127..76d9a2cb 100644
--- a/.github/workflows/pr-merged.yml
+++ b/.github/workflows/pr-merged.yml
@@ -1,7 +1,7 @@
 name: PR Merged
 
 on:
-  pull_request:
+  pull_request_target:
     types: [closed]
     branches:
       - next
@@ -21,6 +21,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
 
       - name: Install pnpm
         uses: pnpm/action-setup@v4
diff --git a/.github/workflows/pr-updated.yml b/.github/workflows/pr-updated.yml
index d138acc5..096b894b 100644
--- a/.github/workflows/pr-updated.yml
+++ b/.github/workflows/pr-updated.yml
@@ -1,7 +1,7 @@
 name: PR Updated
 
 on:
-  pull_request:
+  pull_request_target:
     branches:
       - next
 
@@ -21,6 +21,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
 
       - name: Install pnpm
         uses: pnpm/action-setup@v4