Fix Commit Injection from dependency bot automerge workflow

Jean-Philippe Zolesio · Jean-Philippe Zolesio · commit fa8017264a9e · 2025-02-12T12:45:05.000-08:00
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -9,7 +9,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: ${{ github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'adobe/css-tools'}}
     steps:
       - name: Dependabot metadata
         id: metadata
