Dependabot-core: dependabot v2 can't merge to protected branches

Created on 26 Aug 2020  路  3Comments  路  Source: dependabot/dependabot-core

Using dependabot v2 (AKA GitHub-native Dependabot), I am unable to have dependabot successfully execute a @dependabot merge command against a protected branch. When I issue the merge command in a comment on the PR, I get the standard You're not authorized to push to this branch. Visit https://docs.github.com/articles/about-protected-branches/ for more information. error. Dependabot v1 used a GitHub App which allowed me to add the dependabot-preview user to my branch protection rules. v2 seems to have changed things up by dropping the app, but now there's nothing for me to add to my branch protection rules. (The dependabot-preview user is still able to push to the protected branch, but v2 uses a user called dependabot so it doesn't match.)

bug 馃悶
Source
picture ZebraFlesh
👍1

Most helpful comment

Any updates on this issue?

picture christoferolaison on 1 Oct 2020
👍3

All 3 comments

Hi @ZebraFlesh, yeah this is a known issue that we're already tracking internally. Will keep you up to date when we have a fix for this, but unfortunately it's not straightforward so it might take a while before a fix for this lands.

jurre picture jurre on 26 Aug 2020
👍2

Thanks for the update. This issue is blocking me from upgrading to v2, so I'll definitely be keeping an eye.

ZebraFlesh picture ZebraFlesh on 26 Aug 2020
👍3

Any updates on this issue?

christoferolaison picture christoferolaison on 1 Oct 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

artzag picture artzag  路  3Comments
exequiel09 picture exequiel09  路  4Comments
rafaelrocha-hotmart picture rafaelrocha-hotmart  路  4Comments
qnighy picture qnighy  路  4Comments
christoferolaison picture christoferolaison  路  3Comments