diff --git a/docs/development/local-development.md b/docs/development/local-development.md index 06de394c7a06bf..da8d7ac4678e63 100644 --- a/docs/development/local-development.md +++ b/docs/development/local-development.md @@ -75,7 +75,6 @@ The Renovate project uses the [Yarn](https://github.com/yarnpkg/yarn) package ma To ensure everything is working properly on your end, you must: -1. Make sure you don't have a local `.npmrc` file that overrides npm's default registry 1. Install all dependencies with `yarn install` 1. Make a build with `yarn build`, which should pass with no errors 1. Verify all tests pass and have 100% test coverage, by running `yarn test` diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md index 522eb4fe24a59d..b21d513dc1b8a5 100644 --- a/docs/usage/configuration-options.md +++ b/docs/usage/configuration-options.md @@ -69,7 +69,7 @@ With the above config: ## additionalBranchPrefix This value defaults to an empty string, and is typically not necessary. -Some managers populate this field for historical reasons, for example we use `docker-` for Docker branches, so they may look like `renovate/docker-ubuntu-16.x`. +Some managers previously populated this field, but they no longer do so by default. You normally don't need to configure this, but one example where it can be useful is combining with `parentDir` in monorepos to split PRs based on where the package definition is located, e.g. ```json @@ -969,13 +969,6 @@ The above is the same as if you wrote this package rule: } ``` -## ignoreNpmrcFile - -By default, Renovate will look for and use any `.npmrc` file it finds in a repository. -Additionally, it will be read in by `npm` or `yarn` at the time of lock file generation. -Sometimes this causes problems, for example if the file contains placeholder values, so you can configure this to `true` and Renovate will ignore any `.npmrc` files it finds and temporarily remove the file before running `npm install` or `yarn install`. -Renovate will try to configure this to `true` also if you have configured any `npmrc` string within your config file. - ## ignorePaths Using this setting, you can selectively ignore package files that you don't want Renovate autodiscovering. @@ -1517,7 +1510,6 @@ For example to apply a special label for Major updates: ## patch Add to this object if you wish to define rules that apply only to patch updates. -Only applies if `separateMinorPatch` is set to true. ## php @@ -1542,7 +1534,6 @@ If enabled Renovate will pin Docker images by means of their SHA256 digest and n Post-upgrade tasks are commands that are executed by Renovate after a dependency has been updated but before the commit is created. The intention is to run any additional command line tools that would modify existing files or generate new files when a dependency changes. -This is only available on Renovate instances that have a `trustLevel` of 'high'. Each command must match at least one of the patterns defined in `allowedPostUpgradeTasks` in order to be executed. If the list of allowed tasks is empty then no tasks will be executed. diff --git a/docs/usage/configuration-templates.md b/docs/usage/configuration-templates.md index 10911f76f2857f..c239ac69fe898a 100644 --- a/docs/usage/configuration-templates.md +++ b/docs/usage/configuration-templates.md @@ -21,8 +21,7 @@ Most users will be happy with the default `branchPrefix` of `renovate/`, but you Say you don't want the forward slashes, in that case you would use `renovate-` as your `branchPrefix`. The onboarding PR will always use `renovate/configure`. -`additionalBranchPrefix` is optional and by default is empty for all JavaScript dependencies. -We use `docker-` for all Docker updates, branches will look like this: `renovate/docker-ubuntu-16.x`. +`additionalBranchPrefix` is optional and by default is empty. `branchTopic` depends on the package manager and upgrade type, so you will see a lot of variety. This is probably a setting you want to change yourself. diff --git a/docs/usage/faq.md b/docs/usage/faq.md index bcf253b27896bf..5c71756c2c5e31 100644 --- a/docs/usage/faq.md +++ b/docs/usage/faq.md @@ -208,10 +208,7 @@ To learn more read the section below. You can see in the example above that Renovate won't normally open a PR for the `snorgleborf` patch release. -There are 2 ways to tell Renovate to open a separate PR for the patch release: - -- Set `separateMinorPatch` to `true` -- Set `automerge` to the value: `"patch"` +You can tell Renovate to open a separate PR for the patch release by setting `separateMinorPatch` to `true`. In both cases, Renovate