From d35b632a07b0c2f6a2b5ac3f56cd782595444097 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Mon, 2 Dec 2024 14:43:30 -0300
Subject: [PATCH 1/2] Remove unused workflow input

---
 .changeset/nine-grapes-promise.md | 2 ++
 .github/workflows/ci.yml          | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/nine-grapes-promise.md

diff --git a/.changeset/nine-grapes-promise.md b/.changeset/nine-grapes-promise.md
new file mode 100644
index 0000000000..a845151cc8
--- /dev/null
+++ b/.changeset/nine-grapes-promise.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f349e00e10..4210bca4e8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,7 +2,7 @@ name: CI
 
 on:
   merge_group:
-  pull_request:
+  pull_request_target:
     branches:
       - main
       - release/v4

From ceb427768624b2c078cc41d11d25604c7034700d Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Tue, 3 Dec 2024 11:16:38 -0300
Subject: [PATCH 2/2] Do not use environment protection rule, rely on workflow
 run

---
 .github/workflows/ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4210bca4e8..6b6342183b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,7 @@ name: CI
 on:
   merge_group:
   pull_request_target:
+    types: [opened, synchronize]
     branches:
       - main
       - release/v4
@@ -12,7 +13,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from exfiltrating secrets for malicious purposes
+  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from accessing secrets for malicious purposes
   check-permissions:
     runs-on: 'blacksmith-8vcpu-ubuntu-2204'
     steps:
@@ -47,6 +48,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -118,6 +120,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -179,6 +182,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config