fix: use pull_request.user.login instead of github.actor for Dependabot check (#13)

github.actor is set to the workflow runner identity (github-actions[bot])
in org-required workflows, not the PR author. Switch to
github.event.pull_request.user.login which always reflects who opened the PR.

Co-authored-by: Eddie A Tejeda <669988+eddietejeda@users.noreply.github.com>

Author: eddietejeda

.github/workflows/claude-pr-review.yml

@@ -23,13 +23,13 @@ jobs:
           fetch-depth: 1
 
       - name: Auto-approve Dependabot bump
-        if: github.actor == 'dependabot[bot]'
+        if: github.event.pull_request.user.login == 'dependabot[bot]'
         run: gh pr review ${{ github.event.pull_request.number }} --approve --body "Automated dependency bump — auto-approved."
         env:
           GH_TOKEN: ${{ github.token }}
 
       - name: Generate GitHub App token
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: app-token
         uses: actions/create-github-app-token@v3.2.0
         with:
@@ -38,7 +38,7 @@ jobs:
           owner: hotdata-dev
 
       - uses: actions/checkout@v6.0.2
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         with:
           repository: hotdata-dev/github-workflows
           ref: main
@@ -48,7 +48,7 @@ jobs:
           sparse-checkout-cone-mode: false
 
       - name: Load review prompt
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: prompt
         run: |
           PROMPT=$(cat .github-workflows/docs/claude-pr-review-prompt.md)
@@ -57,11 +57,11 @@ jobs:
           echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Verify jq is available
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         run: jq --version
 
       - name: Gather review context
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: context
         run: |
           PR_NUMBER=${{ github.event.pull_request.number }}
@@ -96,7 +96,7 @@ jobs:
           GH_TOKEN: ${{ github.token }}
 
       - uses: anthropics/claude-code-action@v1
-        if: github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'dependabot[bot]'
         id: review
         continue-on-error: true
         with:
@@ -119,7 +119,7 @@ jobs:
             --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr review:*),Read"
 
       - name: Notify on review failure
-        if: github.actor != 'dependabot[bot]' && (steps.review.outcome == 'failure' || steps.review.outcome == 'cancelled')
+        if: github.event.pull_request.user.login != 'dependabot[bot]' && (steps.review.outcome == 'failure' || steps.review.outcome == 'cancelled')
         run: gh pr comment ${{ github.event.pull_request.number }} --body "Automated review unavailable (Claude step failed). Please review manually."
         env:
           GH_TOKEN: ${{ github.token }}