diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index ec3fe3ea..6f66be0d 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -1,7 +1,7 @@
 name: Deploy application
 
 on:
-  pull_request:
+  pull_request_target:
   push:
     branches:
       - 'master'
@@ -17,6 +17,7 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
       # Declares the repository safe and not under dubious ownership.
       - name: Add repository to git safe directories
         run: git config --global --add safe.directory $GITHUB_WORKSPACE
@@ -52,6 +53,7 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
       - name: download build artifact
         uses: actions/download-artifact@v4
         with:
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 714d0c7c..8f482fb2 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -1,7 +1,7 @@
 name: Run linting and suggest changes
 
 on:
-  pull_request:
+  pull_request_target:
 
 permissions:
   contents: read
@@ -15,8 +15,10 @@ jobs:
         python-version: ['3.12']
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies