From 8ebc51f37112630ba17d2044e7b81474450e2c86 Mon Sep 17 00:00:00 2001
From: Kyle Mestery <mestery@mestery.com>
Date: Thu, 14 Jul 2022 10:44:47 -0500
Subject: [PATCH] Per [1], we need to use pull_request_target instead of
 pull_request here. The tl;dr is that this runs as the *users* credentials,
 but they may not have access to the repo.

See also [2].

[1] https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[2] https://github.com/actions/first-interaction/issues/31

Signed-off-by: Kyle Mestery <mestery@mestery.com>
---
 .github/workflows/first-interaction.yml       | 2 +-
 .github/workflows/{linters.md => linters.yml} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename .github/workflows/{linters.md => linters.yml} (100%)

diff --git a/.github/workflows/first-interaction.yml b/.github/workflows/first-interaction.yml
index ba799be5..38eb58b2 100644
--- a/.github/workflows/first-interaction.yml
+++ b/.github/workflows/first-interaction.yml
@@ -3,7 +3,7 @@ name: 'First Interaction'
 on:
   issues:
     types: [ opened ]
-  pull_request:
+  pull_request_target:
     branches: [ main ]
 
   workflow_dispatch:
diff --git a/.github/workflows/linters.md b/.github/workflows/linters.yml
similarity index 100%
rename from .github/workflows/linters.md
rename to .github/workflows/linters.yml