Revert "Dependabot on Actions (opt-in) - [GA] (#49794)"

This reverts commit 34c09590c0.
2026-01-05 03:06:35 -05:00 · 2024-04-23 15:44:18 +01:00
parent 4fafe861a9
commit c8f95faca9
15 changed files with 17 additions and 146 deletions
--- a/data/features/dependabot-on-actions-opt-in.yml
+++ b/data/features/dependabot-on-actions-opt-in.yml
@@ -1,4 +0,0 @@
-# Reference: Issue #13337 Dependabot on Actions (opt-in) GA
-versions:
-  fpt: '*'
-  ghec: '*'
--- a/data/reusables/dependabot/dependabot-on-actions-opt-in-note.md
+++ b/data/reusables/dependabot/dependabot-on-actions-opt-in-note.md
@@ -1,5 +0,0 @@
-{% ifversion dependabot-on-actions-opt-in %}
-
->[!NOTE] You must opt in to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. Future releases of {% data variables.product.product_name %} will remove the ability to opt in and always run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners)."
-
-{% endif %}
--- a/data/reusables/dependabot/dependabot-on-actions-troubleshooting-workflows.md
+++ b/data/reusables/dependabot/dependabot-on-actions-troubleshooting-workflows.md
@@ -1,9 +0,0 @@
-After you set up {% data variables.product.prodname_dependabot %} updates for {% data variables.location.product_location %}, you may see failures when existing workflows are triggered by {% data variables.product.prodname_dependabot %} events.
-
-By default, {% data variables.product.prodname_actions %} workflow runs that are triggered by {% data variables.product.prodname_dependabot %} from `push`, `pull_request`, `pull_request_review`, or `pull_request_review_comment` events are treated as if they were opened from a repository fork. Unlike workflows triggered by other actors, this means they receive a read-only `GITHUB_TOKEN` and do not have access to any secrets that are normally available. This will cause any workflows that attempt to write to the repository to fail when they are triggered by {% data variables.product.prodname_dependabot %}.
-
-There are three ways to resolve this problem:
-
-1. You can update your workflows so that they are no longer triggered by {% data variables.product.prodname_dependabot %} using an expression like: `if: github.actor != 'dependabot[bot]'`. For more information, see "[AUTOTITLE](/actions/learn-github-actions/expressions)."
-1. You can modify your workflows to use a two-step process that includes `pull_request_target` which does not have these limitations. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#responding-to-events)."
-1. You can provide workflows triggered by {% data variables.product.prodname_dependabot %} access to secrets and allow the `permissions` term to increase the default scope of the `GITHUB_TOKEN`.
--- a/data/reusables/dependabot/dependabot-updates-and-actions.md
+++ b/data/reusables/dependabot/dependabot-updates-and-actions.md
@@ -1 +1 @@
-By default, {% data variables.product.prodname_dependabot_updates %} are run using the built-in {% data variables.product.prodname_dependabot %} application in {% data variables.product.product_name %}. You can instead choose to run {% data variables.product.prodname_dependabot_updates %} on {% data variables.product.prodname_actions %}, to take advantage of better performance, and increased visibility and control of {% data variables.product.prodname_dependabot_updates %} jobs.
+{% data variables.product.prodname_actions %} is {% ifversion ghec or fpt %}not {% endif %}required for {% data variables.product.prodname_dependabot_version_updates %} and {% data variables.product.prodname_dependabot_security_updates %} to run on {% data variables.product.product_name %}.{% ifversion fpt or ghec %} However, pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."{% elsif ghes %} {% data reusables.dependabot.enabling-actions-for-ghes %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
--- a/data/reusables/dependabot/dependabot-updates-prs-and-actions.md
+++ b/data/reusables/dependabot/dependabot-updates-prs-and-actions.md
@@ -1 +0,0 @@
-{% ifversion fpt or ghec %}Pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."{% elsif ghes %} {% data reusables.dependabot.enabling-actions-for-ghes %} {% data variables.product.prodname_actions %} is required for {% data variables.product.prodname_dependabot_version_updates %} and {% data variables.product.prodname_dependabot_security_updates %} to run on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
				`@@ -1 +0,0 @@`
				{% ifversion fpt or ghec %}Pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."{% elsif ghes %} {% data reusables.dependabot.enabling-actions-for-ghes %} {% data variables.product.prodname_actions %} is required for {% data variables.product.prodname_dependabot_version_updates %} and {% data variables.product.prodname_dependabot_security_updates %} to run on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}