From 44976bd199fe4b6daa3c83e29ffdaf6990a5d25e Mon Sep 17 00:00:00 2001
From: Jay Blackman <blckmn@users.noreply.github.com>
Date: Fri, 2 May 2025 08:51:04 +1000
Subject: [PATCH] Update Deploy Preview to use pull_request_target

Access to secrets is not possible with PR from fork.

Caution will need to be had around allowing commits to this yml file in the future.

Not that secrets should not be available to code itself (actions with params only).
---
 .github/workflows/deploy-preview.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml
index 541b823c..682f0543 100644
--- a/.github/workflows/deploy-preview.yml
+++ b/.github/workflows/deploy-preview.yml
@@ -1,6 +1,6 @@
 name: 'Preview Deployment'
 on:
-  pull_request:
+  pull_request_target:
     branches:
       - master
 
@@ -35,9 +35,6 @@ jobs:
       - name: Deploy to Cloudflare
         id: deploy
         uses: cloudflare/wrangler-action@v3
-        env:
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
         with:
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}