From 3f364e5a06463bf72510cb02e5af57c8cbb635d9 Mon Sep 17 00:00:00 2001
From: Vipul Gupta <vipulgupta2048@gmail.com>
Date: Tue, 2 Apr 2024 11:53:44 +0530
Subject: [PATCH] patch: Add support for external contributors

---
 .github/workflows/flowzone.yml | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml
index d78ec92..9c8dfea 100644
--- a/.github/workflows/flowzone.yml
+++ b/.github/workflows/flowzone.yml
@@ -3,14 +3,27 @@ name: Flowzone
 on:
   pull_request:
     types: [opened, synchronize, closed]
-    branches:
-      - "main"
-      - "master"
+    branches: [main, master]
+  # allow external contributions to use secrets within trusted code
+  pull_request_target:
+    types: [opened, synchronize, closed]
+    branches: [main, master]
 
 jobs:
   flowzone:
     name: Flowzone
     uses: product-os/flowzone/.github/workflows/flowzone.yml@master
+    # prevent duplicate workflow executions for pull_request and pull_request_target
+    if: |
+      (
+        github.event.pull_request.head.repo.full_name == github.repository &&
+        github.event_name == 'pull_request'
+      ) || (
+        github.event.pull_request.head.repo.full_name != github.repository &&
+        github.event_name == 'pull_request_target'
+      )
+
+    # Workflows in the same org or enterprise can use the inherit keyword to pass secrets implicitly
     secrets: inherit
     with:
       balena_slugs: balena_io_examples/balena-cpp-hello-world