ci: Refactor linear-history check to run on pull request target for c…

…ommunity PRs

.github/workflows/on-pr-target.yml

@@ -0,0 +1,26 @@
+name: PR
+
+# This workflow should be used with care. pull_request_target runs on untrusted workflows
+# with potential write access. We disable all but "contents: read" here.
+#
+# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
+on:
+  pull_request_target:
+
+permissions:
+  contents: read
+
+jobs:
+  # This check enables us to ensure PRs have valid commit history or recommend a corrective action
+  # before running `bors`.
+  linear-history:
+    name: linear-history
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # This should be the merge commit of the PR or candidate merge commit in the staging branch for `bors`.
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+          fetch-depth: 0
+      - name: Check for non-linear history
+        run: ./scripts/git-linear-history-check.sh

bors.toml

@@ -7,5 +7,5 @@ status = [
 	'bors-ok',
 ]
 pr_status = [
-	'CI / lint / linear-history'
+	'PR / linear-history'
 ]