name: receive-pr

on:
  pull_request:
    types: [opened, synchronize]
    branches:
      - main

concurrency:
  group: '${{ github.workflow }} @ ${{ github.ref }}'
  cancel-in-progress: true

# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
jobs:
  upload-patch:
    uses: openrewrite/gh-automation/.github/workflows/receive-pr.yml@main