qkaiser
commented
7 months ago Once this is taken care of, we can define a dependabot configuration file at https://github.com/onekey-sec/unblob/network/updates so that we receive weekly updates for dependencies.
If you take a look at https://github.com/onekey-sec/unblob/pull/703, you'll see that the docker container build fails because we receive a 403 when trying to push to the registry.
It's due to the way Github set permissions. If a pull request is created by a member that's not part ot the organization, then it should not have a token with write access permissions to the repo and registries.
There is detailed documentation about this here:
We should adapt our Github workflow so that trusted users like Github dependabot can work.