diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index b56bad9e5e..14ca616b41 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -3,14 +3,24 @@ on: push: branches: - main - pull_request: + pull_request_target: concurrency: group: continuous-integration-${{ github.head_ref }} cancel-in-progress: true jobs: + authorize: + environment: + ${{ (github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository) && + 'external' || 'internal' }} + runs-on: ubuntu-latest + steps: + - run: echo ✓ + build: + needs: authorize runs-on: ubuntu-latest timeout-minutes: 20 steps: @@ -19,6 +29,7 @@ jobs: with: fetch-depth: 0 submodules: true + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Setup Python environment uses: actions/setup-python@v4 diff --git a/.github/workflows/cross-platform-test.yml b/.github/workflows/cross-platform-test.yml index 7e95c1578f..33586dbe07 100644 --- a/.github/workflows/cross-platform-test.yml +++ b/.github/workflows/cross-platform-test.yml @@ -3,14 +3,24 @@ on: push: branches: - main - pull_request: + pull_request_target: concurrency: group: cross-platform-${{ github.head_ref }} cancel-in-progress: true jobs: + authorize: + environment: + ${{ (github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository) && + 'external' || 'internal' }} + runs-on: ubuntu-latest + steps: + - run: echo ✓ + suite: + needs: authorize runs-on: ${{ matrix.os }} timeout-minutes: 20 strategy: @@ -22,6 +32,7 @@ jobs: with: fetch-depth: 0 submodules: true + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Setup Node.js environment uses: actions/setup-node@v3