Frederick888 · Frederick888 · Nov 1, 2023 · Nov 1, 2023 · Nov 1, 2023 · Nov 1, 2023
diff --git a/.github/workflows/gh-ph.yml b/.github/workflows/gh-ph.yml
@@ -1,7 +1,7 @@
 name: Pull request history
 
 on:
-  pull_request:
+  pull_request_target:
 
 permissions:
   contents: read
@@ -17,7 +17,7 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: Frederick888/gh-ph@master

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ jobs:
   create_release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Conventional Commit Changelog

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
@@ -11,6 +11,6 @@ jobs:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@master
diff --git a/README.md b/README.md
@@ -39,7 +39,7 @@ Then add the fences to your pull request templates, and finally set up a job as
 
 ```yaml
 on:
-  pull_request:
+  pull_request_target:
 
 permissions:
   contents: read
@@ -50,7 +50,7 @@ jobs:
     name: Add commit history to pull request description
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 100
       - run: |
@@ -61,8 +61,6 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
-_Note_: [`GITHUB_TOKEN`](https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/) (and [secrets](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow)) does not work on PRs from public forks. Private repositories can consider [sending write tokens to workflows from pull requests](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories).
-
 # Configuration
 
 Default history format can be configured via environment variable [`GH_PH_HISTORY_FORMAT`](https://github.com/Frederick888/gh-ph/blob/1a9fe6f74a6067559885246a67f1d1df9366252c/gh-ph#L12) ([`with.format`](https://github.com/Frederick888/gh-ph/blob/1a9fe6f74a6067559885246a67f1d1df9366252c/action.yml#L8-L11) in Actions).

diff --git a/action.yml b/action.yml
@@ -26,10 +26,7 @@ runs:
   steps:
     - run: |
         git checkout "$GITHUB_BASE_REF"
-        if ! git checkout "$GITHUB_HEAD_REF"; then
-          git checkout "${GITHUB_REF/refs\//}^2"
-          git checkout -b "$GITHUB_HEAD_REF"
-        fi
+        gh pr checkout "$GH_PH_PULL_REQUEST_ID"
         printf 'y' | \
           GH_PH_PAGER='cat' \
           GH_PH_DEBUG='${{ inputs.debug }}' \