From 52cdc712c1ba80499eb5813a5cddf2e08b3bfbc1 Mon Sep 17 00:00:00 2001
From: John Andersen <john.s.andersen@intel.com>
Date: Fri, 12 Jul 2024 08:52:11 -0700
Subject: [PATCH] ci: pr auto approve: Validate event sender

---
 .github/workflows/00_pr_auto_approve.yml | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/00_pr_auto_approve.yml b/.github/workflows/00_pr_auto_approve.yml
index 5b70ab065d..d4c75138a2 100644
--- a/.github/workflows/00_pr_auto_approve.yml
+++ b/.github/workflows/00_pr_auto_approve.yml
@@ -35,12 +35,8 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
-    # if: ${{ github.event_name == 'repository_dispatch' && contains(fromJson('["dependabot[bot]", "github-actions[bot]", "pdxjohnny"]'), github.event.actor) }}
-    if: github.event_name != 'pull_request_review'
+    if: ${{ github.event_name == 'repository_dispatch' && contains(fromJson('["github-actions[bot]", "pdxjohnny"]'), github.event.sender.login) && contains(fromJson('["dependabot[bot]", "github-actions[bot]", "pdxjohnny"]'), github.event.client_payload.actor) }}
     steps:
-      - shell: cat -v {0}
-        run: ${{ toJSON(github.event) }}
-
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
@@ -49,11 +45,11 @@ jobs:
       - uses: hmarr/auto-approve-action@8f929096a962e83ccdfa8afcf855f39f12d4dac7 # v4
         with:
           review-message: "LGTM"
-          pull-request-number: ${{ github.event.pull_request.number }}
+          pull-request-number: ${{ github.event.client_payload.pull_request.number }}
 
       - env:
           GH_TOKEN: ${{ github.token }}
-          PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
+          PULL_REQUEST_NUMBER: ${{ github.event.client_payload.pull_request.number }}
         run: |
           set -x
           gh pr merge --rebase "${PULL_REQUEST_NUMBER}"