Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix(managers/nix): pass github token to nix (#21568)
  • Loading branch information
JamieMagee committed May 3, 2023
1 parent a0eaee7 commit 19ce28c
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 12 deletions.
46 changes: 43 additions & 3 deletions lib/modules/manager/nix/artifacts.spec.ts
Expand Up @@ -5,16 +5,18 @@ import {
mockExecAll,
mockExecSequence,
} from '../../../../test/exec-util';
import { env, fs, git, partial } from '../../../../test/util';
import { env, fs, git, mocked, partial } from '../../../../test/util';
import { GlobalConfig } from '../../../config/global';
import type { RepoGlobalConfig } from '../../../config/types';
import * as docker from '../../../util/exec/docker';
import * as _hostRules from '../../../util/host-rules';
import type { UpdateArtifactsConfig } from '../types';
import { updateArtifacts } from '.';

jest.mock('../../../util/exec/env');
jest.mock('../../../util/fs');
jest.mock('../../../util/git');
jest.mock('../../../util/host-rules');

const adminConfig: RepoGlobalConfig = {
// `join` fixes Windows CI
Expand All @@ -31,13 +33,20 @@ const lockMaintenanceConfig = { ...config, isLockFileMaintenance: true };
const updateInputCmd = `nix \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
flake lock --update-input nixpkgs`;
flake lock --update-input nixpkgs`;
const updateInputTokenCmd = `nix \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
--extra-access-tokens github.com=token \
flake lock --update-input nixpkgs`;
const lockfileMaintenanceCmd = `nix \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
flake update`;
flake update`;

describe('modules/manager/nix/artifacts', () => {
const hostRules = mocked(_hostRules);

beforeEach(() => {
jest.resetAllMocks();
env.getChildProcessEnv.mockReturnValue({
Expand All @@ -47,6 +56,7 @@ describe('modules/manager/nix/artifacts', () => {
});
GlobalConfig.set(adminConfig);
docker.resetPrefetchedImages();
hostRules.find.mockReturnValue({ token: undefined });
});

it('returns if no flake.lock found', async () => {
Expand Down Expand Up @@ -111,6 +121,36 @@ describe('modules/manager/nix/artifacts', () => {
expect(execSnapshots).toMatchObject([{ cmd: updateInputCmd }]);
});

it('adds GitHub token', async () => {
fs.readLocalFile.mockResolvedValueOnce('current flake.lock');
const execSnapshots = mockExecAll();
git.getRepoStatus.mockResolvedValue(
partial<StatusResult>({
modified: ['flake.lock'],
})
);
fs.readLocalFile.mockResolvedValueOnce('new flake.lock');
hostRules.find.mockReturnValueOnce({ token: 'token' });

const res = await updateArtifacts({
packageFileName: 'flake.nix',
updatedDeps: [{ depName: 'nixpkgs' }],
newPackageFileContent: 'some new content',
config: { ...config, constraints: { python: '3.7' } },
});

expect(res).toEqual([
{
file: {
contents: 'new flake.lock',
path: 'flake.lock',
type: 'addition',
},
},
]);
expect(execSnapshots).toMatchObject([{ cmd: updateInputTokenCmd }]);
});

it('supports docker mode', async () => {
GlobalConfig.set(dockerAdminConfig);
const execSnapshots = mockExecAll();
Expand Down
24 changes: 15 additions & 9 deletions lib/modules/manager/nix/artifacts.ts
Expand Up @@ -5,6 +5,7 @@ import { exec } from '../../../util/exec';
import type { ExecOptions } from '../../../util/exec/types';
import { readLocalFile } from '../../../util/fs';
import { getRepoStatus } from '../../../util/git';
import * as hostRules from '../../../util/host-rules';
import { regEx } from '../../../util/regex';
import type { UpdateArtifact, UpdateArtifactsResult } from '../types';

Expand All @@ -20,23 +21,28 @@ export async function updateArtifacts({
return null;
}

let cmd: string;
let cmd = `nix \
--extra-experimental-features nix-command \
--extra-experimental-features flakes `;

const { token } = hostRules.find({
hostType: 'github',
url: 'https://api.github.com/',
});

if (token) {
cmd += `--extra-access-tokens github.com=${token} `;
}

if (config.isLockFileMaintenance) {
cmd = `nix \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
flake update`;
cmd += 'flake update';
} else {
const inputs = updatedDeps
.map(({ depName }) => depName)
.filter(is.nonEmptyStringAndNotWhitespace)
.map((depName) => `--update-input ${quote(depName)}`)
.join(' ');
cmd = `nix \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
flake lock ${inputs}`;
cmd += `flake lock ${inputs}`;
}
const execOptions: ExecOptions = {
cwdFile: packageFileName,
Expand Down

0 comments on commit 19ce28c

Please sign in to comment.