chore: Remove default branch specification in checkout action #15

	name: Bot - On PR

	# Runs on opened, reopened, and ready_for_review. One job: run on-commit checks
	# (DCO, GPG, merge conflict), then on-PR (assign, labels), passing outputs between steps.
	on:
	# Uses pull_request_target so fork PRs get write token without repo setting; we
	# checkout default branch only so we never run PR branch code.
	pull_request_target:
	types:
	- opened
	- reopened
	- ready_for_review

	permissions:
	pull-requests: write
	contents: read
	checks: write

	jobs:
	on-pr:
	runs-on: hiero-client-sdk-linux-large
	if: github.event.pull_request.draft == false

	concurrency:
	group: on-pr-${{ github.event.pull_request.number }}
	cancel-in-progress: false

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
	with:
	egress-policy: audit

	- name: Checkout Repository
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Run On-Commit Checks
	id: on-commit
	uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
	with:
	script: \|
	const script = require('./.github/scripts/bot-on-commit.js');
	await script({ github, context });

	- name: Run On-PR
	if: always()
	env:
	DCO_PASSED: ${{ steps.on-commit.outputs.dco }}
	GPG_PASSED: ${{ steps.on-commit.outputs.gpg }}
	MERGE_CONFLICT: ${{ steps.on-commit.outputs.merge_conflict }}
	uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
	with:
	script: \|
	const script = require('./.github/scripts/bot-on-pr.js');
	await script({ github, context });

Provide feedback