Many workflows use github.actor or github.triggering_actor to check if a specific bot (such as Dependabot or Renovate) triggered the workflow, and then bypass security checks or perform privileged actions. However, github.actor refers to the last actor to perform an "action" on the triggering context, not necessarily the actor that actually caused the trigger.
An attacker can exploit this by creating a pull request where the workflow run's github.actor is 'dependabot[bot]' (for example, because Dependabot was the latest actor on the PR), but the branch contains attacker-controlled code, bypassing the actor check.
Instead of checking github.actor, use a context that refers to the actor who created the triggering event. For pull_request_target workflows, use github.event.pull_request.user.login. For issue_comment workflows, use github.event.comment.user.login.
More generally, consider whether a bot-bypass check is the right approach. GitHub's documentation recommends not using pull_request_target for auto-merge workflows.
on: pull_request_target
jobs:
automerge:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}on: pull_request_target
jobs:
automerge:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]'
steps:
- run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}- Synacktiv: GitHub Actions exploitations: Dependabot.
- GitHub Docs: Automating Dependabot with GitHub Actions.
- Zizmor: bot-conditions.