From f42a3ca33daa0496bd6fe3d765b51385b9b9961d Mon Sep 17 00:00:00 2001
From: Yura Menshov <user344u@gmail.com>
Date: Wed, 4 Dec 2024 20:54:14 +0200
Subject: [PATCH 1/4] change event type to have more permissions when dealing
 with forks

this is done so we can approve/reject PRs from forks
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ae549646..d76a41ff 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -3,7 +3,7 @@
 name: CI
 
 on:
-  pull_request:
+  pull_request_target:
     types: [opened, synchronize, reopened]
     
 jobs:

From 9a480e304522ac95398d0dd28f8c7ba213a5c8d4 Mon Sep 17 00:00:00 2001
From: Yura Menshov <user344u@gmail.com>
Date: Wed, 4 Dec 2024 20:54:30 +0200
Subject: [PATCH 2/4] restrict default permissions

---
 .github/workflows/ci.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index d76a41ff..4fa1d3c8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -5,6 +5,9 @@ name: CI
 on:
   pull_request_target:
     types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
     
 jobs:
   check-formatting:
@@ -84,6 +87,7 @@ jobs:
       - check-formatting
       - check-targets
     permissions:
+      contents: read
       pull-requests: write
     steps:
       - uses: actions/github-script@v7

From cc0bab818c4d4ad957ed4c5a30c58d85be9c0ea7 Mon Sep 17 00:00:00 2001
From: Yura Menshov <user344u@gmail.com>
Date: Wed, 4 Dec 2024 21:26:31 +0200
Subject: [PATCH 3/4] bump ubuntu runner version to 24.04

---
 .github/workflows/ci.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4fa1d3c8..861f6e30 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -12,7 +12,7 @@ permissions:
 jobs:
   check-formatting:
     name: Check formatting
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -34,7 +34,7 @@ jobs:
         include:
           - name: Linux
             target: x86_64-unknown-linux-gnu
-            os: ubuntu-latest
+            os: ubuntu-24.04
           # - name: macOS
           #   target: x86_64-apple-darwin
           #   os: macos-latest
@@ -81,7 +81,7 @@ jobs:
           cargo +${{ steps.install-rust.outputs.name }} test --target ${{ matrix.target }} --workspace --test "*" --no-fail-fast
   review-pr:
     name: Review PR
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     if: ${{ always() }}
     needs:
       - check-formatting

From 64b91ad39dd06453317f952e7ff1a086d06fb912 Mon Sep 17 00:00:00 2001
From: Yura Menshov <user344u@gmail.com>
Date: Thu, 5 Dec 2024 03:49:36 +0200
Subject: [PATCH 4/4] install protoc 29.1

---
 .github/workflows/ci.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 861f6e30..62064372 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -58,6 +58,11 @@ jobs:
           toolchain: 1.81.0
           components: rustfmt
           targets: ${{ matrix.target }}
+      - name: Install protoc
+        uses: arduino/setup-protoc@v3
+        with:
+          version: "29.1"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
       - name: Build library
         id: check-lib
         if: ${{ always() }}