With the recent changes around dependabot only have read-only access (and thus not being able to read repository secrets), I want to disable dependabot from creating PR’s (as they will always fail), but still see the alerts. Is this possible? I have tried everything within my action but nothing seems to work.
My dependabot.yml is here:
version: 2 updates: # Maintain dependencies for npm - package-ecosystem: "npm" directory: "/frontend" target-branch: "master" schedule: interval: "monthly" - package-ecosystem: "maven" directory: "/backend" target-branch: "master" schedule: interval: "monthly"
In my github action I have the following:
on: push: paths-ignore: - 'infrastructure/**' pull_request: paths-ignore: - 'infrastructure/**' branches-ignore: - 'master'
However, the dependabot PR’s still trigger a build. I’ve also tried the following which doesn’t work:
if: github.actor != 'dependabot-[bot]'
Is there any way to disable this but still see alerts?