Configuring Dependabot on GitHub-hosted runners

Enable Dependabot on GitHub-hosted runners to more easily identify Dependabot job errors and manually detect and troubleshoot failed runs.

누가 이 기능을 사용할 수 있나요?

조직 소유자 및 리포지토리 관리자

이 문서의 내용

Enabling or disabling Dependabot on standard GitHub-hosted runners

You can configure Dependabot on standard GitHub-hosted runners:

If you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses prior to enabling Dependabot on GitHub Actions runners. You can update your IP allow list to use the GitHub-hosted runners IP addresses (instead of the Dependabot IP addresses), sourced from the meta REST API endpoint.

경고

You should not rely on the GitHub Actions IP addresses for authentication to private registries. These GitHub Actions addresses are not only used by GitHub, and should not be trusted for authentication. Instead, use a self-hosted runner to ensure greater control over your network access. For more information, see Configuring Dependabot on self-hosted runners.

For your repository

  1. GitHub에서 리포지토리의 기본 페이지로 이동합니다.

  2. 리포지토리 이름 아래에서 Settings를 클릭합니다. "설정" 탭이 표시되지 않으면 드롭다운 메뉴를 선택한 다음 설정을 클릭합니다.

    탭을 보여 주는 리포지토리 헤더의 스크린샷. "설정" 탭이 진한 주황색 윤곽선으로 강조 표시됩니다.

  3. 사이드바의 "Security" 섹션에서 Advanced Security 를 클릭합니다.

  4. Under "Dependabot", to the right of "Dependabot on Actions runners", click Enable to enable the feature or Disable to disable it.

    참고 항목

    Dependabot on GitHub Actions relies on the ubuntu-latest label to select the appropriate runner. To ensure Dependabot runs on GitHub-hosted runners, you should not use the label ubuntu-latest for self-hosted runners.

For your organization

Only repositories meeting the following criteria will be updated to run Dependabot on GitHub Actions the next time a Dependabot job is triggered.

  • Dependabot is enabled in the repository.
  • GitHub Actions is enabled in the repository.

If a repository in your organization has Dependabot enabled but GitHub Actions disabled, Dependabot will not run on GitHub Actions, but will continue to run using the built-in Dependabot application.

  1. GitHub의 오른쪽 위 모서리에서 프로필 사진을 클릭한 다음, Your organizations를 클릭합니다.

  2. 조직 옆에 있는 설정을 클릭합니다.

  3. 사이드바의 "Security" 섹션에서 Advanced Security 를 클릭한 다음, Global settings를 클릭합니다.

  4. In the "Dependabot" section, next to "Runner type", confirm that you have selected "Standard GitHub runner". If not, click and update your configuration.

    참고 항목

    Dependabot on GitHub Actions relies on the ubuntu-latest label to select the appropriate runner. To ensure Dependabot runs on GitHub-hosted runners, you should not use the label ubuntu-latest for self-hosted runners.

Enabling or disabling Dependabot on 대형 러너

If you run into Dependabot timeouts and out-of-memory errors, you may want to use 대형 러너, as you can configure these runners to have more resources. You can only enable 대형 러너 for Dependabot for an organization.

  1. Add a 더 큰 실행기 to your organization and ensure the name specified is dependabot. For more information, see 대형 실행기 관리하기.

  2. Opt in the organization to self-hosted runners. For more information, see Configuring Dependabot on self-hosted runners. This step is required, as it ensures that future Dependabot jobs will run on the larger GitHub-hosted runner that has the dependabot name.

    참고 항목

    Dependabot on GitHub Actions relies on the ubuntu-latest label to select the appropriate runner. To ensure Dependabot runs on GitHub-hosted runners, you should not use the label ubuntu-latest for self-hosted runners.