Skip to content
Latchkey

GitHub Actions Secrets Empty in a Dependabot PR Workflow

A workflow that runs on a Dependabot pull request sees empty secrets and a read-only token, because Dependabot-created PRs run in a restricted context with a separate "Dependabot secrets" store rather than your normal Actions secrets.

What this error means

On a Dependabot PR, secrets.<NAME> is empty and write API calls fail, while the same workflow works on a human-authored PR. The run used the Dependabot context, which withholds normal secrets and write access.

Actions log
# on a Dependabot PR, this is empty:
- run: echo "token len: ${#TOKEN}"   # prints 0
  env:
    TOKEN: ${{ secrets.DEPLOY_TOKEN }}

Common causes

Dependabot runs use a restricted context

pull_request events opened by Dependabot run with a read-only GITHUB_TOKEN and do not receive normal Actions secrets, to limit what an automated dependency PR can do.

Secrets stored in the wrong place

Values a Dependabot workflow needs must be added under the separate Dependabot secrets settings; regular Actions secrets are not exposed to that context.

How to fix it

Add Dependabot secrets explicitly

Store the needed value under Settings > Secrets and variables > Dependabot, then reference it normally in the workflow.

.github/workflows/ci.yml
# Settings > Secrets and variables > Dependabot > New repository secret
# then, in the workflow triggered by the Dependabot PR:
- run: ./use-token.sh
  env:
    TOKEN: ${{ secrets.DEPLOY_TOKEN }}

Or handle Dependabot PRs with pull_request_target carefully

  1. Use github.actor == 'dependabot[bot]' to branch logic for these PRs.
  2. If you need write/secret access, use pull_request_target and check out the base, not untrusted PR code.
  3. Grant write permissions deliberately via the permissions: block only where safe.

How to prevent it

  • Store Dependabot-workflow secrets under the Dependabot secrets section.
  • Expect a read-only token on Dependabot PRs unless you elevate deliberately.
  • Detect dependabot[bot] and treat its PRs as untrusted input.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →