feat: Update test workflow to support running tests on forks

jianyuan · jianyuan · commit c2971dfc3679 · 2025-11-05T21:32:10.000Z
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -4,7 +4,8 @@ name: Tests
 # This GitHub action runs your tests for each pull request and push.
 # Optionally, you can turn it on using a schedule for regular testing.
 on:
-  pull_request:
+  pull_request_target:
+    types: [opened, synchronize]
     paths-ignore:
       - "README.md"
   push:
@@ -22,7 +23,22 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
+      - id: check-access
+        if: github.event_name == 'pull_request_target'
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+      - name: Check User Permission
+        if: github.event_name == 'pull_request_target' && steps.check-access.outputs.require-result != 'true'
+        run: |
+          echo "User ${{ github.triggering_actor }} lacks the necessary rights on this repository."
+          echo "Their current access level: ${{ steps.checkAccess.outputs.user-permission }}"
+          echo "Initial trigger for this job: ${{ github.actor }}"
+          exit 1
       - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
       - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
@@ -37,7 +53,22 @@ jobs:
   generate:
     runs-on: ubuntu-latest
     steps:
+      - id: check-access
+        if: github.event_name == 'pull_request_target'
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+      - name: Check User Permission
+        if: github.event_name == 'pull_request_target' && steps.check-access.outputs.require-result != 'true'
+        run: |
+          echo "User ${{ github.triggering_actor }} lacks the necessary rights on this repository."
+          echo "Their current access level: ${{ steps.checkAccess.outputs.user-permission }}"
+          echo "Initial trigger for this job: ${{ github.actor }}"
+          exit 1
       - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
       - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
@@ -65,7 +96,22 @@ jobs:
         terraform:
           - "1.13.*"
     steps:
+      - id: check-access
+        if: github.event_name == 'pull_request_target'
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+      - name: Check User Permission
+        if: github.event_name == 'pull_request_target' && steps.check-access.outputs.require-result != 'true'
+        run: |
+          echo "User ${{ github.triggering_actor }} lacks the necessary rights on this repository."
+          echo "Their current access level: ${{ steps.checkAccess.outputs.user-permission }}"
+          echo "Initial trigger for this job: ${{ github.actor }}"
+          exit 1
       - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
       - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
