Configuring Dependabot
Using Dependabot for automated package updates requires additional authentication to
work with the oban
registry. Update your .github/dependabot.yml
file to include the private
hex repository and enable insecure code execution so hex can add the registry:
version: 2
registries:
oban-private-repo:
type: hex-repository
repo: oban
url: https://repo.oban.pro
auth-key: ${{ secrets.oban_license_key }}
public-key-fingerprint: "SHA256:4/OSKi0NRF91QVVXlGAhb/BIMLnK8NHcx/EWs+aIWPc"
updates:
- package-ecosystem: "mix"
directory: "/"
insecure-external-code-execution: "allow"
registries:
- oban-private-repo
schedule:
interval: "daily"
Afterwards, store the oban_license_key
in your GitHub organization's secret store.