Fix Dependabot secret resolution for GitHub Packages registry (#622)

Commit: a144fcb7f11c5dcb1f6e329e6d572613127a1787
Date: 2026-03-21 13:00:28 +0000
Author: Copilot

Commit Message

Fix Dependabot secret resolution for GitHub Packages registry (#622)

* Initial plan

* fix: use DEPENDABOT_GITHUB_PACKAGES_TOKEN instead of GITHUB_TOKEN in dependabot.yml

GITHUB_TOKEN is not available as a secret in the Dependabot context
because Dependabot version updates run on their own infrastructure,
not on GitHub Actions runners. Replace with a PAT stored as a
Dependabot secret.

Update documentation in .github/workflows/README.md and
docs/development/workflows.md to reflect the PAT approach as the
current method with setup instructions.

Co-authored-by: metanull <20630081+metanull@users.noreply.github.com>
Agent-Logs-Url: https://github.com/metanull/inventory-app/sessions/7830b373-3065-4385-9341-45a6d2a0c144

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: metanull <20630081+metanull@users.noreply.github.com>

Files Changed

📝 Modified: .github/dependabot.yml
📝 Modified: .github/workflows/README.md
📝 Modified: docs/development/workflows.md

Links

This documentation was automatically generated from Git commit data.