From 7fb94082024f15ad5cd1c52be633663f3f1924ee Mon Sep 17 00:00:00 2001
From: Dillon Beresford <165616268+bwdil@users.noreply.github.com>
Date: Mon, 10 Jun 2024 10:54:24 -0500
Subject: [PATCH] [PM-7025] include check-run in workflows where secrets are
 used (#9135)

* include check-run in workflows where secrets are used

* revert changes in build-cli workflow and add check-run to codecov

* assert token permissions

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
---
 .github/workflows/test.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 12649b91ea..cb4a18947b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,16 +8,26 @@ on:
       - "main"
       - "rc"
       - "hotfix-rc-*"
-  pull_request:
+  pull_request_target:
+    types: [opened, synchronize]
 
 defaults:
   run:
     shell: bash
 
 jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+
   test:
     name: Run tests
     runs-on: ubuntu-22.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+      
     steps:
       - name: Checkout repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1