Skip to content

Commit 91de234

Browse files
committed
Fix auto-merge: use pull_request_target to get workflows:write permission
Dependabot-triggered pull_request events get read-only GITHUB_TOKEN regardless of the permissions block, so workflows:write had no effect. Using pull_request_target runs in base-branch context with full permissions, which allows merging PRs that modify workflow files.
1 parent d23491e commit 91de234

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/dependabot-auto-merge.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
name: Auto Merge Dependabot
1010

1111
on:
12-
pull_request:
12+
pull_request_target:
1313

1414
permissions:
1515
contents: write

0 commit comments

Comments
 (0)