chore: checkout from sha after verifying triggering user perms

Signed-off-by: Taylor Price <[email protected]>

Author: drpebcak

.github/workflows/test.yaml

@@ -15,12 +15,33 @@ on:
       - README.md
 
 jobs:
+  check-perms:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get User Permission
+        id: checkAccess
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Check User Permission
+        if: steps.checkAccess.outputs.require-result == 'false'
+        run: |
+          echo "${{ github.triggering_actor }} does not have permissions on this repo."
+          echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+          echo "Job originally triggered by ${{ github.actor }}"
+          exit 1
+
   test-linux:
+    needs: check-perms
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 1
+          ref: ${{  github.event.pull_request.head.sha }}
       - uses: actions/setup-go@v5
         with:
           cache: false
@@ -38,11 +59,13 @@ jobs:
         run: make test
 
   test-windows:
+    needs: check-perms
     runs-on: windows-latest
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 1
+          ref: ${{  github.event.pull_request.head.sha }}
       - uses: actions/setup-go@v5
         with:
           cache: false