My repository has dependabot alerts enabled. I have protected the main branch to only allow pull requests to be merged if status checks are successful. I want to merge pull requests by dependabot automatically after all the status checks are passed.
When using pascalgn/automerge-action to merge a pull request that has its status checks completed, I am getting the error: Failed to merge PR: Resource not accessible by integration
I did some googling and found out that dependabot triggered workflow runs are not run using the given permissions ie. the workflow runs are running with basic permissions and cannot merge pull requests. I tried creating a Personal Access Token to prevent this situation but that too does not work. I found that this is because workflows triggered by pull requests does not run using the PAT provided.
Are there any working fixes to this problem?