diff --git a/.github/actions/get-merge-commit/action.yml b/.github/actions/get-merge-commit/action.yml
index 3766ad4f4ea0..aec17bf76858 100644
--- a/.github/actions/get-merge-commit/action.yml
+++ b/.github/actions/get-merge-commit/action.yml
@@ -3,9 +3,15 @@ name: Get merge commit
 description: 'Checks whether the Pull Request is mergeable and checks out the repo at up to two commits: The result of a temporary merge of the head branch into the target branch ("merged"), and the parent of that commit on the target branch ("target"). Handles push events and merge conflicts gracefully.'
 
 inputs:
+  mergedSha:
+    description: "The merge commit SHA, previously collected."
+    type: string
   merged-as-untrusted:
     description: "Whether to checkout the merge commit in the ./untrusted folder."
     type: boolean
+  targetSha:
+    description: "The target commit SHA, previously collected."
+    type: string
   target-as-trusted:
     description: "Whether to checkout the target commit in the ./trusted folder."
     type: boolean
@@ -22,6 +28,7 @@ runs:
   using: composite
   steps:
     - id: commits
+      if: ${{ !inputs.mergedSha && !inputs.targetSha }}
       uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
       with:
         script: |
@@ -72,17 +79,17 @@ runs:
           }
           throw new Error("Not retrying anymore. It's likely that GitHub is having internal issues: check https://www.githubstatus.com.")
 
-    - if: inputs.merged-as-untrusted && steps.commits.outputs.mergedSha
+    - if: inputs.merged-as-untrusted && (inputs.mergedSha || steps.commits.outputs.mergedSha)
       # Would be great to do the checkouts in git worktrees of the existing spare checkout instead,
       # but Nix is broken with them:
       # https://github.com/NixOS/nix/issues/6073
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
-        ref: ${{ steps.commits.outputs.mergedSha }}
+        ref: ${{ inputs.mergedSha || steps.commits.outputs.mergedSha }}
         path: untrusted
 
-    - if: inputs.target-as-trusted && steps.commits.outputs.targetSha
+    - if: inputs.target-as-trusted && (inputs.targetSha || steps.commits.outputs.targetSha)
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
-        ref: ${{ steps.commits.outputs.targetSha }}
+        ref: ${{ inputs.targetSha || steps.commits.outputs.targetSha }}
         path: trusted
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 897bde43b645..594081924604 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,6 +2,10 @@ name: Build
 
 on:
   workflow_call:
+    inputs:
+      mergedSha:
+        required: true
+        type: string
     secrets:
       CACHIX_AUTH_TOKEN:
         required: true
@@ -39,6 +43,7 @@ jobs:
       - name: Check if the PR can be merged and checkout the merge commit
         uses: ./.github/actions/get-merge-commit
         with:
+          mergedSha: ${{ inputs.mergedSha }}
           merged-as-untrusted: true
 
       - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 19540306148a..4bf917d800db 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -2,6 +2,13 @@ name: Lint
 
 on:
   workflow_call:
+    inputs:
+      mergedSha:
+        required: true
+        type: string
+      targetSha:
+        required: true
+        type: string
 
 permissions: {}
 
@@ -19,6 +26,7 @@ jobs:
       - name: Check if the PR can be merged and checkout the merge commit
         uses: ./.github/actions/get-merge-commit
         with:
+          mergedSha: ${{ inputs.mergedSha }}
           merged-as-untrusted: true
 
       - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
@@ -50,6 +58,7 @@ jobs:
       - name: Check if the PR can be merged and checkout the merge commit
         uses: ./.github/actions/get-merge-commit
         with:
+          mergedSha: ${{ inputs.mergedSha }}
           merged-as-untrusted: true
 
       - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
@@ -72,7 +81,9 @@ jobs:
       - name: Check if the PR can be merged and checkout merged and target commits
         uses: ./.github/actions/get-merge-commit
         with:
+          mergedSha: ${{ inputs.mergedSha }}
           merged-as-untrusted: true
+          targetSha: ${{ inputs.targetSha }}
           target-as-trusted: true
 
       - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index df2573b39414..51828270178f 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -48,7 +48,11 @@ jobs:
 
   lint:
     name: Lint
+    needs: [prepare]
     uses: ./.github/workflows/lint.yml
+    with:
+      mergedSha: ${{ needs.prepare.outputs.mergedSha }}
+      targetSha: ${{ needs.prepare.outputs.targetSha }}
 
   eval:
     name: Eval
@@ -68,6 +72,9 @@ jobs:
 
   build:
     name: Build
+    needs: [prepare]
     uses: ./.github/workflows/build.yml
     secrets:
       CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+    with:
+      mergedSha: ${{ needs.prepare.outputs.mergedSha }}