Dependabot: Avoid PAT for automerge

solectrus · Jun 20, 2024 · 2578d72 · 2578d72
1 parent e01f4dd
commit 2578d72
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -1,5 +1,5 @@
 name: Dependabot auto-merge
-on: pull_request_target
+on: pull_request
 
 permissions:
  contents: write
@@ -8,17 +8,17 @@ permissions:
 jobs:
  dependabot:
  runs-on: ubuntu-latest
- if: ${{ github.actor == 'dependabot[bot]' }}
+ if: github.actor == 'dependabot[bot]'
  steps:
  - name: Dependabot metadata
  id: metadata
  uses: dependabot/[email protected]
  with:
- github-token: '${{ secrets.PAT }}'
+ github-token: '${{ secrets.GITHUB_TOKEN }}'
 
  - name: Enable auto-merge for Dependabot PRs
- if: ${{ steps.metadata.outputs.update-type != 'version-update:semver-major' }}
+ if: steps.metadata.outputs.update-type != 'version-update:semver-major'
  run: gh pr merge --auto --squash "$PR_URL"
  env:
  PR_URL: ${{github.event.pull_request.html_url}}
- GITHUB_TOKEN: ${{secrets.PAT}}
+ GH_TOKEN: ${{secrets.GITHUB_TOKEN}}