Security fix for dependabot auto merge

scala-steward-org · Jan 6, 2025 · 6a0656e · 6a0656e
1 parent b2ce4e0
commit 6a0656e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   auto-merge:
-    if: github.actor == 'dependabot[bot]'
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'scala-steward-org/scala-steward-action' }}
     runs-on: ubuntu-latest
     steps:
       - name: Auto-merge Dependabot PRs