ci(mkdocs): Refine documentation workflow push conditions and simplify checkout

Restrict automatic documentation updates to non-main branches on push and same-repository pull requests, enhancing control and security.

Author: arturcic

.github/workflows/mkdocs.yml

@@ -40,11 +40,10 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v6
-        if: github.event_name == 'push'
-      -
-        name: Checkout
-        uses: actions/checkout@v6
-        if: github.event_name == 'pull_request'
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
+          fetch-depth: 0
+          token: ${{ github.token }}
       -
         name: Setup .NET SDK
         uses: actions/setup-dotnet@v5
@@ -69,4 +68,8 @@ jobs:
           git config user.email '[email protected]'
           git commit -m 'Docs changes' --allow-empty
           git push --force
-        if: steps.status.outputs.has_changes == '1' && github.event_name == 'push'
+        if: >
+          steps.status.outputs.has_changes == '1' && (
+            (github.event_name == 'push' && github.ref_name != 'main') ||
+            (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
+          )