CI: dependabot can't push to docker registry
qkaiser opened this issue · 2 comments
qkaiser commented
If you take a look at #703, you'll see that the docker container build fails because we receive a 403 when trying to push to the registry.
It's due to the way Github set permissions. If a pull request is created by a member that's not part ot the organization, then it should not have a token with write access permissions to the repo and registries.
There is detailed documentation about this here:
- dependabot/dependabot-core#3253
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
We should adapt our Github workflow so that trusted users like Github dependabot can work.
qkaiser commented
Once this is taken care of, we can define a dependabot configuration file at https://github.com/onekey-sec/unblob/network/updates so that we receive weekly updates for dependencies.