How to configure GitHub dependabot for private repository with reusable workflows?

Question

On GitHub, I use a private repository for reusable workflows and composite actions named private-workflows.

In another private repository, e.g. named project-repo, I use those workflows and actions in GitHub actions.

The dependabot in project-repo is configured to check for updates on GitHub actions.

Dependabot then failes with this error message:

Dependabot failed to update your dependencies

The following git repository was unreachable and caused the update to fail: actions.

Personal user accounts don't support updating dependency files that reference private git repositories. To use Dependabot with dependency files that reference private git repositories, you can use a git registry, or you can use an organization account and grant Dependabot access to private repositories.

I am not having an organization account.

How exactly do I have to configure dependabot to work in this case? The documentation provided in the error message regarding a private git registry is not very detailed.

Answer 1

Though not very detailed, the documentation regarding a private git registry contains almost everything you need.

Besides adding the registry just as written, it also needs to be referenced in the updates section:

version: 2
registries:
  github-octocat:
    type: git
    url: https://github.com
    username: x-access-token
    password: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
updates:
  - package-ecosystem: "github-actions"
    directory: "/.github/workflows"
    registries:
      - github-octocat
    schedule:
      interval: "daily"