Public repo can't find private config in our GitHub org anymore

[mortenlocka]

What Renovate type, platform and version are you using?

Github, hosted app, free version

Describe the bug

We have a common config in a private repository in our GitHub organisation. Suddenly our public repositories can't access the private config anymore. This started about a month ago. All of the repositories are in the renovatebot repository access list.
Our private repositories still work fine.

Relevant debug logs
DEBUG: Preset fetch error
{
"preset": "github>entur/abt-renovate-config",
"err": {
"message": "dep not found",
"stack": "Error: dep not found\n at fetchJSONFile (/home/ubuntu/renovateapp/node_modules/renovate/dist/config/presets/github/index.js:22:15)\n at runMicrotasks ()\n at processTicksAndRejections (internal/process/task_queues.js:97:5)"
}
}
INFO: Throwing preset error
{
"validationError": "Cannot find preset's package (github>entur/abt-renovate-config)"
}
INFO: Repository has invalid config
{
"error": {
"validationError": "Cannot find preset's package (github>entur/abt-renovate-config)"
}
}
To Reproduce

entur/schema2proto#61

[rarkins]

This is part of some enhanced app security we adopted that wasn't originally available from GitHub. A GitHub app can request tokens for either (a) the entire account, or (b) a specific repo only. When a repo is private, we request it for the entire account, allowing private repos to depend on other private repos, but when a repo is public then we request it for just that repo. The reasoning is that if a token leakage occurs by accident on a public repo then at least it won't expose private repositories.

If people want to be "less secure" by opt-in then we can consider that, but I'm curious what is the reason for your config being private. Does it contain secrets, for example?

[mortenlocka]

Thanks for a quick answer! Yeah, contains some encrypted secrets. We might split it up, and create a public config without any information about our private urls etc.