Dependabot GitHub workflow fails - deployment_token was not provided
Introduction
The automated update tool Dependabot is a very helpful bot and it creates many fixes in the form of pull requests. Recently I learnt why the dependabot pull requests were failing with an error
deployment_token was not provided.The setup and issue
The github workflow is deploying an Azure static webapp.
- name: Deploy
id: deploy
uses: Azure/static-web-apps-deploy@v1
with:
azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_DELIGHTFUL_GLACIER_02ECCB203 }}
repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
action: "upload"
###### Repository/Build Configurations - These values can be configured to match your app requirements. ######
# For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
app_location: "/public" # App source code path
skip_app_build: true
skip_api_build: true
###### End of Repository/Build Configurations ######This means that it needs a valid access token to be able to create resources on Azure during the workflow execution. And it is unable to find that secret and hence the error:
deployment_token was not provided.
The deployment_token is required for deploying content. If you'd like to continue the run without deployment, add the configuration skip_deploy_on_missing_secrets set to true in your workflow file
An unknown exception has occurredThe solution
Took me a few search attempts to locate this comment on GitHub. Essentially, dependabot doesn’t use the default set of secrets, rather we need to explicitly provide a set of secrets for it to use. It makes sense, we don’t want an app sitting outside of our repo to have access to repo/organization secrets.
The solution is to provide the required secrets for dependabot to use:
Conclusion
Hope this was useful and saved you some time. Please do share your learnings. If you have any thoughts or comments please do get in touch with me on Twitter @rubberduckdev. Or use the Disqus plugin below.