Skip to content

dependabot: auto-merge requires on pull_request_target#43017

Open
clwluvw wants to merge 1 commit intogithub:mainfrom
clwluvw:patch-1
Open

dependabot: auto-merge requires on pull_request_target#43017
clwluvw wants to merge 1 commit intogithub:mainfrom
clwluvw:patch-1

Conversation

@clwluvw
Copy link

@clwluvw clwluvw commented Feb 18, 2026

Why:

Auto-merge appears to function correctly with pull_request_target, allowing it to authenticate and operate within the context of the target repository. Without this, a 401 error is returned due to insufficient scope.

> Run gh pr merge --auto --merge "$PR_URL"
non-200 OK status code: 401 Unauthorized body: "{\r\n  \"message\": \"Bad credentials\",\r\n  \"documentation_url\": \"[https://docs.github.com/rest\](https://docs.github.com/rest/)",\r\n  \"status\": \"401\"\r\n}"

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the review environment.

Auto-merge appears to function correctly with `pull_request_target`, allowing it to authenticate and operate within the context of the target repository. Without this, a 401 error is returned due to insufficient scope.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Copilot AI review requested due to automatic review settings February 18, 2026 15:41
@github-actions
Copy link
Contributor

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source Review Production What Changed
code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md fpt
ghec
ghes@ 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.19 3.18 3.17 3.16 3.15 3.14

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Feb 18, 2026
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request proposes changing the trigger event for the Dependabot auto-merge workflow from pull_request to pull_request_target with specific activity types. The PR description claims this change is needed to fix authentication issues (401 errors due to insufficient scope).

Changes:

  • Modified the workflow trigger from on: pull_request to on: pull_request_target with types [opened, reopened, synchronize]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

triage Do not begin working on this issue until triaged by the team

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments