From 3068983f9681ee2881db0a63fa6faeec8963e324 Mon Sep 17 00:00:00 2001
From: Adam Dangoor <adamdangoor@gmail.com>
Date: Tue, 17 Mar 2026 09:14:21 +0000
Subject: [PATCH] fix: use pull_request.user.login instead of github.actor for
 bot check (fixes adamtheturtle/literalizer#146)

Made-with: Cursor
---
 .github/workflows/dependabot-merge.yml | 2 +-
 zizmor.yml                             | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/dependabot-merge.yml b/.github/workflows/dependabot-merge.yml
index 5238c9f68..8a1ac1844 100644
--- a/.github/workflows/dependabot-merge.yml
+++ b/.github/workflows/dependabot-merge.yml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
       - name: Dependabot metadata
         id: metadata
diff --git a/zizmor.yml b/zizmor.yml
index fab119cb0..29c9c99f6 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -4,8 +4,6 @@ rules:
     disable: true
   cache-poisoning:
     disable: true
-  bot-conditions:
-    disable: true
   dependabot-cooldown:
     disable: true
   superfluous-actions: