chore: fix broken workflows (#30)

.github/workflows/auto-approve.yml

@@ -1,6 +1,6 @@
 name: auto-approve
 on:
-  pull_request:
+  pull_request_target:
     types:
       - opened
       - labeled
@@ -16,17 +16,17 @@ jobs:
     if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false
     steps:
       - name: Checkout PR
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
       - name: Auto-approve PRs by other users as team-tf-cdk
-        if: github.event.pull_request.user.login != 'team-tf-cdk' && github.actor != 'dependabot[bot]'
+        if: github.event.pull_request.user.login != 'team-tf-cdk' && (contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]')
         env:
           GH_TOKEN: ${{ secrets.TEAM_TF_CDK }}
         run: gh pr review ${{ github.event.pull_request.number }} --approve
-      - name: Auto-approve PRs by team-tf-cdk or Dependabot as github-actions[bot]
-        if: github.event.pull_request.user.login == 'team-tf-cdk' || github.actor == 'dependabot[bot]'
+      - name: Auto-approve PRs by team-tf-cdk as github-actions[bot]
+        if: github.event.pull_request.user.login == 'team-tf-cdk'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: gh pr review ${{ github.event.pull_request.number }} --approve

.github/workflows/automerge.yml

@@ -1,6 +1,6 @@
 name: automerge
 on:
-  pull_request:
+  pull_request_target:
     types:
       - opened
       - labeled
@@ -13,18 +13,12 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      pull-requests: write
     if: contains(github.event.pull_request.labels.*.name, 'automerge') && github.event.pull_request.draft == false
     steps:
       - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Turn on automerge for this PR by Dependabot
-        if: github.actor == 'dependabot[bot]'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh pr merge --auto --squash ${{ github.event.pull_request.number }}
-      - name: Turn on automerge for this PR by users other than Dependabot
-        if: github.actor != 'dependabot[bot]'
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Turn on automerge for this PR by trusted users
+        if: contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]'
         env:
           GH_TOKEN: ${{ secrets.TEAM_TF_CDK }}
         run: gh pr merge --auto --squash ${{ github.event.pull_request.number }}

.github/workflows/upgrade-node.yml

@@ -35,7 +35,7 @@ jobs:
         if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT
         run: |-
           npm pkg set engines.node=">= $NEW_NODEJS_VERSION"
-          yarn add -D @types/node@^$NEW_NODEJS_VERSION_SHORT
+          yarn add -W -D @types/node@^$NEW_NODEJS_VERSION_SHORT
       # If there are other steps you need to take in your project to update Node.js everywhere, add those here
       - name: Get values for pull request
         id: latest_version

package.json

@@ -22,7 +22,7 @@
     "destroy:frontend": "yarn workspace frontend run destroy"
   },
   "engines": {
-    "node": ">=10.12"
+    "node": ">= 10.12"
   },
   "dependencies": {
     "@cdktf/provider-aws": "^17.0.11",