Shopify’s GitHub app now requests read and write permissions for Dependabot secrets. This update supports improvements to the developer experience for Hydrogen headless storefronts hosted on Oxygen.
Currently, deployments to Oxygen are triggered by pushes or merges to a GitHub repo. However, Dependabot, GitHub’s dependency management service, doesn’t have access to the API tokens required to create a deployment. By adding these new permissions, Dependabot will be able to trigger preview deployments on Oxygen when creating pull requests that bump package versions. This change will let developers more quickly validate that automated updates can be safely merged.
Learn more about Shopify’s GitHub integration.