[March 15] Dependabot version updates support for private registries (#17985)
* Update the UI for allowing private repos * Private reg support WiP * More WiP for private reg support * Apply review comment about internal repos * Add Dependabot secrets article plus details of allowing remote code execution * Add link to private registries info * Fix conflict on PR * Add 'private_source_*' errors to troubleshooting * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/managing-encrypted-secrets-for-dependabot.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/managing-encrypted-secrets-for-dependabot.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/managing-encrypted-secrets-for-dependabot.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/managing-encrypted-secrets-for-dependabot.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update data/reusables/dependabot/private-dependencies-note.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update data/reusables/dependabot/supported-package-managers.md Co-authored-by: Mike McDonald <2575327+asciimike@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Mike McDonald <2575327+asciimike@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Update content/github/administering-a-repository/managing-encrypted-secrets-for-dependabot.md Co-authored-by: Jason Rudolph <jason@jasonrudolph.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Mike McDonald <2575327+asciimike@users.noreply.github.com> * Update content/github/administering-a-repository/configuration-options-for-dependency-updates.md Co-authored-by: Mike McDonald <2575327+asciimike@users.noreply.github.com> * Move registries section below updates as requested by reviewer. * Correct heading level of 'allow' subheading Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: Mike McDonald <2575327+asciimike@users.noreply.github.com> Co-authored-by: Jason Rudolph <jason@jasonrudolph.com>
This commit is contained in:
hubwriter
@@ -76,9 +76,20 @@ There are separate limits for security and version update pull requests, so that
|
||||
|
||||
The best way to resolve this error is to merge or close some of the existing pull requests and trigger a new pull request manually. For more information, see "[Triggering a {% data variables.product.prodname_dependabot %} pull request manually](#triggering-a-dependabot-pull-request-manually)."
|
||||
|
||||
#### {% data variables.product.prodname_dependabot %} can't resolve your dependency files
|
||||
#### {% data variables.product.prodname_dependabot %} can't resolve or access your dependencies
|
||||
|
||||
If {% data variables.product.prodname_dependabot %} attempts to check whether dependency references need to be updated in a repository, but can't access one or more of the referenced files, the operation will fail with the error message "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files." The API error type is `git_dependencies_not_reachable`.
|
||||
If {% data variables.product.prodname_dependabot %} attempts to check whether dependency references need to be updated in a repository, but can't access one or more of the referenced files, the operation will fail with the error message "{% data variables.product.prodname_dependabot %} can't resolve your LANGUAGE dependency files." The API error type is `git_dependencies_not_reachable`.
|
||||
|
||||
Similarly, if {% data variables.product.prodname_dependabot %} can't access a private package registry in which a dependency is located, one of the following errors is generated:
|
||||
|
||||
* "Dependabot can't reach a dependency in a private package registry"<br>
|
||||
(API error type: `private_source_not_reachable`)
|
||||
* "Dependabot can't authenticate to a private package registry"<br>
|
||||
(API error type:`private_source_authentication_failure`)
|
||||
* "Dependabot timed out while waiting for a private package registry"<br>
|
||||
(API error type:`private_source_timed_out`)
|
||||
* "Dependabot couldn't validate the certificate for a private package registry"<br>
|
||||
(API error type:`private_source_certificate_failure`)
|
||||
|
||||
To allow {% data variables.product.prodname_dependabot %} to update the dependency references successfully, make sure that all of the referenced dependencies are hosted at accessible locations.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user