Skip to content

Dependabot Auto-merge failing on master with bad credentials #627

Description

@TimeToBuildBob

The Dependabot Auto-merge workflow on master is currently failing due to invalid credentials in the merge step.

Observed on July 1, 2026 in these failed runs on master:

Failure details from the job logs:

  • Workflow: Dependabot Auto-merge
  • Job: Auto-merge
  • Step: ridedott/merge-me-action@2568f177a681785a874d6e7af950eb1a0dd31123
  • Error: HttpError: Bad credentials

What this means:

  • The application/test workflows are green for the relevant Dependabot PRs.
  • This is not a code regression on master.
  • The current breakage is in the automerge credential path, most likely secrets.AWBOT_GH_TOKEN being missing, expired, or otherwise unusable for the action.

Relevant context:

  • .github/workflows/dependabot-automerge.yml already uses secrets.AWBOT_GH_TOKEN specifically because GITHUB_TOKEN was previously insufficient for this GraphQL branch-protection query path.
  • The recently opened PR bumping ridedott/merge-me-action (#623) does not appear to address auth behavior; its changelog is routine dependency / Node 24 maintenance.

Suggested fix:

  • Rotate or re-add AWBOT_GH_TOKEN with the required repo permissions for the ActivityWatch bot account.
  • After rotating the secret, re-run one of the failed Dependabot Auto-merge workflow runs or merge a Dependabot PR to confirm recovery.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions