From 1ca9c63aacb54702854a2e206d3b95bf83f59c0b Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Tue, 3 Dec 2024 11:16:38 -0300
Subject: [PATCH] Do not use environment protection rule, rely on workflow run

---
 .github/workflows/ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8e84fd07de..6d92d85e41 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,7 @@ name: CI
 on:
   merge_group:
   pull_request_target:
+    types: [opened, synchronize]
     branches:
       - main
       - release/v4
@@ -12,7 +13,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from exfiltrating secrets for malicious purposes
+  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from accessing secrets for malicious purposes
   check-permissions:
     runs-on: 'blacksmith-8vcpu-ubuntu-2204'
     steps:
@@ -47,6 +48,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -118,6 +120,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -179,6 +182,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config