The Dependabot Auto-merge workflow on master is currently failing due to invalid credentials in the merge step.
Observed on July 1, 2026 in these failed runs on master:
Failure details from the job logs:
- Workflow:
Dependabot Auto-merge
- Job:
Auto-merge
- Step:
ridedott/merge-me-action@2568f177a681785a874d6e7af950eb1a0dd31123
- Error:
HttpError: Bad credentials
What this means:
- The application/test workflows are green for the relevant Dependabot PRs.
- This is not a code regression on
master.
- The current breakage is in the automerge credential path, most likely
secrets.AWBOT_GH_TOKEN being missing, expired, or otherwise unusable for the action.
Relevant context:
.github/workflows/dependabot-automerge.yml already uses secrets.AWBOT_GH_TOKEN specifically because GITHUB_TOKEN was previously insufficient for this GraphQL branch-protection query path.
- The recently opened PR bumping
ridedott/merge-me-action (#623) does not appear to address auth behavior; its changelog is routine dependency / Node 24 maintenance.
Suggested fix:
- Rotate or re-add
AWBOT_GH_TOKEN with the required repo permissions for the ActivityWatch bot account.
- After rotating the secret, re-run one of the failed
Dependabot Auto-merge workflow runs or merge a Dependabot PR to confirm recovery.
The
Dependabot Auto-mergeworkflow onmasteris currently failing due to invalid credentials in the merge step.Observed on July 1, 2026 in these failed runs on
master:Failure details from the job logs:
Dependabot Auto-mergeAuto-mergeridedott/merge-me-action@2568f177a681785a874d6e7af950eb1a0dd31123HttpError: Bad credentialsWhat this means:
master.secrets.AWBOT_GH_TOKENbeing missing, expired, or otherwise unusable for the action.Relevant context:
.github/workflows/dependabot-automerge.ymlalready usessecrets.AWBOT_GH_TOKENspecifically becauseGITHUB_TOKENwas previously insufficient for this GraphQL branch-protection query path.ridedott/merge-me-action(#623) does not appear to address auth behavior; its changelog is routine dependency / Node 24 maintenance.Suggested fix:
AWBOT_GH_TOKENwith the required repo permissions for the ActivityWatch bot account.Dependabot Auto-mergeworkflow runs or merge a Dependabot PR to confirm recovery.