repo sync #4397
repo sync #4397
Conversation
#17918) * adding workflows note about dependabot token * reworded a little to make active * Update data/reusables/actions/workflow-runs-dependabot-note.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
|
Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues ⚡ |
There was a problem hiding this comment.
@runleonarun Hi Leona, this change broke all our integrations via a GitHub action that automatically merged Dependabot pull requests using the built-in GITHUB_TOKEN. Is there a way to reach out to somebody about this change?
|
@simoneb Let me find someone who can help! |
It's sorted already, thank you and apologies for bothering you |
@simoneb I'm so relieved to hear that! |
|
We have exactly the same problem (our dependabot pull requests cant access secrets anymore and cant install the dependencies from our private registry). Or how did you sorted it out @simoneb |
|
@WtfJoke "sorted", it's now the default behavior that the GITHUB_TOKEN is readonly, so you'll have to find workarounds. See the announcement here https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/. Very useful information about alternatives and workarounds here https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md |
This is an automated pull request to sync changes between the public and private repos.
🤖 This pull request should be merged (not squashed) to preserve continuity across repos, so please let a bot do the merging!