From 0202bec22797ed7c2c6f2b8c0c8b8914432218fc Mon Sep 17 00:00:00 2001
From: Yurii Motov <yurii.motov.monte@gmail.com>
Date: Fri, 29 May 2026 22:59:42 +0200
Subject: [PATCH 1/2] Allow modifying dependencies if PR opened from the same
 repo (not from fork)

---
 .github/workflows/guard-dependencies.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/guard-dependencies.yml b/.github/workflows/guard-dependencies.yml
index 11bbf09..8e5ecf3 100644
--- a/.github/workflows/guard-dependencies.yml
+++ b/.github/workflows/guard-dependencies.yml
@@ -24,11 +24,16 @@ jobs:
             const author = pr.user.login;
             const assoc = pr.author_association;
 
+            // Is PR branch in the same repo (not a fork)?
+            const sameRepo =
+              pr.head.repo != null && pr.head.repo.id === pr.base.repo.id;
+
             const botAllowlist = new Set(['dependabot[bot]']);
             const orgAuthorAssociations = new Set(['MEMBER', 'OWNER']);
 
             const allowed =
               botAllowlist.has(author) ||
+              sameRepo ||
               (assoc != null && orgAuthorAssociations.has(assoc));
 
             if (!allowed) {
@@ -48,5 +53,5 @@ jobs:
 
               core.setFailed('Dependency changes are restricted to organization members.');
             } else {
-              console.log(`Author ${author} (author_association=${assoc}) is allowed to make dependency changes.`);
+              console.log(`Author ${author} (author_association=${assoc}, sameRepo=${sameRepo}) is allowed to make dependency changes.`);
             }

From 2adfaf194317f91c0f31a0eab2d4c2bee72469f3 Mon Sep 17 00:00:00 2001
From: Yurii Motov <yurii.motov.monte@gmail.com>
Date: Fri, 29 May 2026 23:11:29 +0200
Subject: [PATCH 2/2] Remove redundant logic

---
 .github/workflows/guard-dependencies.yml | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/guard-dependencies.yml b/.github/workflows/guard-dependencies.yml
index 8e5ecf3..bb5c0b4 100644
--- a/.github/workflows/guard-dependencies.yml
+++ b/.github/workflows/guard-dependencies.yml
@@ -22,21 +22,12 @@ jobs:
           script: |
             const pr = context.payload.pull_request;
             const author = pr.user.login;
-            const assoc = pr.author_association;
 
             // Is PR branch in the same repo (not a fork)?
             const sameRepo =
               pr.head.repo != null && pr.head.repo.id === pr.base.repo.id;
 
-            const botAllowlist = new Set(['dependabot[bot]']);
-            const orgAuthorAssociations = new Set(['MEMBER', 'OWNER']);
-
-            const allowed =
-              botAllowlist.has(author) ||
-              sameRepo ||
-              (assoc != null && orgAuthorAssociations.has(assoc));
-
-            if (!allowed) {
+            if (!sameRepo) {
               await github.rest.issues.createComment({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
@@ -53,5 +44,5 @@ jobs:
 
               core.setFailed('Dependency changes are restricted to organization members.');
             } else {
-              console.log(`Author ${author} (author_association=${assoc}, sameRepo=${sameRepo}) is allowed to make dependency changes.`);
+              console.log(`Author ${author} (sameRepo=${sameRepo}) is allowed to make dependency changes.`);
             }