How do you configure Dependabot to access Ruby gems in Github Package Repository?

[ramontayag]

This has an example:

registries:
  ruby-github:
    type: rubygems-server
    url: https://rubygems.pkg.github.com/octocat/github_api
    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}

I tried this and used:

• url: https://rubygems.pkg.github.com/ORG_NAME ➡️ used this because this is the URL in the Gemfile and the URL in Bundler config, and I'm able to install
• token: OWNER_OF_THE_PERSONAL_ACCESS_TOKEN:${{secrets.PERSONAL_ACCESS_TOKEN_VAR_NAME}} ➡️ The example didn't have the username, but this is how it is configured in Bundler and it works fine.

Unfortunately I see this error:

updater | INFO <job_446567637> Handled error whilst updating diffy: private_source_authentication_failure {:source=>"rubygems.pkg.github.com"}

[airtower-luna]

token: OWNER_OF_THE_PERSONAL_ACCESS_TOKEN:${{secrets.PERSONAL_ACCESS_TOKEN_VAR_NAME}} ➡️ The example didn't have the username, but this is how it is configured in Bundler and it works fine.

That's probably exactly the problem, it looks like a setting for HTTP simple auth. I assume Dependabot is using the recommended Authorization header instead, which requires only the token.

[ramontayag]

Thanks for the response. Perhaps you're right, but I haven't been able to get authenticated yet. I have run out of config permutations to try 😮‍💨