Questions about PR workflows and actions/checkout@v2

Hi,

I have 2 questions about GitHub Actions:

  1. Could someone please explain to me how actions/checkout@v2 works for pull requests as this seem unclear to me. If my workflow yml looks like this:
on:
  pull_request:
    branches: [master]

...

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.sha }}

Any pull request to master branch will checkout the branch that triggered the workflow and run the rest of the workflow (tests) on that branch.
But, what is the default behaviour for PR if I leave it like this (skipping the with: ref: part):

steps:
      - name: Checkout repository
        uses: actions/checkout@v2

Will it checkout and run tests on the branch that triggered the PR as well? If so, is there any reason/adventage to being more specific and adding with: ref:?

  1. Is there any particular way of limiting branches that can create a PR to protected branch? Let’s say to allow Dev -> Master, but not random branch -> Master?
  1. The default ref of actions/checkout@v2 is to the reference or SHA for that event. The GITHUB_REF of pull request event is the PR merge branch. So if you doesn’t specify with ref part, it checks out the merged source code.
    github.event.pull_request.head.sha points to the pushed commit of the pull request, it is on the PR source branch.
  2. As far as I know, there is no way to prevent a specific branch merge to master.

Oh, so it creates what would be the final outcome of the PR after approval and runs the tests (or whatever else is specified in the workflow) against that?

Fantastic, thank you for the clarification.

Yeah, using the default ref matches the normal scenario to build PR merged code.
I forget to attach this screenshot in my above comment. Add it here: