From 323ad63c24a61e822fe12f031a2babfe1157555e Mon Sep 17 00:00:00 2001
From: Phillip Verheyden <pverheyden@gmail.com>
Date: Fri, 25 Feb 2022 18:19:12 -0600
Subject: [PATCH] Use github.actor for validating Dependabot auto-merge

Using the user associated to the original PR creation prevents any other user from adding additional commits on top of a Dependabot PR as the action will fail during the fetch-metadata step
---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 82c6a6ce..13e026af 100644
--- a/README.md
+++ b/README.md
@@ -83,7 +83,7 @@ jobs:
   dependabot:
     runs-on: ubuntu-latest
     # Checking the author will prevent your Action run failing on non-Dependabot PRs
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
@@ -113,7 +113,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
@@ -144,7 +144,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata