From 5295b51fcd4bff34fcdfb0ebc3112783037d1f1e Mon Sep 17 00:00:00 2001
From: Tomas Sebestik <tomas.sebestik@espressif.com>
Date: Thu, 24 Aug 2023 14:15:11 +0200
Subject: [PATCH] ci(danger-github): Fix github-action-bot permissions for
 posting Danger output

---
 .github/workflows/dangerjs.yml | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/dangerjs.yml b/.github/workflows/dangerjs.yml
index 2d4a9342d1..b2c078ae1d 100644
--- a/.github/workflows/dangerjs.yml
+++ b/.github/workflows/dangerjs.yml
@@ -1,20 +1,12 @@
 name: DangerJS Pull Request review
 
 on:
-  pull_request:
+  pull_request_target:
     types: [opened, edited, reopened, synchronize]
-    branches:
-      - '*'
-  workflow_dispatch:
 
 permissions:
-  actions: read
-  checks: read
-  contents: read
-  issues: write
   pull-requests: write
-  security-events: read
-  statuses: write
+  contents: write
 
 jobs:
   danger-check:
@@ -23,7 +15,10 @@ jobs:
       run:
         working-directory: .github/dangerjs
     steps:
-    - uses: actions/checkout@v3
+    - name: Check out PR head
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}
 
     - name: Setup NodeJS environment
       uses: actions/setup-node@v3