From 578e90a1e686fd0c7f51128f1a8099772abac636 Mon Sep 17 00:00:00 2001
From: Cameron Dunn <cameron@sublimesecurity.com>
Date: Wed, 8 Oct 2025 16:26:05 -0700
Subject: [PATCH 1/6] Simplify workflow and sort

---
 .github/workflows/ensure-sorted.yml | 83 +++--------------------------
 free_file_hosts.txt                 |  2 +-
 2 files changed, 8 insertions(+), 77 deletions(-)

diff --git a/.github/workflows/ensure-sorted.yml b/.github/workflows/ensure-sorted.yml
index 976b2408..d4b31830 100644
--- a/.github/workflows/ensure-sorted.yml
+++ b/.github/workflows/ensure-sorted.yml
@@ -1,18 +1,13 @@
 name: Ensure lists are sorted
 
 on:
-  pull_request_target:
-    branches: [ "master" ]
-  workflow_dispatch: {}
-  issue_comment:
-    types: [ created ]
-  merge_group: {}
+  pull_request:
 
 concurrency:
   # For pull_request_target workflows we want to use head_ref -- the branch triggering the workflow. Otherwise,
   # use ref, which is the branch for a push event or workflow trigger. And for an issue comment just give up grouping.
-  group: ${{ github.event_name == 'pull_request_target' && github.head_ref || (github.event_name == 'issue_comment' && github.run_id || github.ref) }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request_target' }}
+  group: ${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   tests:
@@ -23,88 +18,26 @@ jobs:
       issues: read
       pull-requests: read
       checks: write
-    if: github.event_name != 'issue_comment'
 
     steps:
-      - name: Get PR branch
-        if: github.event_name == 'issue_comment'
-        uses: alessbell/pull-request-comment-branch@v1.1 # Fork of xt0rted/pull-request-comment-branch, see https://github.com/xt0rted/pull-request-comment-branch/issues/322
-        id: comment_branch
-
-      - name: Get Refs
-        id: get_head_ref
-        run: |
-          # Accurate for push events, merge queues, and workflow dispatch.
-          head_ref="${{ github.ref }}"
-          repo="${{ github.repository }}"
-
-          if [[ "${{ github.event_name }}" == 'pull_request_target' ]]; then
-            head_ref="${{ github.head_ref }}"
-            repo="${{ github.event.pull_request.head.repo.full_name }}"
-          elif [[ "${{ github.event_name }}" == 'issue_comment' ]]; then
-            # Rely on comment_branch to figure out the head and base
-            head_ref="${{ steps.comment_branch.outputs.head_ref }}"
-            repo="${{ steps.comment_branch.outputs.head_owner }}/${{ steps.comment_branch.outputs.head_repo }}"
-          fi
-          
-          echo "##[set-output name=head_ref;]$head_ref"
-          echo "##[set-output name=repo;]$repo"
-
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
-          repository: ${{ steps.get_head_ref.outputs.repo }}
-          ref: ${{ steps.get_head_ref.outputs.head_ref }}
           fetch-depth: 0
 
-      - name: Validate Branch vs. Trigerring SHA
-        run: |
-          # If this is from a pull request validate that what we checked out is the same as the PR head.
-          # If not we'll just fail -- the workflow will be cancelled momentarily.
-          if [[ "${{ github.event_name }}" == 'pull_request_target' ]]; then
-            if [[ "${{ github.event.pull_request.head.sha }}" != "$(git rev-parse HEAD)" ]]; then
-              echo "Workflow is out of date with branch, cancelling"
-              exit 1
-            fi
-          fi
-
-      - name: Get Refs
-        id: get_base_ref
-        run: |
-          run_all=""
-          base_ref=""
-
-          if [[ "${{ github.event_name }}" == 'pull_request_target' ]]; then
-            # Detect changes based on whatever we're merging into.
-            base_ref="${{ github.base_ref }}"
-          elif [[ "${{ github.event_name }}" == 'push' || "${{ github.event_name }}" == 'merge_group' ]]; then
-            # Detect changes based on the previous commit
-            base_ref="$(git rev-parse HEAD^)"
-          elif [[ "${{ github.event_name }}" == 'workflow_dispatch' ]]; then
-            # Run on a target
-            run_all="true"
-          elif [[ "${{ github.event_name }}" == 'issue_comment' ]]; then
-            # Rely on comment_branch to figure out  base
-            base_ref="${{ steps.comment_branch.outputs.base_ref }}"
-          fi
-          
-          echo "##[set-output name=run_all;]$run_all"
-          echo "##[set-output name=base_ref;]$base_ref"
-
       - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
         with:
           python-version: '3.10'
 
       - name: Sort file content order
-        if: github.event_name != 'issue_comment'
         run: |
           python ./scripts/sorter.py
 
       - name: Commit & Push Results, if needed
-        if: github.event_name != 'issue_comment'
-        id: final_basic_validation
+        id: push_results
         run: |
-
+          echo "Using fresh workflow"
+          
           if [ -z "$(git status --porcelain)" ]; then
             echo "No files changed, nothing to do"
             exit 0
@@ -114,6 +47,4 @@ jobs:
           git config user.email 'hello@sublimesecurity.com'
           git add '*.txt'
           git commit -m "Auto sorting static files"
-          # This will only work when running for a pull_request_target, but rather than filter we'll let this expose
-          # any issues.
-          git push origin ${{ steps.get_head_ref.outputs.head_ref }}
+          git push origin ${{ github.ref }}
diff --git a/free_file_hosts.txt b/free_file_hosts.txt
index d9318451..4f1e808f 100644
--- a/free_file_hosts.txt
+++ b/free_file_hosts.txt
@@ -23,8 +23,8 @@ attachments.office.net
 backblazeb2.com
 beautiful.ai
 behance.net
-bitbucket.com
 box.com
+bitbucket.com
 buildin.ai
 bunkr.site
 canva.com

