Merge pull request #228 from target/safen-automerge

colindean · web-flow · commit 5d24726da96a · 2026-03-13T10:47:20.000-04:00
Use safer way to determine login for dependabot bot automerge
diff --git a/.github/workflows/dependabot-automerge.yaml b/.github/workflows/dependabot-automerge.yaml
@@ -8,7 +8,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     steps:
       - name: Dependabot metadata
         id: metadata
