[ci,tidy] run on pull request

* add required permission

.github/workflows/clang-tidy.yml

@@ -8,7 +8,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+    - uses: suzuki-shunsuke/get-pr-action@v0.1.0
+      id: pr
     - uses: actions/checkout@v4
+      with:
+        ref: ${{fromJSON(steps.pr.outputs.result).merge_commit_sha}}
 
     # Run clang-tidy
     - uses: ZedThree/clang-tidy-review@v0.17.1

.github/workflows/codeql-analysis.yml

@@ -36,8 +36,11 @@ jobs:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+    - uses: suzuki-shunsuke/get-pr-action@v0.1.0
+      id: pr
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{fromJSON(steps.pr.outputs.result).merge_commit_sha}}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/fuzzing.yml

@@ -18,6 +18,12 @@ jobs:
         sanitizer: [address]
 
     steps:
+      - uses: suzuki-shunsuke/get-pr-action@v0.1.0
+        id: pr
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{fromJSON(steps.pr.outputs.result).merge_commit_sha}}
+
       - name: Build fuzzers (${{ matrix.sanitizer }})
         id: build
         uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master