What you expected to see, versus what you actually saw
I am trying to configure Dependabot in such a way, that it can update docker images from the GitHub internal container registry following the docs.
However, GITHUB_TOKEN cannot be resolved by dependabot, as shown in the logs:
Run github/dependabot-action@ghes-3.12
env:
GITHUB_TOKEN: ***
🤖 ~ starting update ~
Fetching job details
Error: Dependabot was unable to retrieve job credentials
Error: fetching credentials: unexpected status code: 422: {"errors":[{"status":422,"title":"Secret Not Found","detail":"GITHUB_TOKEN"}]}
I can see that GITHUB_TOKEN is passed to github/dependabot-action but there does not seem to be a way to use that token.
I also tried to use
Is there an existing issue for this?
Package ecosystem
docker
Package manager version
-
Language version
-
Manifest location and content before the Dependabot update
-
dependabot.yml content
Updated dependency
-
What you expected to see, versus what you actually saw
I am trying to configure Dependabot in such a way, that it can update docker images from the GitHub internal container registry following the docs. However,
GITHUB_TOKEN
cannot be resolved by dependabot, as shown in the logs:I can see that
GITHUB_TOKEN
is passed togithub/dependabot-action
but there does not seem to be a way to use that token. I also tried to useBut this does not work either, as the environment variable seems to be resolved too early. In this case I receive a
I did verify that I can authenticate to the package with the GitHub token outside of the dependabot run.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response