From 6b541e4ebc75c706865fcf093421dc355f86937d Mon Sep 17 00:00:00 2001
From: skye rogers <skyero@amazon.com>
Date: Thu, 27 Mar 2025 09:56:52 -0700
Subject: [PATCH] added dependabot checker, fixed cvss check logic

---
 .github/workflows/maven.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index eec362fa..41315db5 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -16,7 +16,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    # if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
       - name: Dependabot metadata
         id: metadata
@@ -25,8 +25,7 @@ jobs:
           alert-lookup: true
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
-        # if: steps.metadata.outputs.update-type != 'version-update:semver-major' && cvss level > 0
-        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss < 0.1
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss > 0
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}