Skip to content

Dependabot pull requests fail on repositories with maven-dependency-submission action  #17

New issue
New issue
Open
#41
Open
Dependabot pull requests fail on repositories with maven-dependency-submission action #17
#41
@thomasturrell

Description

@thomasturrell
thomasturrell
opened on Jan 23, 2023

When creating a new workflow using the suggested "Java with Maven" it includes the maven dependancy submission action.

For example:

name: Java CI with Maven

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v3
    - name: Set up JDK 11
      uses: actions/setup-java@v3
      with:
        java-version: '11'
        distribution: 'temurin'
        cache: maven
    - name: Build with Maven
      run: mvn -B package --file pom.xml

    # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
    - name: Update dependency graph
      uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6

However if dependabot is enabled for the repository then when dependabot opens a pull request the action fails with the following error:

HTTP Status 403 for request POST https://api.github.com/repos/x/y/dependency-graph/snapshots

I am not sure if this is a bug or a configuration issue. Any advice gratefully received.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions