Commit fa30114
committed
Fix auto-merge: use pull_request_target, least-privilege permissions
- Switch trigger to pull_request_target so GITHUB_TOKEN runs in base-branch
context with full permissions (pull_request gives read-only token for
Dependabot workflows since GitHub's 2021 security change)
- Drop workflows:write (not needed; merge only requires contents+pull-requests)
- Move permissions to job level (least privilege)
- Use github.event.pull_request.user.login instead of github.actor1 parent 91de234 commit fa30114
1 file changed
Lines changed: 6 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | | - | |
15 | | - | |
16 | | - | |
17 | | - | |
| 14 | + | |
18 | 15 | | |
19 | 16 | | |
20 | 17 | | |
| |||
23 | 20 | | |
24 | 21 | | |
25 | 22 | | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
26 | 27 | | |
27 | | - | |
| 28 | + | |
28 | 29 | | |
29 | 30 | | |
30 | 31 | | |
| |||
0 commit comments