From 2daba98981f9320de1be3a10d9bf37c0b77094e3 Mon Sep 17 00:00:00 2001
From: pennae <82953136+pennae@users.noreply.github.com>
Date: Sat, 18 Mar 2023 13:16:10 +0100
Subject: [PATCH] workflows: check maintainers sortedness on
 pull_request_target

`pull_request` workflows need approval to run, `pull_request_target`
does not. this one isn't particularly vulnerable and doesn't take long
to run, so we may as well run it without approval.
---
 .github/workflows/check-maintainers-sorted.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check-maintainers-sorted.yaml b/.github/workflows/check-maintainers-sorted.yaml
index 73987f9b9168..2c2473250d82 100644
--- a/.github/workflows/check-maintainers-sorted.yaml
+++ b/.github/workflows/check-maintainers-sorted.yaml
@@ -1,7 +1,7 @@
 name: "Check that maintainer list is sorted"
 
 on:
-  pull_request:
+  pull_request_target:
     paths:
       - 'maintainers/maintainer-list.nix'
 permissions:
@@ -13,6 +13,9 @@ jobs:
     if: github.repository_owner == 'NixOS'
     steps:
       - uses: actions/checkout@v3
+        with:
+          # pull_request_target checks out the base branch by default
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
       - uses: cachix/install-nix-action@v19
         with:
           # explicitly enable sandbox