I recently started seeing dependabot failing to pull from ghcr.io for a public image. This used to work but seems to have stopped working recently. Package it’s trying to check https://github.com/users/devpow112/packages/container/package/base-ubuntu. The repository trying to run dependabot is private but it should be able to check if it needs updates for a public image. See below log snippet from dependabot logs.
I don’t think so. The logs I’ve listed are directly from the Dependabot logs not from a GitHub Actions run. It’s also not trying to pull a private image. The docker image devpow112/base-ubuntu is a public image from the GitHub Container Registry. There are no secrets involved since it’s a public image from the public repository. The funny thing is that the GitHub Action workflows that try to grab the devpow112/base-ubuntu as part of a docker build work fine even without logging into ghcr.io. Only dependabot fails to check for updates with the log messages above.