I have a question on how to enable dependabot PRs GitHub Actions to see secrets of the repo.
The problem is
- GitHub actions in the repo require API keys for CI reporting and tests
- These keys are stores as GitHub secrets
- When Dependabot opens PR, the Actions fail, because the secrets are not present: Bump epoxy from 4.4.1 to 4.4.2 · jraska/github-client@c5160b6 · GitHub
- When I manually rerun the Actions, they pass, because the secrets are present - I assume because it is the owner of the repo triggering the workflow. Bump epoxy from 4.4.1 to 4.4.2 · jraska/github-client@9293edf · GitHub
- I tried to add Dependabot as a collaborator, however this doesn’t work as bot will obviously not accept the invite.
The question at the end is - How to run Actions which need secrets on Dependabot PRs?
Alternatively: How to pass API keys into these actions without secrets in a secure way?
Thanks for any ideas.