2

I have a repository that builds, tags, and publishes container images to GitHub's ghcr.io, however it fails to publish on dependabot actions and breaks all of my pipelines that are doing the build, tag, and release of each container image. Here is the dependabot code I originally had:

version: 2
updates:
- package-ecosystem: github-actions
  directory: "/"
  schedule:
    interval: monthly
    time: "13:00"

Now I read the following documentation on how to give it access to a registry:

And I thought I would try this:

version: 2
registries:
  ghcr: # Define access for a private registry
    type: docker-registry
    url: ghcr.io
    username: ${{ github.repository_owner }}
    password: ${{secrets.GHCR_REGISTRY_TOKEN}}
updates:
- package-ecosystem: github-actions
  directory: "/"
  registries:
    - ghcr
  schedule:
    interval: monthly
    time: "13:00"

Unfortunately, it still doesn't like it and subsequently breaks all of my pipelines. How do I configure Dependabot to be able to push to ghcr.io for all of my container packges?

R. Barrett
  • 685
  • 11
  • 34
  • 1
    did you configured the secrets in the `dependabot` section, like described here https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot#adding-a-repository-secret-for-dependabot ? – Matteo Dec 14 '22 at 08:52
  • @Matteo looks like I just had it configured for Actions, probably why it was failing I guess. Going to try adding it in under the Dependabot section. Thanks for pointing that out. – R. Barrett Dec 15 '22 at 00:01
  • 1
    @Matteo looks like you were right. – R. Barrett Dec 15 '22 at 00:10
  • cool, let me know if I need to post my comment as an answer so you can close the question – Matteo Dec 15 '22 at 08:29
  • @Matteo go ahead and post it as the answer. – R. Barrett Dec 16 '22 at 01:52

1 Answers1

1

Dependabot secrets are stored separately on the secret section of the repo, please follow this doc to configure it

Matteo
  • 37,680
  • 11
  • 100
  • 115