Developer changelog

Subscribe to the changelog to stay up to date on recent changes to Shopify’s APIs and other developer products, as well as preview upcoming features and beta releases.

Get updates by RSS

Adding read and write permissions for Dependabot secrets to Shopify’s GitHub app


Shopify’s GitHub app now requests read and write permissions for Dependabot secrets. This update supports improvements to the developer experience for Hydrogen headless storefronts hosted on Oxygen.

Currently, deployments to Oxygen are triggered by pushes or merges to a GitHub repo. However, Dependabot, GitHub’s dependency management service, doesn’t have access to the API tokens required to create a deployment. By adding these new permissions, Dependabot will be able to trigger preview deployments on Oxygen when creating pull requests that bump package versions. This change will let developers more quickly validate that automated updates can be safely merged.

Learn more about Shopify’s GitHub integration.