CI Builds - again

[stylesuxx]

Since we are now running on the pull_request_target event, wrong builds are attached to PRs since it will always build the head against which it is running - not against the actual changes.

So, the workflow needs to be more complex, checking out the actual PR it is being triggered from and building that...

[stylesuxx]

To solve this in a way where anyone's PRs can be built there are two options:

Option 1

We need to make sure that the following conditions are met:

• Build action has access to repo secrets (fulfilled by: pull_request_target)
• Build action has access to the code from the PR, but won't use build tools from the PR - only the source, otherwise secrets might be easily leaked (TODO)

To achieve this, we would need to move the whole source files into their own directory, leaving the build tools outside. This would allow us To build from the target branch, pull in the changed source, swap it out and build.

This would limit us in the following way:

• Changes to the build system will not be verified as part of the PR, thus resulting names for the hex files might be messed up.

Option 2

We would need to get rid of the password protected build env - I personally would not prefer to do that.

[stylesuxx]

With the refactored code structure we can now easily swap src directory with the one from the potential PR and build without having to think about anything else.