From 2b05d42bfcf1df7d374431af8ec3d9f7f363f6e6 Mon Sep 17 00:00:00 2001
From: Colin Dean <colindean@users.noreply.github.com>
Date: Wed, 20 Aug 2025 12:41:39 -0400
Subject: [PATCH] Check github.repository in actor check for dependabot run

Per https://docs.zizmor.sh/audits/#bot-conditions
---
 .github/workflows/dependabot-automerge.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-automerge.yaml b/.github/workflows/dependabot-automerge.yaml
index 25864d6..498fe29 100644
--- a/.github/workflows/dependabot-automerge.yaml
+++ b/.github/workflows/dependabot-automerge.yaml
@@ -8,7 +8,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: github.actor == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     steps:
       - name: Dependabot metadata
         id: metadata