We have a python repository that is using native dependabot. When dependabot creates a PR with dependency updates, secrets are not available on the first run of the PR validation GitHub Actions job. However if that job is restarted, then secrets are available.
We are using organization wide secrets. Could this be a bug?