Workflows don't run as expected on external PRs

Workflows run in local PRs (e.g. https://github.com/blakeNaccarato/boilercv/pull/163) just fine because those are triggering on push in the configuration below.

https://github.com/blakeNaccarato/boilercv/blob/27219ccbca48e7a909220677f759368ed9001bca/.github/workflows/main.yml#L3

But these workflows don't run in external PRs (e.g. https://github.com/blakeNaccarato/boilercv/pull/164). I will need to add the pull_request trigger for that. However, in the case that an external PR bumps a dependency, would the Renovate and GitHub Actions bots be allowed to push to the remote contributor's branch? Will have to test this.

Performing the steps below directly in this repo (even with branches and PRs) is sort of like a patient operating on themselves, so if functionality breaks at any point, I'll have roll back and revisit other solutions to this problem (where a bot needs to make commits in the incoming branch of local and external PRs alike) and mock up this behavior in a dummy repo.

Tasks

[ ] Introduce pull_request trigger to workflows in patch branch in blakeNaccarato/boilercv
[ ] Fork the repo as a second user, make a trivial edit to patch branch as a second user, open a PR targeting patch branch, and see if workflows run (after approval)
[ ] Make another commit to the test PR, one that triggers the GHA bot to try and commit. Does it work?
[ ] Close the test PR
[ ] Merge patch into main
[ ] Raise a trivial PR now against main with a second user and see if workflows run
[ ] Make another commit to the test PR, one that triggers the GHA bot to try and commit. Does it work?
[ ] Trigger a Renovate PR (for a small version bump) and ensure the workflow works the same in that kind of PR
[ ] Merge the Renovate PR and see if the post-merge workflow runs as expected
[ ] If the results aren't as expected, consider fixing this more thoroughly in a dummy project

softboiler / boilercv

Workflows don't run as expected on external PRs #165

Tasks