From 22d83d95a514432fdaf3e631a7dd65d4086cb20b Mon Sep 17 00:00:00 2001
From: Aaron Friel <mayreply@aaronfriel.com>
Date: Tue, 15 Nov 2022 13:58:19 -0800
Subject: [PATCH] ci: Refactor linear-history check to run on pull request
 target for community PRs

---
 .github/workflows/on-pr-target.yml | 26 ++++++++++++++++++++++++++
 bors.toml                          |  2 +-
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/on-pr-target.yml

diff --git a/.github/workflows/on-pr-target.yml b/.github/workflows/on-pr-target.yml
new file mode 100644
index 000000000000..213da85699d3
--- /dev/null
+++ b/.github/workflows/on-pr-target.yml
@@ -0,0 +1,26 @@
+name: PR
+
+# This workflow should be used with care. pull_request_target runs on untrusted workflows
+# with potential write access. We disable all but "contents: read" here.
+#
+# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
+on:
+  pull_request_target:
+
+permissions:
+  contents: read
+
+jobs:
+  # This check enables us to ensure PRs have valid commit history or recommend a corrective action
+  # before running `bors`.
+  linear-history:
+    name: linear-history
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # This should be the merge commit of the PR or candidate merge commit in the staging branch for `bors`.
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+          fetch-depth: 0
+      - name: Check for non-linear history
+        run: ./scripts/git-linear-history-check.sh
diff --git a/bors.toml b/bors.toml
index c6cec5d17dac..938bdd5868fa 100644
--- a/bors.toml
+++ b/bors.toml
@@ -7,5 +7,5 @@ status = [
 	'bors-ok',
 ]
 pr_status = [
-	'CI / lint / linear-history'
+	'PR / linear-history'
 ]