From 47487f05cdc2816c25fb1ec5bbd56c7ca67413d6 Mon Sep 17 00:00:00 2001
From: John Andersen <john.s.andersen@intel.com>
Date: Fri, 12 Jul 2024 08:51:10 -0700
Subject: [PATCH 1/2] ci: pr auto approve: Validate event sender

---
 .github/workflows/00_pr_auto_approve.yml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/00_pr_auto_approve.yml b/.github/workflows/00_pr_auto_approve.yml
index 5b70ab065d..a43e84ba24 100644
--- a/.github/workflows/00_pr_auto_approve.yml
+++ b/.github/workflows/00_pr_auto_approve.yml
@@ -32,15 +32,11 @@ jobs:
             }
 
   approve-pr:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest  q
     permissions:
       pull-requests: write
-    # if: ${{ github.event_name == 'repository_dispatch' && contains(fromJson('["dependabot[bot]", "github-actions[bot]", "pdxjohnny"]'), github.event.actor) }}
-    if: github.event_name != 'pull_request_review'
+    if: ${{ github.event_name == 'repository_dispatch' && contains(fromJson('["github-actions[bot]", "pdxjohnny"]'), github.event.sender.login) && contains(fromJson('["dependabot[bot]", "github-actions[bot]", "pdxjohnny"]'), github.event.client_payload.actor) }}
     steps:
-      - shell: cat -v {0}
-        run: ${{ toJSON(github.event) }}
-
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
@@ -49,11 +45,11 @@ jobs:
       - uses: hmarr/auto-approve-action@8f929096a962e83ccdfa8afcf855f39f12d4dac7 # v4
         with:
           review-message: "LGTM"
-          pull-request-number: ${{ github.event.pull_request.number }}
+          pull-request-number: ${{ github.event.client_payload.pull_request.number }}
 
       - env:
           GH_TOKEN: ${{ github.token }}
-          PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
+          PULL_REQUEST_NUMBER: ${{ github.event.client_payload.pull_request.number }}
         run: |
           set -x
           gh pr merge --rebase "${PULL_REQUEST_NUMBER}"

From 99df4a02d8b71a433539fff00a9902484714a2df Mon Sep 17 00:00:00 2001
From: John Andersen <john.s.andersen@intel.com>
Date: Fri, 12 Jul 2024 08:51:32 -0700
Subject: [PATCH 2/2] Update .github/workflows/00_pr_auto_approve.yml

---
 .github/workflows/00_pr_auto_approve.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/00_pr_auto_approve.yml b/.github/workflows/00_pr_auto_approve.yml
index a43e84ba24..d4c75138a2 100644
--- a/.github/workflows/00_pr_auto_approve.yml
+++ b/.github/workflows/00_pr_auto_approve.yml
@@ -32,7 +32,7 @@ jobs:
             }
 
   approve-pr:
-    runs-on: ubuntu-latest  q
+    runs-on: ubuntu-latest
     permissions:
       pull-requests: write
     if: ${{ github.event_name == 'repository_dispatch' && contains(fromJson('["github-actions[bot]", "pdxjohnny"]'), github.event.sender.login) && contains(fromJson('["dependabot[bot]", "github-actions[bot]", "pdxjohnny"]'), github.event.client_payload.actor) }}