GitHub Actions Secrets Empty in a Dependabot PR Workflow
A workflow that runs on a Dependabot pull request sees empty secrets and a read-only token, because Dependabot-created PRs run in a restricted context with a separate "Dependabot secrets" store rather than your normal Actions secrets.
What this error means
On a Dependabot PR, secrets.<NAME> is empty and write API calls fail, while the same workflow works on a human-authored PR. The run used the Dependabot context, which withholds normal secrets and write access.
# on a Dependabot PR, this is empty:
- run: echo "token len: ${#TOKEN}" # prints 0
env:
TOKEN: ${{ secrets.DEPLOY_TOKEN }}Common causes
Dependabot runs use a restricted context
pull_request events opened by Dependabot run with a read-only GITHUB_TOKEN and do not receive normal Actions secrets, to limit what an automated dependency PR can do.
Secrets stored in the wrong place
Values a Dependabot workflow needs must be added under the separate Dependabot secrets settings; regular Actions secrets are not exposed to that context.
How to fix it
Add Dependabot secrets explicitly
Store the needed value under Settings > Secrets and variables > Dependabot, then reference it normally in the workflow.
# Settings > Secrets and variables > Dependabot > New repository secret
# then, in the workflow triggered by the Dependabot PR:
- run: ./use-token.sh
env:
TOKEN: ${{ secrets.DEPLOY_TOKEN }}Or handle Dependabot PRs with pull_request_target carefully
- Use github.actor == 'dependabot[bot]' to branch logic for these PRs.
- If you need write/secret access, use pull_request_target and check out the base, not untrusted PR code.
- Grant write permissions deliberately via the permissions: block only where safe.
How to prevent it
- Store Dependabot-workflow secrets under the Dependabot secrets section.
- Expect a read-only token on Dependabot PRs unless you elevate deliberately.
- Detect dependabot[bot] and treat its PRs as untrusted input.