diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 68693fe29ce04..b36f2cb9ea45a 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -34,6 +34,17 @@ permissions:
   pull-requests: write # needed for commenting on PRs
 
 jobs:
+  check_membership:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if actor is a member
+        run: |
+          set -euo pipefail
+          response=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/orgs/coder/members/${{ github.actor }}")
+          if [[ "$response" == "404" ]]; then
+            echo "Error: Only members of the coder organization can trigger this workflow."
+            exit 1
+          fi
   check_pr:
     runs-on: ubuntu-latest
     outputs:
@@ -47,8 +58,8 @@ jobs:
         run: |
           set -euo pipefail
           pr_open=true
-          if [[ "$(gh pr view --json state | jq -r '.state')" != "OPEN" ]]; then
-            echo "PR doesn't exist or is closed."
+          if [[ "$(gh pr list --repo=coder/coder -H $(git rev-parse --abbrev-ref HEAD) --json state --jq '.[].state')" != "OPEN" ]]; then
+            >&2 echo "PR doesn't exist or is closed."
             pr_open=false
           fi
           echo "pr_open=$pr_open" >> $GITHUB_OUTPUT
diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
index babd2e77cb75c..daaaba1a34397 100755
--- a/scripts/deploy-pr.sh
+++ b/scripts/deploy-pr.sh
@@ -71,8 +71,8 @@ fi
 gh_auth
 
 # get branch name and pr number
-branchName=$(gh pr view --json headRefName | jq -r .headRefName)
-prNumber=$(gh pr view --json number | jq -r .number)
+branchName=$(git rev-parse --abbrev-ref HEAD)
+prNumber=$(gh pr list --repo=coder/coder -H ${branchName} --json number --jq '.[].number')
 
 if [[ "$dryRun" = true ]]; then
 	echo "dry run"