From e353f9edbfc57dff59083e78ce9606f67d08f714 Mon Sep 17 00:00:00 2001
From: Will Scullin <scullin@scullinsteel.com>
Date: Mon, 6 Jan 2025 10:10:09 -0800
Subject: [PATCH] Use pull_request_target with ownership check (#53)

---
 .github/workflows/test.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index c9a811f..e0a6f81 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,7 +1,7 @@
 name: Test
 
 on:
-  pull_request:
+  pull_request_target:
   push:
     branches:
       - main
@@ -11,6 +11,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Check access
+        if: ${{ github.event.pull_request.author_association != 'COLLABORATOR' && github.event.pull_request.author_association != 'OWNER' }}
+        run: |
+          echo "Event not triggered by a collaborator."
+          exit 1
       - uses: actions/checkout@v4
         with:
           submodules: 'true'