Ahmad Nassri
Ahmad Nassri
> I am passing a PAT to github-token but now if dependabot triggers an action this token is not injected. oof, yeah .. not sure what to do about that...
> you cant comment on a PR using GITHUB_TOKEN you most certainly can... I've done this in many other custom workflows ... perhaps you can share the full workflow sequence...
yes, a PAT has always been needed as per the [README](https://github.com/ahmadnassri/action-dependabot-auto-merge#token-scope) so the follow up question, what is stopping you from using a PAT?
I'm moving this discussion to https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60 which details full context.
for method 1: are you using a PAT?
after further inspection of recent private repo PRs, it seems the "March 1st" date from the Github article is false ... up-until **March 8** things were working fine, only on...
> the merge will be triggered with dependabot permissions.... > and after that merge... the main branch will be triggered without full permissions failing Continuous Deployment to AWS or another...
note: it's REALLY hard to test further variations on this .. since `@dependabot recreate` doesn't really mimic an actual brand new pull request ... and dependabot is mostly triggered by...
> If you change your main branch to "main-fake" you can downgrade packages and do whatever you want.... ah, good trick
PSA: I have to start my main work day, which will keep me occupied and away from further trying to debug and address this issue, I appreciate the community's feedback...