From 79f42007e0afd63e79d95dddd8bbda11ba7e9c97 Mon Sep 17 00:00:00 2001
From: null-paorodrigues <paola.rodrigues@nullplatform.io>
Date: Wed, 10 Jun 2026 17:27:32 -0300
Subject: [PATCH] fix: add DEPENDABOT_TOKEN fallback for Dependabot PR CI runs

Dependabot PRs cannot access Actions secrets (CI_TOKEN).
Adding DEPENDABOT_TOKEN (a Dependabot secret with read:packages)
as fallback allows CI to install @nullplatform/* private packages
when running tests on Dependabot-created PRs.
---
 .github/workflows/pr-checks-docker.yml    | 4 ++--
 .github/workflows/pr-checks-node-npm.yml  | 2 +-
 .github/workflows/pr-checks-node-pnpm.yml | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr-checks-docker.yml b/.github/workflows/pr-checks-docker.yml
index 73331b1..8a1bc3f 100644
--- a/.github/workflows/pr-checks-docker.yml
+++ b/.github/workflows/pr-checks-docker.yml
@@ -35,7 +35,7 @@ jobs:
       - name: Build image (legacy --build-arg)
         if: ${{ !inputs.use_buildkit_secret }}
         env:
-          GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.DEPENDABOT_TOKEN || secrets.GITHUB_TOKEN }}
           DOCKERFILE: ${{ inputs.dockerfile }}
           CONTEXT: ${{ inputs.context }}
         run: docker build --build-arg GITHUB_TOKEN="$GITHUB_TOKEN" -f "$DOCKERFILE" -t pr-check "$CONTEXT"
@@ -43,7 +43,7 @@ jobs:
       - name: Build image (BuildKit secret)
         if: ${{ inputs.use_buildkit_secret }}
         env:
-          GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.DEPENDABOT_TOKEN || secrets.GITHUB_TOKEN }}
           DOCKERFILE: ${{ inputs.dockerfile }}
           CONTEXT: ${{ inputs.context }}
         run: |
diff --git a/.github/workflows/pr-checks-node-npm.yml b/.github/workflows/pr-checks-node-npm.yml
index 4e89dc3..37b1e79 100644
--- a/.github/workflows/pr-checks-node-npm.yml
+++ b/.github/workflows/pr-checks-node-npm.yml
@@ -23,7 +23,7 @@ jobs:
     name: Testing
     runs-on: ubuntu-24.04
     env:
-      GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.GITHUB_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.DEPENDABOT_TOKEN || secrets.GITHUB_TOKEN }}
       FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
     steps:
       - uses: actions/checkout@v6
diff --git a/.github/workflows/pr-checks-node-pnpm.yml b/.github/workflows/pr-checks-node-pnpm.yml
index c7d4582..326cac4 100644
--- a/.github/workflows/pr-checks-node-pnpm.yml
+++ b/.github/workflows/pr-checks-node-pnpm.yml
@@ -23,7 +23,7 @@ jobs:
     name: Testing
     runs-on: ubuntu-24.04
     env:
-      GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.GITHUB_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.CI_TOKEN || secrets.DEPENDABOT_TOKEN || secrets.GITHUB_TOKEN }}
       FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
     steps:
       - uses: actions/checkout@v6