The databaseId which is required in the script for configuring the Azure resources can refer to any of the following depending on whether you are configuring the resources for an enterprise or an organization:
The enterprise slug, which you can identify by looking at the URL for your enterprise, https://github.com/enterprises/SLUG, or
The login for the organization account, which you can identify by looking at the URL for your organization, https://github.com/organizations/ORGANIZATION_LOGIN.
The script will return the full payload for the created resource. The GitHubId hash value returned in the payload for the created resource is the network settings resource ID you will use in the next steps while setting up a network configuration in GitHub
After configuring your Azure resources, you can use an Azure Virtual Network (VNET) for private networking by creating a network configuration at the organization level. Then, you can associate that network configuration to runner groups.
When adding your GitHub-hosted runner to a runner group, select the runner group you created in the previous step.
Note
Naming the GitHub-hosted runner dependabot assigns the dependabot label to the runner, which enables it to pick up jobs triggered by Dependabot on actions.
In the upper-right corner of GitHub, click your profile picture, then click Organizations.
Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.
In the "Security" section of the sidebar, select the Advanced Security dropdown menu, then click Global settings.
Under Dependabot, select Dependabot on self-hosted runners. This step is required, as it ensures that future Dependabot jobs will run on the larger GitHub-hosted runner that has the dependabot name.
Now that you've set up private networking with VNET, you can start a Dependabot run.
On GitHub, navigate to the main page of the repository.
Under your repository name, click the Insights tab.
In the left sidebar, click Dependency graph.
Screenshot of the "Dependency graph" tab. The tab is highlighted with an orange outline.
Under "Dependency graph", click Dependabot.
To the right of the name of manifest file you're interested in, click Recent update jobs.
If there are no recent update jobs for the manifest file, click Check for updates to re-run a Dependabot version updates'job and check for new updates to dependencies for that ecosystem.
You can view the logs of the Dependabot workflow in the Actions tab of your repository. Ensure you select the Dependabot job on the left sidebar of the Actions page.
Example of log for a "Dependabot in vnet" workflow. The Dependabot job is highlighted with an orange outline.
You can view the active jobs in the page containing informatuon about the runner. To access that page, click the Policies tab for the enterprise, select Actions on the left sidebar, click the Runner group tab, and select your runner.
Screenshot showing a Dependabot runner's active jobs.
If your Azure VNET environment is configured with a firewall with an IP allowlist, you may need to update your list of allowed IP addresses to use the GitHub-hosted runners IP addresses sourced from the meta API endpoint.
GitHub provides the following public endpoint for its IP ranges: