From a678e5895f7ecf8ceef4ae0d60ff94943d6c559d Mon Sep 17 00:00:00 2001
From: Ethan Zimbelman <ethan.zimbelman@me.com>
Date: Wed, 17 Jan 2024 12:31:27 -0800
Subject: [PATCH] ci(security): check for pull_request_target events in the
 access check (#282)

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 087b4b25..8b4bdec7 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check user permissions
-      if: ${{ github.event_name == 'pull_request' && github.event.pull_request.author_association != 'MEMBER' }}
+      if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.author_association != 'MEMBER' }}
       run: |
         echo "Action was not triggered by an organization member. Exiting now."
         exit 1