After talking to our ASF-infra team I changed the build skript to not run on dependabot branches. Maybe you could augment your default build script to include the dependabot exclusion as GitHub does not pass global secrets to dependabot by default?!
Unfortunately master-branch build is red now, but I hope to fix it soon.
Cheers