New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(manager/composer): support git-tags hostRules for github.com when updating artifacts #18004
feat(manager/composer): support git-tags hostRules for github.com when updating artifacts #18004
Conversation
…n updating artifacts take 2
ping :) . artifacts failing. ps. using github app |
Do we know for sure what caused it to fail for others last time, and therefore we can be confident that we're avoiding the problem this time? |
Am afraid it's difficult to know for shure. The code modified 3 things
Users in #17778 did not mention having such rules. For this to be an issue they would need to hava a broken token in a
This is what I fix here. What I understood form @viceice comment is that
We added this condition because github now only accept personnal access token
Maybe these users have a github installation that still accept non-personnal access token. We can remove this check to improve our chances of not doing a breaking change. Note that if it's the case, they will probably eventually have to update their tokens for PAT enventually anyway. |
This could be the problem
This could also be the problem. The app uses |
Yes we can skip the check and the fix will still work for us. If you set a bad token in your hostRule composer will just fail. I removed the check but kept the documentation saying you should user a PAT. |
what about add a debug message when it's not. a pat or app token? |
Good idea, I improved the personal access token logic to prefer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i approve :)
BTW does having in no-api in composer.json for your private repo have any effect on this issue? https://getcomposer.org/doc/05-repositories.md#git-alternatives
|
Before all this, most of our private repositories had the noapi + type=github and we had the "Support for password authentication was removed" error. Moreover renovate could not list dependencies versions. Now all our repos use type=vcs + https url ans renovate is able to fetch dependency versions and generate pull request. The only problem is with the composer artifact update (done by composer itself not the renovate codebase). That's what this pull request fix. |
@etremblay alright we use vcs and no-api. and also thanks for creating the PR. |
we probably also need to handle the new PAT type soon https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/ |
Indeed. With this version of the code we would only log a debug saying it's not a PAT. I just generated a token and it's prefixed by |
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
Updated with master and fixed code coverage |
Any update, by when can we except this released? |
Needs conflict resolution |
Fixed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see regex issue
This branch should automerge the next time it (a) is up to date with main branch, and (b) has passed all tests |
🎉 This PR is included in version 34.101.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Changes
Take 2 of #16193 considering
When generating the COMPOSER_AUTH json, handle special case for github host rule.
Context
We cannot use the
github
hostType because it break the update of the dependancy dashboard.Also, I found that git-tags hostRules where used when doing dependancy lookup so this fix everything related to private github php repositorie
Documentation (please check one with an [x])
How I've tested my work (please tick one)
I have verified these changes via: