Set correct permissions for dependabot auto-merge

NexusPHP · Nov 21, 2022 · f99eec3 · f99eec3
1 parent 65ec34c
commit f99eec3
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/.github/workflows/automerge-dependabot.yml b/.github/workflows/automerge-dependabot.yml
@@ -2,20 +2,20 @@ name: Auto-Merge Dependabot Updates
 
 on:
   pull_request:
-    types:
-      - opened
-      - synchronize
+
+permissions:
+  pull-requests: write
 
 jobs:
   automerge:
     name: Enable Auto-Merge for Dependabot
-    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.actor == 'dependabot[bot]'
     runs-on: ubuntu-22.04
 
     steps:
       - name: Enable auto-merge
         uses: peter-evans/enable-pull-request-automerge@v2
         with:
-          token: ${{ secrets.ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           pull-request-number: ${{ github.event.pull_request.number }}
           merge-method: squash