Skip to content

Commit 2f53257

Browse files
felipecrsfelipecrs
authored
Remove unneeded permission in auto-merge example
And simplify the workflow a little.
1 parent a56def2 commit 2f53257

File tree

1 file changed

+4
-6
lines changed

1 file changed

+4
-6
lines changed

content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -465,21 +465,20 @@ name: Dependabot auto-merge
465465
on: pull_request_target
466466
467467
permissions:
468-
pull-requests: write
469468
contents: write
470469
471470
jobs:
472471
dependabot:
473472
runs-on: ubuntu-latest
474-
if: ${{ github.actor == 'dependabot[bot]' }}
473+
if: github.actor == 'dependabot[bot]'
475474
steps:
476475
- name: Dependabot metadata
477476
id: dependabot-metadata
478477
uses: dependabot/[email protected]
479478
with:
480479
github-token: "${{ secrets.GITHUB_TOKEN }}"
481480
- name: Enable auto-merge for Dependabot PRs
482-
if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'my-dependency') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
481+
if: contains(steps.dependabot-metadata.outputs.dependency-names, 'my-dependency') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'
483482
run: gh pr merge --auto --merge "$PR_URL"
484483
env:
485484
PR_URL: ${{github.event.pull_request.html_url}}
@@ -497,21 +496,20 @@ name: Dependabot auto-merge
497496
on: pull_request
498497
499498
permissions:
500-
pull-requests: write
501499
contents: write
502500
503501
jobs:
504502
dependabot:
505503
runs-on: ubuntu-latest
506-
if: ${{ github.actor == 'dependabot[bot]' }}
504+
if: github.actor == 'dependabot[bot]'
507505
steps:
508506
- name: Dependabot metadata
509507
id: metadata
510508
uses: dependabot/[email protected]
511509
with:
512510
github-token: "${{ secrets.GITHUB_TOKEN }}"
513511
- name: Enable auto-merge for Dependabot PRs
514-
if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
512+
if: contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'
515513
run: gh pr merge --auto --merge "$PR_URL"
516514
env:
517515
PR_URL: ${{github.event.pull_request.html_url}}

0 commit comments

Comments
 (0)