From df1504f51b38794208efd20416c3b1221d5ffc85 Mon Sep 17 00:00:00 2001
From: Eddie A Tejeda <669988+eddietejeda@users.noreply.github.com>
Date: Mon, 1 Jun 2026 18:56:34 -0700
Subject: [PATCH] fix: use pull_request.user.login instead of github.actor for
 Dependabot check

github.actor is set to the workflow runner identity (github-actions[bot])
in org-required workflows, not the PR author. Switch to
github.event.pull_request.user.login which always reflects who opened the PR.
---
 .github/workflows/claude-pr-review.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml
index b2c1fb0..4d3d78b 100644
--- a/.github/workflows/claude-pr-review.yml
+++ b/.github/workflows/claude-pr-review.yml
@@ -23,13 +23,13 @@ jobs:
           fetch-depth: 1
 
       - name: Auto-approve Dependabot bump
-        if: github.actor == 'dependabot[bot]'
+        if: github.event.pull_request.user.login == 'dependabot[bot]'
         run: gh pr review ${{ github.event.pull_request.number }} --approve --body "Automated dependency bump — auto-approved."
         env:
           GH_TOKEN: ${{ github.token }}
 
       - name: Generate GitHub App token
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: app-token
         uses: actions/create-github-app-token@v3.2.0
         with:
@@ -38,7 +38,7 @@ jobs:
           owner: hotdata-dev
 
       - uses: actions/checkout@v6.0.2
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         with:
           repository: hotdata-dev/github-workflows
           ref: main
@@ -48,7 +48,7 @@ jobs:
           sparse-checkout-cone-mode: false
 
       - name: Load review prompt
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: prompt
         run: |
           PROMPT=$(cat .github-workflows/docs/claude-pr-review-prompt.md)
@@ -57,11 +57,11 @@ jobs:
           echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Verify jq is available
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         run: jq --version
 
       - name: Gather review context
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: context
         run: |
           PR_NUMBER=${{ github.event.pull_request.number }}
@@ -96,7 +96,7 @@ jobs:
           GH_TOKEN: ${{ github.token }}
 
       - uses: anthropics/claude-code-action@v1
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: review
         continue-on-error: true
         with:
@@ -119,7 +119,7 @@ jobs:
             --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr review:*),Read"
 
       - name: Notify on review failure
-        if: github.actor != 'dependabot[bot]' && (steps.review.outcome == 'failure' || steps.review.outcome == 'cancelled')
+        if: github.event.pull_request.user.login != 'dependabot[bot]' && (steps.review.outcome == 'failure' || steps.review.outcome == 'cancelled')
         run: gh pr comment ${{ github.event.pull_request.number }} --body "Automated review unavailable (Claude step failed). Please review manually."
         env:
           GH_TOKEN: ${{ github.token }}