githubgithub-actionsdependabotgithub-packagesghcr

GitHub Dependabot Doesn't Have Permissions To Publish to GHCR How Can I Give It Access


I have a repository that builds, tags, and publishes container images to GitHub's ghcr.io, however it fails to publish on dependabot actions and breaks all of my pipelines that are doing the build, tag, and release of each container image. Here is the dependabot code I originally had:

version: 2
updates:
- package-ecosystem: github-actions
  directory: "/"
  schedule:
    interval: monthly
    time: "13:00"

Now I read the following documentation on how to give it access to a registry:

And I thought I would try this:

version: 2
registries:
  ghcr: # Define access for a private registry
    type: docker-registry
    url: ghcr.io
    username: ${{ github.repository_owner }}
    password: ${{secrets.GHCR_REGISTRY_TOKEN}}
updates:
- package-ecosystem: github-actions
  directory: "/"
  registries:
    - ghcr
  schedule:
    interval: monthly
    time: "13:00"

Unfortunately, it still doesn't like it and subsequently breaks all of my pipelines. How do I configure Dependabot to be able to push to ghcr.io for all of my container packges?


Solution

  • Dependabot secrets are stored separately on the secret section of the repo, please follow this doc to configure it