This change simply moves the trigger to `pull_request_target`. The
rest of this message contains verbose details related to that.
`pull_request_target` is used instead of `pull_request` since the
default GitHub token cannot pick up write permissions with the
`pull_request` type on PRs from public forks. Write permission is
needed to add reviewrs. This was previously tested on an edk2 fork
where PRs were not from other public forks into the fork being used
for testing but directly on the fork itself.
Because `pull_request_target` runs the pull request in the context
of the base branch (not the PR branch) some logic needs slightly
modified. The main change is that the GitHub context will no longer
give the PR branch HEAD as the PR commit SHA (i.e.
`github.event.pull_request.head.sha`). The SHA will be the base
branch (`master`) SHA as that is what is checked out for the
workflow run. SO, the actual PR SHA is now fetched separately.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Adds a script that provides GitHub API helpers for workflows and
other GitHub automation in the repository.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Michael Kubacki