name: validate-external
on:
  pull_request_target:
    branches:
      - main
    types: [edited, opened, synchronize]
jobs:
  authorize:
    if: github.repository != github.event.pull_request.head.repo.full_name
    environment:
      ${{ github.event_name == 'pull_request_target' &&
      github.event.pull_request.head.repo.full_name != github.repository &&
      'external' || 'internal' }}
    runs-on: ubuntu-24.04
    steps:
      - run: echo ✓
  build:
    needs: authorize
    uses: ./.github/workflows/validate.yml
    secrets:
      ASSET_REPO: ${{ secrets.ASSET_REPO }}
      ASSET_REPO_TOKEN: ${{ secrets.ASSET_REPO_TOKEN }}
    steps:
      - name: Checkout PR branch
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.ref }}