Dependabot on GitHub Actions runners

GitHub automatically runs the jobs that generate Dependabot pull requests on GitHub Actions if you have GitHub Actions enabled for the repository. When Dependabot is enabled, these jobs will run by bypassing Actions policy checks and disablement at the repository or organization level.

누가 이 기능을 사용할 수 있나요?

Dependabot의 GitHub Actions은 GitHub Actions가 사용하도록 설정된 모든 리포지토리에 대해 기본적으로 사용하도록 설정되어 있습니다.

이 기사에서

About Dependabot on GitHub Actions runners

중요

If Dependabot is enabled for a repository, it will always run on GitHub Actions, bypassing both Actions policy checks and disablement at the repository or organization level. This ensures that security and version update workflows always run when Dependabot is enabled.

Using GitHub Actions runners allows you to more easily identify Dependabot job errors and manually detect and troubleshoot failed runs. You can also integrate Dependabot into your CI/CD pipelines by using GitHub Actions APIs and webhooks to detect Dependabot job status such as failed runs, and perform downstream processing. For more information, see GitHub Actions의 REST API 엔드포인트 and 웹후크 이벤트 및 페이로드.

New repositories that you create in your user account or in your organization will automatically be configured to run Dependabot on GitHub Actions using standard GitHub-hosted runners if any of the following is true:

  • Dependabot is installed and enabled, and GitHub Actions is enabled and in use.
  • The "Dependabot on GitHub Actions runners" setting for your organization is enabled.

Future releases of GitHub will remove the ability to disable running Dependabot on GitHub Actions.

참고

Enabling Dependabot on GitHub Actions may increase the number of concurrent jobs run in your account. If required, customers on enterprise plans can request a higher limit for concurrent jobs. For more information, contact us through the GitHub 지원 포털, or contact your sales representative.

Runner options

You can run Dependabot on GitHub Actions using:

  • Standard GitHub-hosted runners. These are the default runners used by GitHub to execute GitHub Actions jobs.
  • 대형 실행기. These are GitHub-hosted runners with advanced features like more RAM, CPU, and disk space. For more information, see 더 큰 러너 사용.
  • Self-hosted runners. These runners grant you greater control over Dependabot access to your private registries and internal network resources. Be aware that for security reasons, Dependabot updates on self-hosted runners will not run on public repositories. For more information on assigning a dependabot label on self-hosted runners, see 자체 호스팅 러너에서 Dependabot 구성.

Running Dependabot on standard GitHub-hosted or self-hosted runners does not count towards your included GitHub Actions minutes. For Dependabot on 대형 러너, GitHub will bill your organization at the regular rate. See 작업 실행기 요금.

참고

프라이빗 네트워킹은 Azure VNET(Virtual Network) 또는 ARC(Actions Runner Controller) Dependabot 에서 지원됩니다 GitHub Actions. Actions Runner Controller를 사용하여 자체 호스팅된 액션 러너에서 Dependabot이 실행되도록 설정Azure 프라이빗 네트워크를 사용하여 Github 호스팅 작업 실행기에서 실행되도록 Dependabot 설정을 참조하세요.

How runner settings interact

The Dependabot on GitHub Actions runners and Dependabot on self-hosted runners settings are interdependent:

  • Enabling "Dependabot on self-hosted runners" automatically enables "Dependabot on GitHub Actions runners". Disabling "Dependabot on GitHub Actions runners" automatically disables "Dependabot on self-hosted runners".
  • When both settings are enabled, Dependabot jobs run only on self-hosted runners or 대형 러너 with a dependabot label—not on standard GitHub-hosted runners.

경고

If both settings are enabled but no self-hosted runners or 대형 러너 with a dependabot label are available, Dependabot jobs will remain queued indefinitely. Ensure runners with this label are configured before enabling "Dependabot on self-hosted runners".

Access and permissions

If you are transitioning to using Dependabot on GitHub Actions runners and you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses. For example, if you currently limit access to your private resources to the IP addresses that Dependabot uses, you should update your allowlist to use the GitHub-hosted runners IP addresses sourced from the meta API endpoint. For more information, see 메타 데이터에 대한 REST API 엔드포인트.

엔터프라이즈에서만 작업 및 재사용 가능한 워크플로를 허용하는 정책을 적용하고 Dependabot에서 GitHub Actions을(를) 사용하도록 설정하면 Dependabot이(가) 실행되지 않습니다. Dependabot을(를) 엔터프라이즈 작업 및 재사용 가능한 워크플로와 함께 실행할 수 있도록 하려면 GitHub에서 만든 작업을 허용하거나 지정된 작업 및 재사용 가능한 워크플로를 허용하도록 선택해야 합니다. 자세한 내용은 엔터프라이즈에서 GitHub Actions 대한 정책 적용을(를) 참조하세요.

Next steps

To enable Dependabot on GitHub Actions runners, see GitHub 호스팅 러너에서 Dependabot 구성하기 and 자체 호스팅 러너에서 Dependabot 구성.