Updating dependabot-approve-merge.yml workflow from template

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

1 files changed, 12 insertions, 5 deletions

diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml
index 53ccf2ca..0d6e3434 100644
--- a/.github/workflows/dependabot-approve-merge.yml
+++ b/.github/workflows/dependabot-approve-merge.yml
@@ -7,23 +7,30 @@ name: Dependabot
 
 on:
   pull_request_target:
-     branches:
+    branches:
       - main
+      - master
       - stable*
 
+permissions:
+  contents: read
+
 jobs:
-  auto-merge:
+  auto-approve-merge:
+    if: github.actor == 'dependabot[bot]'
     runs-on: ubuntu-latest
+    permissions:
+      # for hmarr/auto-approve-action to approve PRs
+      pull-requests: write 
+
     steps:
-      # Default github action approve
+      # Github actions bot approve
       - uses: hmarr/auto-approve-action@v2
-        if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       # Nextcloud bot approve and merge request
       - uses: ahmadnassri/action-dependabot-auto-merge@v2
-        if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
         with:
           target: minor
           github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}