Depot GitHub Actions runners support running Dependabot jobs, allowing your dependency update workflows to benefit from the same performance improvements as your regular workflows.
When Dependabot is configured to run on self-hosted runners, it can automatically use Depot runners for all dependency update jobs. This provides several benefits:
To enable Dependabot on Depot runners:
Navigate to your repository or organization settings and enable "Dependabot on self-hosted runners". This setting allows Dependabot to use your configured self-hosted runners instead of GitHub's hosted runners.
For detailed instructions, see GitHub's documentation on enabling self-hosted runners for Dependabot updates.
Ensure your organization is already configured to use Depot runners. If not, follow the quickstart guide to set up Depot runners with your organization.
If you're using the Depot CLI or Depot actions (like depot/build-push-action) in your Dependabot workflows, you'll need to explicitly provide a Depot token. Dependabot workflows don't support GitHub's OpenID Connect (OIDC) authentication, so you must use a token-based approach.
Follow GitHub's instructions to add a repository secret for Dependabot. Name the secret DEPOT_TOKEN and set its value to your Depot API token.
Then pass the token explicitly in your workflows.
For Depot actions, pass it to depot/build-push-action:
steps:
- uses: depot/setup-action@v1
- uses: depot/build-push-action@v1
with:
token: ${{ secrets.DEPOT_TOKEN }}For the Depot CLI, pass it to depot/setup-action:
steps:
- uses: depot/setup-action@v1
with:
token: ${{ secrets.DEPOT_TOKEN }}
- run: depot build .If you encounter authentication errors, see Dependabot authentication troubleshooting.
Once configured, Dependabot jobs automatically run on depot-ubuntu-latest runners without requiring any additional workflow configuration.