From c5a0675753a4b72f6cdf47ee8cceed84e94dfedd Mon Sep 17 00:00:00 2001
From: KevKibe <kchegz234@gmail.com>
Date: Mon, 3 Jun 2024 16:29:22 +0300
Subject: [PATCH 1/4] fix: run tests on pull_request_target

---
 .github/workflows/tests.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 4ef8cd5..9436113 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -1,6 +1,6 @@
 name: Tests
 
-on: [pull_request]
+on: [pull_request_target]
 
 jobs:
   test:

From dad166be8460170969ef9b3e260b88436bdd7994 Mon Sep 17 00:00:00 2001
From: KevKibe <kchegz234@gmail.com>
Date: Mon, 3 Jun 2024 16:43:41 +0300
Subject: [PATCH 2/4] fix: add secrets to dependabot configuration

---
 .github/dependabot.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9d866e3..dea7a3b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,3 +9,8 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+    secrets:
+      - PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+      - GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+      - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      - COHERE_API_KEY: ${{ secrets.COHERE_API_KEY }}

From 475bd8a62a6319a697f25a4ac20c5c93c2883130 Mon Sep 17 00:00:00 2001
From: KevKibe <kchegz234@gmail.com>
Date: Mon, 3 Jun 2024 16:44:24 +0300
Subject: [PATCH 3/4] fix: revert back to on pull_request

---
 .github/workflows/tests.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 9436113..4ef8cd5 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -1,6 +1,6 @@
 name: Tests
 
-on: [pull_request_target]
+on: [pull_request]
 
 jobs:
   test:

From 36fedb3d74b646b520a7a1161a6eec400b043301 Mon Sep 17 00:00:00 2001
From: KevKibe <kchegz234@gmail.com>
Date: Mon, 3 Jun 2024 17:31:25 +0300
Subject: [PATCH 4/4] fix: GH secrets access in GA run

---
 .github/dependabot.yml       | 6 +-----
 .github/workflows/tests.yaml | 4 ++++
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dea7a3b..182feb7 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,8 +9,4 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
-    secrets:
-      - PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
-      - GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-      - COHERE_API_KEY: ${{ secrets.COHERE_API_KEY }}
+
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 4ef8cd5..4b46188 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -2,6 +2,10 @@ name: Tests
 
 on: [pull_request]
 
+permissions:
+  id-token: write
+
+
 jobs:
   test:
       runs-on: ubuntu-latest