Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(private-packages): add a note about Yarn 2+ #11692

Merged
merged 2 commits into from Sep 12, 2021

Conversation

ylemkimon
Copy link
Contributor

@ylemkimon ylemkimon commented Sep 12, 2021

Changes:

Added a note about private packages in Yarn 2 to documentation.

Context:

Renovate doesn't support reading npmRegistries and npmScopes from .yarnrc.yml, leading to confusion on how to configure Renovate on Yarn with private packages.

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@rarkins rarkins enabled auto-merge (squash) September 12, 2021 14:10

Renovate doesn't support reading `npmRegistries` and `npmScopes` from `.yarnrc.yml`, so `hostRules` (or `npmToken`) and `npmrc` should be configured like above.
Renovate updates `npmRegistries` in `.yarnrc.yml` with resolved `hostRules` before running Yarn.
For Renovate to overwrite existing `npmRegistries` entry, the key should match the `matchHost` without the protocol (`http:` or `https:`) and with the trailing slash.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rarkins Are we sure about this behavior?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't double check it but assumed @ylemkimon checked the source :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've verified, this won't work for npm datasource. The hostrule won't applied, as it's not a url or a hostname.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're talking about different things here.

renovate/lib/util/url.ts

Lines 49 to 55 in 62a540c

export function validateUrl(url?: string, httpOnly = true): boolean {
if (!url) {
return false;
}
try {
const { protocol } = new URL(url);
return httpOnly ? !!protocol.startsWith('http') : !!protocol;
let uri = hostRule.matchHost;
uri = validateUrl(uri) ? uri.replace(/^https?:/, '') : `//${uri}/`;

I meant following Renovate configuration:

{
  "hostRules": [
    {
      "matchHost": "https://npm.pkg.github.com/",
      "hostType": "npm",
      "encrypted": {
        "token": "<Encrypted PAT token>"
      }
    }
  ]
}

will update .yarnrc.yml as following:

npmRegistries:
  //npm.pkg.github.com/:
    npmAuthToken: <Decrypted PAT token>

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So without needs to be with https? prefix. I think the sample should be added too.

@ylemkimon can you create a new PR for it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've opened #11696.

@rarkins rarkins merged commit 0a5cee1 into renovatebot:main Sep 12, 2021
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 27.5.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@ylemkimon ylemkimon mentioned this pull request Sep 12, 2021
6 tasks
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants