As far as we can tell, there's no good way to turn off deployment
request notifications. This removes automatic pkg.pr.new builds for
commits not pushed directly to the svelte repository, meaning forks'
commits will have to be manually requested through the GitHub Actions
UI. It also makes the drive-by change of deriving the PR number from the
commit, which technically is a "breaking change" because there _could_
be multiple PRs associated with a commit... but let's just not do that
and we'll be okay.
# This job determines the environment to use for the build job. It ensures that:
# - For pushes to main, we use the "Publish pkg.pr.new (maintainers)" environment.
# - For PRs from the same repository, we also use the "Publish pkg.pr.new (maintainers)" environment, since these are trusted.
# - For PRs from forks, we use the "Publish pkg.pr.new (external contributors)" environment, which requires manual approval by a maintainer before the build job can run.
# This protects us from running untrusted code while still allowing external contributors to use pkg.pr.new.