From fdd718cd2260480f51103d990e09d86a23e72e89 Mon Sep 17 00:00:00 2001
From: Jerry <isjerryxiao@outlook.com>
Date: Tue, 5 Dec 2023 20:54:06 +0800
Subject: [PATCH] test-your-pr: fix bot comment: execute on pull_request_target
 and hardening [skip ci]

Signed-off-by: Jerry <isjerryxiao@outlook.com>
---
 .github/workflows/test-your-pr.yml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test-your-pr.yml b/.github/workflows/test-your-pr.yml
index 13e6b0f..310cc2c 100644
--- a/.github/workflows/test-your-pr.yml
+++ b/.github/workflows/test-your-pr.yml
@@ -1,7 +1,7 @@
 name: Test Your PR
 
 on:
-  pull_request:
+  pull_request_target:
     branches: [master]
 
 jobs:
@@ -13,11 +13,27 @@ jobs:
       generate_roa: ${{ steps.generate_roa.outputs.base64 }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+        with:
+          ref: master
+          path: trusted_master_head
+          fetch-depth: 0
+
+      - run: |
+          git remote add trusted trusted_master_head
+          git fetch trusted
+          # you shall not change this
+          git diff --exit-code --name-status trusted/master ${{github.event.pull_request.head.sha}} ./scripts
+          # just in case
+          rm -rf scripts && cp -a trusted_master_head/scripts ./
+        shell: bash
+
+      - uses: actions/checkout@v4
         with:
           repository: NeoCloud/NeoNetwork-ROA
           path: generated