adds gh token permissions and improves warning comment

canonical · Mar 12, 2024 · 5b7cd39 · 5b7cd39
1 parent 5a9efec
commit 5b7cd39
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/.github/workflows/dependabot_pr.yaml b/.github/workflows/dependabot_pr.yaml
@@ -3,6 +3,9 @@ name: "Dependabot Auto Approve and Merge"
 on:
   pull_request:
 
+permissions:
+  pull-requests: write
+
 jobs:
   auto-merge:
     runs-on: ubuntu-latest
@@ -14,7 +17,7 @@ jobs:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
      # This step will allow Github to auto-merge the PR if branch protection rules are satisfied.
-     # Branch protection rules should require status checks to pass before merging.
+     # Branch protection rules should require status checks to pass before merging including all required workflows.
       - name: Enable auto-merge
         run: gh pr merge --auto --merge "$PR_URL"
         env: