Update dependabot-approve-merge.yml

Signed-off-by: Joas Schilling <[email protected]>
nextcloud · nickvergessen · Aug 3, 2022 · Aug 3, 2022 · Aug 3, 2022 · 36e1cb6c00aa59a605543726ce4c484a1c3fb6df
commit 36e1cb6c00aa59a605543726ce4c484a1c3fb6df
diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml
@@ -8,13 +8,20 @@ name: Dependabot
 on:
   pull_request_target:
     branches:
+      - main
       - master
       - stable*
 
+permissions:
+  contents: read
+
 jobs:
   auto-approve-merge:
     if: github.actor == 'dependabot[bot]'
     runs-on: ubuntu-latest
+    permissions:
+      # for hmarr/auto-approve-action to approve PRs
+      pull-requests: write 
 
     steps:
       # Github actions bot approve