# https://github.com/dependabot/dependabot-core/issues/1736
name: Dependabot
on: pull_request_target
permissions: read-all
jobs:
  update-lockfile:
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    permissions:
      pull-requests: write
      contents: write
    steps:
      - uses: pnpm/action-setup@v2
        with:
          version: ^7
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.ref }}
      - run: pnpm i --lockfile-only
      - run: |
          git config --global user.name github-actions[bot]
          git config --global user.email github-actions[bot]@users.noreply.github.com
          git add pnpm-lock.yaml
          git commit -m "Update pnpm-lock.yaml"
          git push