From 5ba8a7e5d0edc496a1a4eba89351373601667d41 Mon Sep 17 00:00:00 2001
From: eifinger-bot <bot.stillhammer@gmail.com>
Date: Sat, 7 Mar 2026 11:21:46 +0100
Subject: [PATCH] Fix: check PR author instead of event sender for Dependabot
 detection (#787)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous implementation checked `github.event.sender.login`, which
is whoever triggered the event (e.g., someone closing/reopening the PR).

This fixes it to check `github.event.pull_request.user.login` instead —
the PR author — so the workflow runs correctly whenever a
Dependabot-created PR is opened, synchronized, or reopened.
---
 .github/workflows/dependabot-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml
index d0a51d3..6d6dcc5 100644
--- a/.github/workflows/dependabot-build.yml
+++ b/.github/workflows/dependabot-build.yml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
-    if: github.event.sender.login == 'dependabot[bot]' && github.event.sender.type == 'Bot'
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
       - name: Checkout PR branch
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2