-
Currently, Actions that run off Dependabot PRs don’t have writable tokens, as they are treated like PRs from forks (c.f.: GitHub Actions: Workflows triggered by Dependabot PRs will run with read-only permissions | GitHub Changelog). Dependabot users in Dependabot cant read secrets anymore · Issue #3253 · dependabot/dependabot-core · GitHub have a desire to opt-in events to allow Dependabot triggered workflows to have writable tokens. As an example:
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Should this topic be pinned? If I recall correctly, then there were quite a few other topics around this topic. BTW: Does this also help in the following scenario?
|
Beta Was this translation helpful? Give feedback.
-
The Actions team has shipped this feature: GitHub Actions: Workflows triggered by Dependabot PRs will respect permissions key in workflows | GitHub Changelog |
Beta Was this translation helpful? Give feedback.
The Actions team has shipped this feature: GitHub Actions: Workflows triggered by Dependabot PRs will respect permissions key in workflows | GitHub Changelog