From d258f2b898d368a48af7cd1ddbce0f5b018fd12f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Attila=20M=C3=A9sz=C3=A1ros?= <a_meszaros@apple.com>
Date: Thu, 19 Mar 2026 17:58:11 +0100
Subject: [PATCH] improve: run sonar for forked repo PRs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Attila Mészáros <a_meszaros@apple.com>
---
 .github/workflows/sonar.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
index 95419a1a1a..778ac0e549 100644
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@@ -12,7 +12,7 @@ on:
       - 'docs/**'
       - 'adr/**'
     branches: [ main ]
-  pull_request:
+  pull_request_target:
     paths-ignore:
       - 'docs/**'
       - 'adr/**'
@@ -21,9 +21,12 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
-    if: ${{ github.actor != 'dependabot[bot]' && (( github.event_name == 'push' ) || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login == 'operator-framework' )) }}
+    if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
       - name: Set up Java and Maven
         uses: actions/setup-java@v5
         with: