Closed tkittel closed 6 months ago
So I have first of all improved the error message one gets if the tokens are not actually set in a given workflow execution, to avoid thinking this is an issue with the remote server.
Secondly, I have tried to add specific (and similarly named) tokens for the dependabot, so hopefully the issue won't be there anymore (except that all the tokens have to be updated yearly...).
I think this is fixed. If the next dependabot PR shows otherwise, I will reopen.
Git cloning from private repos fails in dependabot triggered workflows, as explained here:
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#accessing-secrets
First of all, we should add a proper check to the relevant workflows to verify that the token is nonempty.
Secondly, we can either just live with this, or we can add the same tokens also as an identically named dependabot secret.