Closed danielbayley closed 4 years ago
:+1:
since this action uses @dependabot
commands (e.g. @dependabot merge
) the actual merging logic lives within dependabot itself, and that requires a user token not the Actions repo token ... this is a limitation by dependabot itself, not this action.
perhaps this is something to bring up to GitHub to add to dependabot ... would be nice to never have to put any token in the action yaml for sure
Similar to #11, #21, #1…
@ahmadnassri is there a reason we can't just use
github-token: ${{ secrets.GITHUB_TOKEN }}
directly? (ObviouslyGITHUB_TOKEN
has the correct scopes in my case.)