diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
index eb2920cc..2bbd2ce3 100644
--- a/.github/workflows/automerge.yml
+++ b/.github/workflows/automerge.yml
@@ -1,5 +1,5 @@
-name: Auto-merge dependency PRs
-on: pull_request
+name: Dependabot auto-approve
+on: pull_request_target
 
 permissions:
   pull-requests: write
@@ -11,12 +11,12 @@ jobs:
     if: github.actor == 'dependabot[bot]' || github.actor == 'CFN-CI'
     steps:
       - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        uses: hmarr/auto-approve-action@v4
+        with:
+          review-message: "Auto approved automated PR"
+          github-token: ${{secrets.CFN_CI_PAT}}
       - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --merge "$PR_URL"
+        run: gh pr merge --auto --rebase "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.GITHUB_TOKEN}}