From: Marcel van der Veldt <m.vanderveldt@outlook.com>
Date: Thu, 5 Feb 2026 23:38:55 +0000 (+0100)
Subject: Another small fix for the security workflow
X-Git-Url: https://git.kitaultman.com/?a=commitdiff_plain;h=05eb34f8e775e5bc3ad0711a779cb3a3560214bd;p=music-assistant-server.git

Another small fix for the security workflow
---

diff --git a/.github/workflows/dependency-security.yml b/.github/workflows/dependency-security.yml
index ba25899c..f602170d 100644
--- a/.github/workflows/dependency-security.yml
+++ b/.github/workflows/dependency-security.yml
@@ -4,10 +4,10 @@
 name: Dependency Security Check
 
 on:
-  pull_request:
+  pull_request_target:
     paths:
-      - 'requirements_all.txt'
-      - '**/manifest.json'
+      - "requirements_all.txt"
+      - "**/manifest.json"
     branches:
       - stable
       - dev
@@ -15,7 +15,7 @@ on:
 permissions:
   contents: read
   pull-requests: write
-  issues: write  # Needed to post PR comments (PRs are issues in GitHub API)
+  issues: write # Needed to post PR comments
 
 jobs:
   security-check:
@@ -24,7 +24,8 @@ jobs:
       - name: Check out code from GitHub
         uses: actions/checkout@v6
         with:
-          fetch-depth: 0  # Need full history for diff
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0 # Need full history for diff
 
       - name: Set up Python
         uses: actions/setup-python@v6.2.0
@@ -232,6 +233,9 @@ jobs:
 
           cat security_report.md
 
+          # Add to GitHub job summary (always available, even for forks)
+          cat security_report.md >> $GITHUB_STEP_SUMMARY
+
       # Step 6: Post comment to PR
       - name: Post security report to PR
         uses: actions/github-script@v7