workflows: check maintainers sortedness on pull_request_target

`pull_request` workflows need approval to run, `pull_request_target` does not. this one isn't particularly vulnerable and doesn't take long to run, so we may as well run it without approval.
author: pennae <82953136+pennae@users.noreply.github.com> 2023-03-18 13:16:10 +0100
committer: pennae <82953136+pennae@users.noreply.github.com> 2023-03-19 22:45:33 +0100
commit: 2daba98981f9320de1be3a10d9bf37c0b77094e3 (patch)
tree: 31f9b90216d90d5c6ac2d674770f4492f9edb4bd /.github
parent: 42abb58ab30f7e19a615952322bc4e7cb5aa1bdb (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/.github/workflows/check-maintainers-sorted.yaml b/.github/workflows/check-maintainers-sorted.yaml
index 73987f9b91682..2c2473250d820 100644
--- a/.github/workflows/check-maintainers-sorted.yaml
+++ b/.github/workflows/check-maintainers-sorted.yaml
@@ -1,7 +1,7 @@
 name: "Check that maintainer list is sorted"
 
 on:
-  pull_request:
+  pull_request_target:
     paths:
       - 'maintainers/maintainer-list.nix'
 permissions:
@@ -13,6 +13,9 @@ jobs:
     if: github.repository_owner == 'NixOS'
     steps:
       - uses: actions/checkout@v3
+        with:
+          # pull_request_target checks out the base branch by default
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
       - uses: cachix/install-nix-action@v19
         with:
           # explicitly enable sandbox
author	pennae <82953136+pennae@users.noreply.github.com>	2023-03-18 13:16:10 +0100
committer	pennae <82953136+pennae@users.noreply.github.com>	2023-03-19 22:45:33 +0100
commit	2daba98981f9320de1be3a10d9bf37c0b77094e3 (patch)
tree	31f9b90216d90d5c6ac2d674770f4492f9edb4bd /.github
parent	42abb58ab30f7e19a615952322bc4e7cb5aa1bdb (diff)