How to use dependabot secrets in GitHub CI workflow
Question
I have a NPM_AUTH_TOKEN secret which was originally stored in my actions secrets which doesn't seem to be accessible by dependabot when it automatically opens a PR.
I have now copied this secret into Dependabot Secrets. Do I need to change anything in my CI so that it can access it?
- name: Authenticate with Github Package Registry
run:
npm config set '//npm.pkg.github.com/:_authToken' "${NPM_AUTH_TOKEN}"
env:
NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
The above action is run by both PR's opened by developers as well as dependabot. Will secrets.NPM_AUTH_TOKEN be the value from Actions Secrets when opened by a developer and then be the value from Dependabot Secrets when opened by Dependabot?
1 answers
solution1
2 2022-04-19 20:58:13
github secrets are managed separately between actions, codespaces, and dependabot. You will need to set the same NPM_AUTH_TOKEN for dependabot, and then you can use it for both regular action run and the dependabot PRs.
You can check the secrets that dependabot can see by running gh secret list --app dependabot inside repo.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.