github · Octomerger · Mar 9, 2021 · Mar 8, 2021 · Mar 8, 2021
diff --git a/content/actions/reference/authentication-in-a-workflow.md b/content/actions/reference/authentication-in-a-workflow.md
@@ -95,6 +95,8 @@ For information about the API endpoints {% data variables.product.prodname_githu
 | repository projects | read/write | read |
 | statuses | read/write  | read |
 
+{% data reusables.actions.workflow-runs-dependabot-note %}
+
 If you need a token that requires permissions that aren't available in the `GITHUB_TOKEN`, you can create a personal access token and set it as a secret in your repository:
 
 1. Use or create a token with the appropriate permissions for that repository. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."

diff --git a/...b/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot.md b/...b/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot.md
@@ -13,6 +13,8 @@ versions:
 
 Actions are often updated with bug fixes and new features to make automated processes more reliable, faster, and safer. When you enable {% data variables.product.prodname_dependabot_version_updates %} for {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dependabot %} will help ensure that references to actions in a repository's *workflow.yml* file are kept up to date. For each action in the file, {% data variables.product.prodname_dependabot %} checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. If a more recent version of the action is available, {% data variables.product.prodname_dependabot %} will send you a pull request that updates the reference in the workflow file to the latest version. For more information about {% data variables.product.prodname_dependabot_version_updates %}, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)." For more information about configuring workflows for {% data variables.product.prodname_actions %}, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
 
+{% data reusables.actions.workflow-runs-dependabot-note %}
+
 ### Enabling {% data variables.product.prodname_dependabot_version_updates %} for actions
 
 {% data reusables.dependabot.create-dependabot-yml %} If you have already enabled {% data variables.product.prodname_dependabot_version_updates %} for other ecosystems or package managers, simply open the existing *dependabot.yml* file.

diff --git a/data/reusables/actions/workflow-runs-dependabot-note.md b/data/reusables/actions/workflow-runs-dependabot-note.md
@@ -0,0 +1,7 @@
+{% if currentVersion == "free-pro-team@latest" %}
+{% note %}
+
+**Note:**  Pull requests for {% data variables.product.prodname_dependabot %} version updates will trigger workflow runs with a read-only `GITHUB_TOKEN`. These workflow runs will not be granted access to any secrets. 
+
+{% endnote %}
+{% endif %}