GitHub Dependabot Doesn't Have Permissions To Publish to GHCR How Can I Give It Access
Question
I have a repository that builds, tags, and publishes container images to GitHub's ghcr.io, however it fails to publish on dependabot actions and breaks all of my pipelines that are doing the build, tag, and release of each container image. Here is the dependabot code I originally had:
version: 2
updates:
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: monthly
time: "13:00"
Now I read the following documentation on how to give it access to a registry:
And I thought I would try this:
version: 2
registries:
ghcr: # Define access for a private registry
type: docker-registry
url: ghcr.io
username: ${{ github.repository_owner }}
password: ${{secrets.GHCR_REGISTRY_TOKEN}}
updates:
- package-ecosystem: github-actions
directory: "/"
registries:
- ghcr
schedule:
interval: monthly
time: "13:00"
Unfortunately, it still doesn't like it and subsequently breaks all of my pipelines. How do I configure Dependabot to be able to push to ghcr.io for all of my container packges?
1 answers
solution1
1 ACCPTED 2022-12-16 16:44:45
Dependabot secrets are stored separately on the secret section of the repo, please follow this doc to configure it
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.