这是indexloc提供的服务,不要输入任何密码
Skip to content

fix 403s, registry creds probably not needed #1498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 18, 2025
Merged

fix 403s, registry creds probably not needed #1498

merged 1 commit into from
Jun 18, 2025

Conversation

jakecoffman
Copy link
Member

@jakecoffman jakecoffman commented Jun 18, 2025
edited
Loading

I'm seeing 403s in the Dependabot logs and thought we could try without creds again since all the images are public.

  proxy | 2025/06/18 15:38:24 [012] GET https://ghcr.io:443/v2/github/dependabot-update-job-proxy/dependabot-update-job-proxy/tags/list
  proxy | 2025/06/18 15:38:24 [012] * authenticating docker registry request (host: ghcr.io)
  proxy | 2025/06/18 15:38:25 [012] 403 https://ghcr.io:443/v2/github/dependabot-update-job-proxy/dependabot-update-job-proxy/tags/list

Originally the creds were added in #131 and you can see there was confusion there why they were needed. So let's try again without and see if we can simply things.

@Copilot Copilot AI review requested due to automatic review settings June 18, 2025 15:54
@jakecoffman jakecoffman requested a review from a team as a code owner June 18, 2025 15:54
Copilot
Copilot AI reviewed Jun 18, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

The PR removes the custom GHCR registry credentials from the Dependabot configuration to attempt updates against public images only.

  • Deletes the top-level registries block
  • Removes the registries reference under the Docker update entry
Comments suppressed due to low confidence (1)

.github/dependabot.yml:3

  • Verify that the schedule and labels keys are still present under this Docker update item; they appear to have been omitted and are required for Dependabot to run correctly.
  - package-ecosystem: "docker"

@jakecoffman
Copy link
Member Author

I ran the update in Dependabot CLI without creds and it produced a PR. I think since #131 we added dynamic logins for docker so these credentials aren't needed anymore.

@jakecoffman jakecoffman enabled auto-merge (squash) June 18, 2025 16:13
@jakecoffman jakecoffman changed the title fix 403s perhaps, registry creds may not be needed fix 403s, registry creds probably not needed Jun 18, 2025
@jakecoffman jakecoffman merged commit ffc3936 into main Jun 18, 2025
9 checks passed
@jakecoffman jakecoffman deleted the remove-registry-creds branch June 18, 2025 16:38
@jakecoffman
Copy link
Member Author

Confirmed it is working again #1501

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@pavera pavera pavera approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jakecoffman @pavera