Has anyone used the github actions hosted dependabot beta for private hex repositories? We would love dependabot to notify application owners in our org when another team updates their libraries.
Unfortunately, am getting 403s every time dependabot attempts to check our private hex.
From the logs, Dependabot is showing the following:
proxy | 2020/07/13 16:25:22 403 https://repo.hex.pm:443/repos/us/packages/ourpackage
The relevant portions of our .github/dependabot.yml
are:
version: 2
updates:
# Keep mix dependencies up to date
- package-ecosystem: "mix"
directory: "/"
schedule:
interval: "weekly"
assignees:
- "OURORG/ourteam"
labels:
- "dependabot-update"
rebase-strategy: "disabled"