[nrf noup] ci: prevent PRs from installing python pkgs

pip install requirements-actions.txt from base branch instead of untrusted PR
During install a malicious package can execute code in setup.py

Signed-off-by: Thomas Stilwell <[email protected]>

Author: thst-nordic

.github/workflows/manifest.yml

@@ -1,6 +1,8 @@
 name: Manifest
 on:
   pull_request_target:
+    branches:
+      - main
 
 permissions:
   contents: read
@@ -16,7 +18,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           path: zephyrproject/zephyr
-          ref: ${{ github.event.pull_request.head.sha }}
+          ref: ${{ github.event.pull_request.base.sha }}
           fetch-depth: 0
           persist-credentials: false
 
@@ -32,6 +34,14 @@ jobs:
           cd zephyrproject/zephyr
           pip install -r scripts/requirements-actions.txt --require-hashes
 
+      - name: Checkout the code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          path: zephyrproject/zephyr
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+          persist-credentials: false
+
       - name: west setup
         env:
           BASE_REF: ${{ github.base_ref }}