From e010045e84f1e9419aff966ceac860d5fc33e389 Mon Sep 17 00:00:00 2001
From: Cameron Dunn <cameron@sublimesecurity.com>
Date: Wed, 8 Oct 2025 16:29:27 -0700
Subject: [PATCH 2/6] fix ref

---
 .github/workflows/ensure-sorted.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ensure-sorted.yml b/.github/workflows/ensure-sorted.yml
index d4b31830..5436e7b5 100644
--- a/.github/workflows/ensure-sorted.yml
+++ b/.github/workflows/ensure-sorted.yml
@@ -4,9 +4,7 @@ on:
   pull_request:
 
 concurrency:
-  # For pull_request_target workflows we want to use head_ref -- the branch triggering the workflow. Otherwise,
-  # use ref, which is the branch for a push event or workflow trigger. And for an issue comment just give up grouping.
-  group: ${{ github.ref }}
+  group: ${{ github.pull_request.head.ref }}
   cancel-in-progress: true
 
 jobs:
@@ -47,4 +45,4 @@ jobs:
           git config user.email 'hello@sublimesecurity.com'
           git add '*.txt'
           git commit -m "Auto sorting static files"
-          git push origin ${{ github.ref }}
+          git push origin ${{ github.pull_request.head.ref }}

From 7c643df447885dbf041e9b00d7179b2ec0c03500 Mon Sep 17 00:00:00 2001
From: Cameron Dunn <cameron@sublimesecurity.com>
Date: Wed, 8 Oct 2025 16:32:43 -0700
Subject: [PATCH 3/6] 1 more

---
 .github/workflows/ensure-sorted.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ensure-sorted.yml b/.github/workflows/ensure-sorted.yml
index 5436e7b5..4fb7aaf9 100644
--- a/.github/workflows/ensure-sorted.yml
+++ b/.github/workflows/ensure-sorted.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
 
 concurrency:
-  group: ${{ github.pull_request.head.ref }}
+  group: ${{ github.head_ref }}
   cancel-in-progress: true
 
 jobs:
@@ -45,4 +45,4 @@ jobs:
           git config user.email 'hello@sublimesecurity.com'
           git add '*.txt'
           git commit -m "Auto sorting static files"
-          git push origin ${{ github.pull_request.head.ref }}
+          git push origin ${{ github.head_ref }}

From c21f02dc5297ca0b86ea754707b99fdb8184b422 Mon Sep 17 00:00:00 2001
From: Cameron Dunn <cameron@sublimesecurity.com>
Date: Wed, 8 Oct 2025 16:37:42 -0700
Subject: [PATCH 4/6] head

---
 .github/workflows/ensure-sorted.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ensure-sorted.yml b/.github/workflows/ensure-sorted.yml
index 4fb7aaf9..f17c0cd7 100644
--- a/.github/workflows/ensure-sorted.yml
+++ b/.github/workflows/ensure-sorted.yml
@@ -45,4 +45,4 @@ jobs:
           git config user.email 'hello@sublimesecurity.com'
           git add '*.txt'
           git commit -m "Auto sorting static files"
-          git push origin ${{ github.head_ref }}
+          git push origin HEAD:${{ github.head_ref }}

From e1c2bf906647524963aaf23bf0e10b57bd70b66c Mon Sep 17 00:00:00 2001
From: Sorted Order Validation <hello@sublimesecurity.com>
Date: Wed, 8 Oct 2025 23:38:20 +0000
Subject: [PATCH 5/6] Auto sorting static files

---
 free_file_hosts.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/free_file_hosts.txt b/free_file_hosts.txt
index 4f1e808f..d9318451 100644
--- a/free_file_hosts.txt
+++ b/free_file_hosts.txt
@@ -23,8 +23,8 @@ attachments.office.net
 backblazeb2.com
 beautiful.ai
 behance.net
-box.com
 bitbucket.com
+box.com
 buildin.ai
 bunkr.site
 canva.com

From 0757f5245ad61028570db90fb930c47d30c642f6 Mon Sep 17 00:00:00 2001
From: Cameron Dunn <cameron@sublimesecurity.com>
Date: Wed, 8 Oct 2025 17:33:23 -0700
Subject: [PATCH 6/6] Apply suggestion from @cameron-dunn-sublime

---
 .github/workflows/ensure-sorted.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/ensure-sorted.yml b/.github/workflows/ensure-sorted.yml
index f17c0cd7..a4546b13 100644
--- a/.github/workflows/ensure-sorted.yml
+++ b/.github/workflows/ensure-sorted.yml
@@ -34,8 +34,6 @@ jobs:
       - name: Commit & Push Results, if needed
         id: push_results
         run: |
-          echo "Using fresh workflow"
-          
           if [ -z "$(git status --porcelain)" ]; then
             echo "No files changed, nothing to do"
             exit 0