GITHUB_TOKEN - Githubissues

ahmadnassri / action-dependabot-auto-merge

Automatically merge Dependabot PRs when version comparison is within range

MIT License

342 stars 48 forks source link

GITHUB_TOKEN #33

Closed danielbayley closed 4 years ago

danielbayley commented 4 years ago

Similar to #11, #21, #1…

@ahmadnassri is there a reason we can't just use github-token: ${{ secrets.GITHUB_TOKEN }} directly? (Obviously GITHUB_TOKEN has the correct scopes in my case.)

emi190396 commented 4 years ago

:+1:

ahmadnassri commented 4 years ago

since this action uses @dependabot commands (e.g. @dependabot merge) the actual merging logic lives within dependabot itself, and that requires a user token not the Actions repo token ... this is a limitation by dependabot itself, not this action.

dependabot commands

dependabot error message

ahmadnassri commented 4 years ago

perhaps this is something to bring up to GitHub to add to dependabot ... would be nice to never have to put any token in the action yaml for sure