diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fb00051b..c743cf8e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,6 +4,10 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
+  workflow_run:
+    workflows: ["Dependabot Deploy Check"]
+    types: 
+      - completed
 
 jobs:
   build:
diff --git a/.github/workflows/dependabot-deploy-check.yml b/.github/workflows/dependabot-deploy-check.yml
new file mode 100644
index 00000000..bf9c5ab5
--- /dev/null
+++ b/.github/workflows/dependabot-deploy-check.yml
@@ -0,0 +1,15 @@
+# https://github.com/dependabot/dependabot-core/issues/3253#issuecomment-852541544
+# This workflow doesn't have access to secrets and has a read-only token
+# It will trigger `deploy`, which has permissions
+name: Dependabot Deploy Check
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  check-dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - run: echo "Commit created by Dependabot"