fix: update workflow for generating Terraform docs with improved permissions and checkout method

Author: pascalinthecloud

.github/workflows/generate_tf_docs.yaml

@@ -1,20 +1,31 @@
-name: Generate terraform docs
+name: Generate Terraform Docs
+
 on:
-  pull_request:
-    branches: [ main ]
+  pull_request_target:
+    branches: [main]
+    types: [opened, synchronize, reopened, edited]
+
+permissions:
+  contents: write
+  pull-requests: write
+  statuses: write
+
 jobs:
   docs:
+    name: Generate Terraform Docs
     runs-on: ubuntu-latest
+
     steps:
-    - uses: actions/checkout@v3
-      with:
-        token: ${{ secrets.WRITE_PAT }}
-        ref: ${{ github.event.pull_request.head.ref }}
+      - name: Checkout base repo (safe)
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.base.ref }}
+          token: ${{ secrets.WRITE_PAT }}
 
-    - name: Render terraform docs inside the README.md and push changes back to PR branch
-      uses: terraform-docs/[email protected]
-      with:
-        working-dir: .
-        output-file: README.md
-        output-method: replace
-        git-push: "true"
+      - name: Generate terraform docs (from base only)
+        uses: terraform-docs/[email protected]
+        with:
+          working-dir: .
+          output-file: README.md
+          output-method: replace
+          git-push: "true"