diff --git a/.github/workflows/ok-to-test.yml b/.github/workflows/ok-to-test.yml
index 4af96b6..7d04fee 100644
--- a/.github/workflows/ok-to-test.yml
+++ b/.github/workflows/ok-to-test.yml
@@ -11,17 +11,6 @@ jobs:
     # Only run for PRs, not issue comments
     if: ${{ github.event.issue.pull_request }}
     steps:
-    # Generate a GitHub App installation access token from an App ID and private key
-    # To create a new GitHub App:
-    #   https://developer.github.com/apps/building-github-apps/creating-a-github-app/
-    # See app.yml for an example app manifest
-    - name: Generate token
-      id: generate_token
-      uses: tibdex/github-app-token@v1
-      with:
-        app_id: ${{ secrets.APP_ID }}
-        private_key: ${{ secrets.PRIVATE_KEY }}
-
     - name: Slash Command Dispatch
       uses: peter-evans/slash-command-dispatch@v1
       env:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 78601c3..82bbcf0 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -62,7 +62,7 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   # Repo owner has commented /ok-to-test on a (fork-based) pull request
-  test-not-trusted:
+  tests-not-trusted:
     runs-on: ubuntu-latest
     if: github.event_name == 'repository_dispatch' &&
       github.event.client_payload.slash_command.sha != '' &&
@@ -74,6 +74,7 @@ jobs:
         with:
           # disable shallow clones for better sonarcloud accuracy
           fetch-depth: 0
+          ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
       - name: Set up Python
         uses: actions/setup-python@v2
         with: