diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1e760ead55..499072e9ae 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -34,26 +34,10 @@ jobs:
       pull-requests: read
     steps:
 
-      - name: Get User Permission
-        id: checkAccess
-        uses: actions-cool/check-user-permission@v2
-        with:
-          require: write
-          username: ${{ github.triggering_actor }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Check User Permission
-        if: steps.checkAccess.outputs.require-result == 'false'
-        run: |
-          echo "${{ github.triggering_actor }} does not have permissions on this repo."
-          echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
-          echo "Job originally triggered by ${{ github.actor }}"
-          exit 1
-
       - name: Checkout current commit
         uses: actions/checkout@v4
         with:
-          ref: ${{  github.event.pull_request.head.sha }}
+          ref: ${{ env.HEAD_COMMIT }}
           fetch-depth: 2
 
       - name: Output GitHub context
@@ -61,21 +45,6 @@ jobs:
         env:
           GITHUB_CONTEXT: ${{ toJson(github) }}
 
-      - name: Check Secret
-        run: |
-          if [[ "x${{ secrets.TEST_SECRET }}" == "xhello" ]]; then
-            echo "Access to secrets"
-          else
-            echo "No access to secrets"
-            exit 1
-          fi
-
-
-      - name: Validate input
-        run: |
-          [[ "${{ secrets.TEST_SECRET }}" ]] || { echo "Missing Test token"; }
-          [[ "${{ secrets.NPM_TOKEN }}" ]] || { echo "Missing NPM token"; }
-          [[ "${{ secrets.TB_ADMIN_TOKEN }}" ]] || { echo "Missing admin token";  }
 
       - name: Get metadata (push)
         if: github.event_name == 'push'
@@ -978,17 +947,42 @@ jobs:
     if: needs.job_setup.outputs.changed_tinybird == 'true'
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Get User Permission
+        id: checkAccess
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Check User Permission
+        if: steps.checkAccess.outputs.require-result == 'false'
+        run: |
+          echo "${{ github.triggering_actor }} does not have permissions on this repo."
+          echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+          echo "Job originally triggered by ${{ github.actor }}"
+          exit 1
+
+      - name: Checkout current commit
+        uses: actions/checkout@v4
+        with:
+          ref: ${{  github.event.pull_request.head.sha }}
+          fetch-depth: 2
+
       - uses: actions/setup-python@v5
         with:
           python-version: "3.11"
           architecture: "x64"
           cache: 'pip'
 
-      - name: Validate input
+      - name: Check Secret
         run: |
-          [[ "${{ secrets.TB_ADMIN_TOKEN }}" ]] || { echo "Missing TB_ADMIN_TOKEN"; exit 1; }
-          [[ "${{ secrets.TB_HOST }}" ]] || { echo "Missing TB_HOST"; exit 1; }
+          if [[ -z "${{ secrets.TEST_SECRET }}" ]]; then
+            echo "No access to secrets"
+            exit 1
+          else
+            echo "Access to secrets"
+          fi
 
       - name: Set environment variables
         run: |