Dependabot GitHub workflow fails - deployment_token was not provided


The automated update tool Dependabot is a very helpful bot and it creates many fixes in the form of pull requests. Recently I learnt why the dependabot pull requests were failing with an error

deployment_token was not provided.

The setup and issue

The github workflow is deploying an Azure static webapp.

- name: Deploy
        id: deploy
        uses: Azure/static-web-apps-deploy@v1
          azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_DELIGHTFUL_GLACIER_02ECCB203 }}
          repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
          action: "upload"
          ###### Repository/Build Configurations - These values can be configured to match your app requirements. ######
          # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
          app_location: "/public" # App source code path
          skip_app_build: true
          skip_api_build: true
          ###### End of Repository/Build Configurations ######

This means that it needs a valid access token to be able to create resources on Azure during the workflow execution. And it is unable to find that secret and hence the error:

deployment_token was not provided.
The deployment_token is required for deploying content. If you'd like to continue the run without deployment, add the configuration skip_deploy_on_missing_secrets set to true in your workflow file
An unknown exception has occurred

The solution

Took me a few search attempts to locate this comment on GitHub. Essentially, dependabot doesn’t use the default set of secrets, rather we need to explicitly provide a set of secrets for it to use. It makes sense, we don’t want an app sitting outside of our repo to have access to repo/organization secrets.

The solution is to provide the required secrets for dependabot to use:

secrets for dependabot


Hope this was useful and saved you some time. Please do share your learnings. If you have any thoughts or comments please do get in touch with me on Twitter @rubberduckdev. Or use the Disqus plugin below.



Check about page for details.

Read More

Dependabot GitHub workflow fails - deployment_token was not provided