Make sure CI runs on correct branch

[DistributedDoge]

I think root of the problem when merging #27 was this, and now that repository is using secrets, it may also affect all future pull requests:

With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.

Looking online, I see suggestions that replacing pull_request with pull_request_target might give the Github CI runner access to secrets of host (i.e. this) repository when a pull request is made.

EDIT: Might also need some changes to @.checkout step to make sure we execute the code that is supplied inside pull request.

name: CI
on: 
  pull_request_target:
    branches:
      - main

The downside of allowing secrets in pull requests, malicious PRs, is partially mitigated by GitHub Actions: Maintainers must approve first time contributor workflow runs.

EDIT: Two posssible alternatives

• find other way to trigger for the CI workflow.
• don't run assets using API keys as part of CI, then it won't need secrets

[DistributedDoge]

Effects of recent PR:

• CI can now access secrets. Progress!
• Cl checkouts code from current master branch of host repo, not the branch PR is trying to merge.

Solution is to modify checkout step to explicitly specify which branch we want to run our code on.

[davidgasquez]

:rocket: Nice digging, nice PRing!