1

I'm trying to follow what Github suggests regarding setting up private bundler repositories for dependabot but for some reason it just doesn't work for me. here is what i did:

  1. Created a PAT with access to all my repositories
  2. Saved it as DEPENDABOT_GITHUB_ACCESS_TOKEN dependabot secret
  3. Created a .github/dependabot.yml file in my repo with a following contents:
version: 2
registries:
  github-octocat:
    type: git
    url: https://github.com
    username: x-access-token
    password: ${{secrets.DEPENDABOT_GITHUB_ACCESS_TOKEN}}
updates:
  - package-ecosystem: "bundler"
    directory: "/"
    insecure-external-code-execution: allow
    registries:
      - github-octocat
    schedule:
      interval: "weekly"

However, githubs dependabot alert screen keeps saying:

Dependabot failed to update your dependencies The following git repository was unreachable and caused the update to fail: xxxxx.

Dependabot can't update bundler dependency files that reference private git repositories. Please consider using a git registry.

mbajur
  • 4,406
  • 5
  • 49
  • 79
  • *I'm trying to follow what Github suggests* Where are you getting this information? – anothermh Apr 13 '23 at 06:13
  • @anothermh in the quoted error messsage, the "using a git registry" is linked to a private git registry documentation: https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#git – mbajur Apr 14 '23 at 07:02
  • Are you using `github-octocat`? Because that's just the example, you need to sub in your actual registry. And the registry needs to exist. – anothermh Apr 19 '23 at 17:24
  • How did you declare your gem in the Gemfile? – Mario Pérez Alarcón May 17 '23 at 10:30

0 Answers0