From 685921e40246673b1421cc3cf92b16f5d1193e67 Mon Sep 17 00:00:00 2001
From: Astrid Sapphire <59789839+SapphicFire@users.noreply.github.com>
Date: Wed, 1 Oct 2025 20:37:28 +1000
Subject: [PATCH 1/2] maint: Support forks in automation

---
 .github/workflows/check_contrib.yaml | 40 +++++++++++++++++++---------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/check_contrib.yaml b/.github/workflows/check_contrib.yaml
index e7d3b4f..a714047 100644
--- a/.github/workflows/check_contrib.yaml
+++ b/.github/workflows/check_contrib.yaml
@@ -13,22 +13,41 @@ permissions:
 
 jobs:
   check:
-    if: github.repository == 'ServiceNowDevProgram/notvalid'
+    if: github.repository == 'ServiceNowDevProgram/AutomationValidation'
     runs-on: ubuntu-latest
     name: Check PR
     steps:
-      - name: Shallow checkout
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-          fetch-depth: 0
+      - name: Init safe git workspace
+        run: |
+          set -euo pipefail
+          git init .
+          git remote add origin "https://github.com/${{ github.repository }}.git"
+          git fetch --no-tags --depth=1 origin main
+
+      - name: Resolve latest main and PR head SHAs
+        id: shas
+        run: |
+          set -euo pipefail
+
+          # Latest tip of main (base repo)
+          MAIN_SHA="$(git rev-parse FETCH_HEAD)"
 
-      - name: Detect allowed file changes
+          # Fetch PR head from the fork without checking out
+          PR_CLONE_URL="${{ github.event.pull_request.head.repo.clone_url }}"
+          PR_REF="refs/heads/${{ github.event.pull_request.head.ref }}"
+          git fetch --no-tags --depth=1 "${PR_CLONE_URL}" "+${PR_REF}:refs/remotes/_prhead"
+
+          PR_SHA="$(git rev-parse refs/remotes/_prhead)"
+
+          echo "main_sha=$MAIN_SHA" >> "$GITHUB_OUTPUT"
+          echo "pr_sha=$PR_SHA" >> "$GITHUB_OUTPUT"
+
+      - name: Use tj-actions/changed-files against explicit SHAs
         id: changes
         uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46
         with:
-          base_sha: ${{ github.event.pull_request.base.sha }}
-          ref: ${{ github.event.pull_request.head.sha }}
+          base_sha: ${{ steps.shas.outputs.main_sha }}
+          ref: ${{ steps.shas.outputs.pr_sha }}
 
           files: |
             b812ceb69337a210633378917cba10bc/checksum.txt
@@ -54,9 +73,6 @@ jobs:
               }
             }
 
-            console.log(`Non-compliant: ${nonCompliant}`);
-            console.log(`All changed: ${allChanged}`);
-
             const body = [
               '🚫 **Unexpected files changed in PR**',
               '',

From 53357cae738698e45ac3cc5054c0fa65020cff98 Mon Sep 17 00:00:00 2001
From: Astrid Sapphire <59789839+SapphicFire@users.noreply.github.com>
Date: Wed, 1 Oct 2025 20:39:04 +1000
Subject: [PATCH 2/2] maint: update repo

---
 .github/workflows/check_contrib.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_contrib.yaml b/.github/workflows/check_contrib.yaml
index a714047..6edbf00 100644
--- a/.github/workflows/check_contrib.yaml
+++ b/.github/workflows/check_contrib.yaml
@@ -13,7 +13,7 @@ permissions:
 
 jobs:
   check:
-    if: github.repository == 'ServiceNowDevProgram/AutomationValidation'
+    if: github.repository == 'ServiceNowDevProgram/ActionPack'
     runs-on: ubuntu-latest
     name: Check PR
     steps: