From 15a170a1401119f5503ab625991de357490c7a17 Mon Sep 17 00:00:00 2001
From: Adam Dangoor <adamdangoor@gmail.com>
Date: Tue, 17 Mar 2026 09:13:30 +0000
Subject: [PATCH] fix: use pull_request.user.login instead of github.actor for
 bot check (fixes adamtheturtle/literalizer#146)

Made-with: Cursor
---
 .github/workflows/dependabot-merge.yml | 2 +-
 zizmor.yml                             | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/dependabot-merge.yml b/.github/workflows/dependabot-merge.yml
index f2437640..69fa5303 100644
--- a/.github/workflows/dependabot-merge.yml
+++ b/.github/workflows/dependabot-merge.yml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
       - name: Enable auto-merge for Dependabot PRs
         run: gh pr merge --auto --merge "$PR_URL"
diff --git a/zizmor.yml b/zizmor.yml
index 863db345..ce05fe5e 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -4,8 +4,6 @@ rules:
     disable: true
   cache-poisoning:
     disable: true
-  bot-conditions:
-    disable: true
   dependabot-cooldown:
     disable: true
   superfluous-actions: