Update pr-merge.yaml

try and fix permissions issue of missing secret on PRs

Author: netmindz

.github/workflows/pr-merge.yaml

@@ -8,6 +8,25 @@
       notify:
         runs-on: ubuntu-latest
         steps:
+        - name: Get User Permission
+          id: checkAccess
+          uses: actions-cool/check-user-permission@v2
+          with:
+            require: write
+            username: ${{ github.triggering_actor }}
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        - name: Check User Permission
+          if: steps.checkAccess.outputs.require-result == 'false'
+          run: |
+            echo "${{ github.triggering_actor }} does not have permissions on this repo."
+            echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+            echo "Job originally triggered by ${{ github.actor }}"
+            exit 1
+        - name: Checkout code
+          uses: actions/checkout@v3
+          with:
+            ref: ${{  github.event.pull_request.head.sha }} # This is dangerous without the first access check
         - name: Send Discord notification
           shell: bash
           env: