Commit 91de234
committed
Fix auto-merge: use pull_request_target to get workflows:write permission
Dependabot-triggered pull_request events get read-only GITHUB_TOKEN
regardless of the permissions block, so workflows:write had no effect.
Using pull_request_target runs in base-branch context with full permissions,
which allows merging PRs that modify workflow files.1 parent d23491e commit 91de234
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
| |||
0 commit comments