will open 3 PRs: diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md index 44d95db472515c..de8f6e3a801f4a 100644 --- a/docs/usage/private-modules.md +++ b/docs/usage/private-modules.md @@ -33,8 +33,6 @@ The recommended approaches in order of preference are: **Self-hosted hostRules**: Configure a hostRules entry in the bot's `config.js` with the `hostType`, `hostName` and `token` specified -**Self-hosted .npmrc**: copy an `.npmrc` file to the home dir of the bot. - **Renovate App with private modules from npmjs.org**: Add an encrypted `npmToken` to your Renovate config **Renovate App with a private registry**: Add an unencrypted `npmrc` plus an encrypted `npmToken` in config @@ -64,23 +62,11 @@ module.exports = { }; ``` -**NOTE:** Do not use `NPM_TOKEN` as an environment variable, it's incompatible with `hostRules` and will be deprecated soon. - -### Commit .npmrc file into repository - -One approach that many projects use for private repositories is to simply check in an authenticated `.npmrc` into the repository that is then shared between all developers. -Therefore anyone running `npm install` or `yarn install` from the project root will be automatically authenticated with npm without having to distribute npm logins to every developer and make sure they've run `npm login` first before installing. - -The good news is that this works for Renovate too. -If Renovate detects a `.npmrc` or `.yarnrc` file then it will use it for its install. - -Does not work if using binarySource=docker. -_This method will be deprecated soon_ +**NOTE:** Do not use `NPM_TOKEN` as an environment variable. ### Add npmrc string to Renovate config -The above solution maybe have a downside that all users of the repository (e.g. developers) will also use any `.npmrc` that is checked into the repository, instead of their own one in `~/.npmrc`. -To avoid this, you can instead add your `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this: +You can add an `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this: ```json { diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index b6673d42fc629a..86c10c63deae4d 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -9,6 +9,8 @@ The configuration options listed in this document are applicable to self-hosted Please also see [Self-Hosted Experimental Options](./self-hosted-experimental.md). +## allowCustomCrateRegistries + ## allowPostUpgradeCommandTemplating Set to true to allow templating of dependency level post-upgrade commands. @@ -52,18 +54,18 @@ npm ci --ignore-scripts npx ng update @angular/core --from=10.0.0 --to=11.0.0 --migrate-only --allow-dirty --force ``` +## allowScripts + ## allowedPostUpgradeCommands A list of regular expressions that determine which commands in `postUpgradeTasks` are allowed to be executed. If this list is empty then no tasks will be executed. -Also you need to have `"trustLevel": "high"`, otherwise these tasks will be ignored. e.g. ```json { - "allowedPostUpgradeCommands": ["^tslint --fix$", "^tslint --[a-z]+$"], - "trustLevel": "high" + "allowedPostUpgradeCommands": ["^tslint --fix$", "^tslint --[a-z]+$"] } ``` @@ -156,17 +158,6 @@ You would use put this in your configuration file: If you pulled a new `node` image, the final image would be `ghcr.io/renovatebot/node` instead of `docker.io/renovate/node`. -## dockerMapDotfiles - -This is used if you want to map "dotfiles" from your host computer home directory to containers that Renovate creates, e.g. for updating lock files. -Currently applicable to `.npmrc` only. - -```json -{ - "dockerMapDotfiles": true -} -``` - ## dockerUser Override default user and group used by Docker-based binaries. @@ -186,6 +177,14 @@ e.g. ## endpoint +## exposeAllEnv + +By default, Renovate only passes a limited set of environment variables to package managers. +Confidential data can be leaked if a malicious script enumerates all environment variables. +Set `exposeAllEnv` to `true` only if you have reviewed (and trust) the repositories which Renovate bot runs against. + +Setting this to `true` will also allow for variable substitution in `.npmrc` files. + ## force This object is used as a "force override" when you need to make sure certain configuration overrides whatever is configured in the repository. @@ -233,18 +232,6 @@ If left as default (null), a random short ID will be selected. ## logFileLevel -## logLevel - -We recommend that you run the Renovate bot at the debug level if you can. -Use the environment variable `LOG_LEVEL=debug` to run Renovate at the debug level. - -When you use `LOG_LEVEL=debug`, debug logging starts from the beginning of the app. -If you had configured debug logging in a file config, then the debug logging starts _after_ the file config is parsed. - -Additionally, if you configure `LOG_FORMAT=json` in env then logging will be done in JSON format instead of "pretty" format, which is usually better if you're doing any ingestion or parsing of the logs. - -Warning: Configuring `logLevel` config option or `--log-level` cli option is deprecated and will be removed in a major version. - ## onboarding Set this to `false` only if all three statements are true: @@ -387,13 +374,4 @@ This is currently applicable to `npm` and `lerna`/`npm` only, and only used in c ## token -## trustLevel - -Setting trustLevel to `"high"` can make sense in many self-hosted cases where the bot operator trusts the content in each repository. - -Setting trustLevel=high means: - -- Child processes are run with full access to `env` -- `.npmrc` files can have environment variable substitution performed - ## username diff --git a/docs/usage/self-hosted-experimental.md b/docs/usage/self-hosted-experimental.md index 1151bd65d624ac..2f00716900c3b6 100644 --- a/docs/usage/self-hosted-experimental.md +++ b/docs/usage/self-hosted-experimental.md @@ -27,11 +27,6 @@ If set to any integer, Renovate will use this integer instead of the default npm If set to any value, Renovate will skip its default artifacts filter check in the Maven datasource. Skiping the check will speed things up, but may result in versions being returned which don't properly exist on the server. -## RENOVATE_LEGACY_GIT_AUTHOR_EMAIL - -An additional `gitAuthor` email to ignore. -This variable is deprecated: use `ignoredAuthors` instead. - ## RENOVATE_PAGINATE_ALL If set to any value, Renovate will always paginate requests to GitHub fully, instead of stopping after 10 pages. diff --git a/lib/config/__snapshots__/migration.spec.ts.snap b/lib/config/__snapshots__/migration.spec.ts.snap index 48456d788edf78..7713dfac4bc167 100644 --- a/lib/config/__snapshots__/migration.spec.ts.snap +++ b/lib/config/__snapshots__/migration.spec.ts.snap @@ -78,6 +78,8 @@ Array [ exports[`config/migration migrateConfig(config, parentConfig) migrates config 1`] = ` Object { "additionalBranchPrefix": "{{parentDir}}-", + "allowCustomCrateRegistries": true, + "allowScripts": true, "autodiscover": true, "automerge": false, "automergeType": "branch", @@ -94,6 +96,7 @@ Object { "dependencyDashboard": true, "dependencyDashboardTitle": "foo", "enabled": true, + "exposeAllEnv": true, "extends": Array [ ":automergeBranch", "config:js-app", @@ -109,8 +112,8 @@ Object { "includeForks": true, "lockFileMaintenance": Object { "automerge": true, + "exposeAllEnv": false, "schedule": "before 5am", - "trustLevel": "low", }, "major": Object { "automerge": false, @@ -121,6 +124,7 @@ Object { "minor": Object { "automerge": true, }, + "npmrc": "", "nvmrc": Object { "packageRules": Array [ Object { @@ -243,7 +247,6 @@ Object { "travis": Object { "enabled": true, }, - "trustLevel": "high", } `; diff --git a/lib/config/admin.ts b/lib/config/admin.ts index 6d6fd61fc69edd..feb3701c818dcd 100644 --- a/lib/config/admin.ts +++ b/lib/config/admin.ts @@ -4,15 +4,17 @@ let adminConfig: RepoAdminConfig = {}; // TODO: once admin config work is complete, add a test to make sure this list includes all options with admin=true export const repoAdminOptions = [ + 'allowCustomCrateRegistries', 'allowPostUpgradeCommandTemplating', + 'allowScripts', 'allowedPostUpgradeCommands', 'customEnvVariables', 'dockerChildPrefix', 'dockerImagePrefix', 'dockerUser', 'dryRun', + 'exposeAllEnv', 'privateKey', - 'trustLevel', ]; export function setAdminConfig(config: RenovateConfig = {}): void { diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index ecc1d455c5f7b1..76dcf0d28c0de3 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -254,14 +254,6 @@ const options: RenovateOptions[] = [ type: 'object', default: false, }, - { - name: 'dockerMapDotfiles', - description: - 'Map relevant home directory dotfiles into containers when binarySource=docker.', - admin: true, - type: 'boolean', - default: false, - }, { name: 'dockerChildPrefix', description: @@ -294,13 +286,6 @@ const options: RenovateOptions[] = [ admin: true, }, // Log options - { - name: 'logLevel', - description: 'Logging level. Deprecated, use `LOG_LEVEL` environment.', - stage: 'global', - type: 'string', - allowedValues: ['fatal', 'error', 'warn', 'info', 'debug', 'trace'], - }, { name: 'logFile', description: 'Log file path.', @@ -480,17 +465,33 @@ const options: RenovateOptions[] = [ default: false, }, { - name: 'trustLevel', + name: 'exposeAllEnv', description: - 'Set this to "high" if the bot should trust the repository owners/contents.', + 'Configure this to true to allow passing of all env variables to package managers.', admin: true, - type: 'string', - default: 'low', + type: 'boolean', + default: false, + }, + { + name: 'allowScripts', + description: + 'Configure this to true if repositories are allowed to run install scripts.', + admin: true, + type: 'boolean', + default: false, + }, + { + name: 'allowCustomCrateRegistries', + description: + 'Configure this to true if custom crate registries are allowed.', + admin: true, + type: 'boolean', + default: false, }, { name: 'ignoreScripts', description: - 'Configure this to true if trustLevel is high but you wish to skip running scripts when updating lock files.', + 'Configure this to true if allowScripts=true but you wish to skip running scripts when updating lock files.', type: 'boolean', default: false, }, @@ -562,12 +563,6 @@ const options: RenovateOptions[] = [ default: null, admin: true, }, - { - name: 'ignoreNpmrcFile', - description: 'Whether to ignore any .npmrc file found in repository.', - type: 'boolean', - default: false, - }, { name: 'autodiscover', description: 'Autodiscover all repositories.', @@ -1068,8 +1063,7 @@ const options: RenovateOptions[] = [ }, { name: 'patch', - description: - 'Configuration to apply when an update type is patch. Only applies if `separateMinorPatch` is set to true.', + description: 'Configuration to apply when an update type is patch.', stage: 'package', type: 'object', default: {}, diff --git a/lib/config/index.ts b/lib/config/index.ts index 6fbe43fc3c351c..366813c25a0c80 100644 --- a/lib/config/index.ts +++ b/lib/config/index.ts @@ -1,4 +1,4 @@ -import { addStream, levels, logger, setContext } from '../logger'; +import { addStream, logger, setContext } from '../logger'; import { get, getLanguageList, getManagerList } from '../manager'; import { ensureDir, getSubDirectory, readFile } from '../util/fs'; import { ensureTrailingSlash } from '../util/url'; @@ -7,7 +7,6 @@ import * as defaultsParser from './defaults'; import * as definitions from './definitions'; import * as envParser from './env'; import * as fileParser from './file'; -import { resolveConfigPresets } from './presets'; import type { GlobalConfig, ManagerConfig, @@ -47,10 +46,10 @@ export async function parseConfigs( logger.debug('Parsing configs'); // Get configs - const defaultConfig = await resolveConfigPresets(defaultsParser.getConfig()); - const fileConfig = await resolveConfigPresets(fileParser.getConfig(env)); - const cliConfig = await resolveConfigPresets(cliParser.getConfig(argv)); - const envConfig = await resolveConfigPresets(envParser.getConfig(env)); + const defaultConfig = defaultsParser.getConfig(); + const fileConfig = fileParser.getConfig(env); + const cliConfig = cliParser.getConfig(argv); + const envConfig = envParser.getConfig(env); let config: GlobalConfig = mergeChildConfig(fileConfig, envConfig); config = mergeChildConfig(config, cliConfig); @@ -75,15 +74,6 @@ export async function parseConfigs( delete config.privateKeyPath; } - // Deprecated set log level: https://github.com/renovatebot/renovate/issues/8291 - // istanbul ignore if - if (config.logLevel) { - logger.warn( - 'Configuring logLevel in CLI or file is deprecated. Use LOG_LEVEL environment variable instead' - ); - levels('stdout', config.logLevel); - } - if (config.logContext) { // This only has an effect if logContext was defined via file or CLI, otherwise it would already have been detected in env setContext(config.logContext); diff --git a/lib/config/migration.spec.ts b/lib/config/migration.spec.ts index 7bd348c5ea4996..eb384c3abe331e 100644 --- a/lib/config/migration.spec.ts +++ b/lib/config/migration.spec.ts @@ -44,6 +44,7 @@ describe(getName(__filename), () => { onboarding: 'false' as never, multipleMajorPrs: true, gitFs: false, + ignoreNpmrcFile: true, separateMajorReleases: true, separatePatchReleases: true, suppressNotifications: ['lockFileErrors', 'prEditNotification'], @@ -56,6 +57,7 @@ describe(getName(__filename), () => { masterIssueTitle: 'foo', gomodTidy: true, upgradeInRange: true, + trustLevel: 'high', automergeType: 'branch-push', branchName: '{{{branchPrefix}}}{{{managerBranchPrefix}}}{{{branchTopic}}}{{{baseDir}}}', diff --git a/lib/config/migration.ts b/lib/config/migration.ts index 8b4f7ad5b18d5b..559a1d8c1a6a81 100644 --- a/lib/config/migration.ts +++ b/lib/config/migration.ts @@ -191,11 +191,19 @@ export function migrateConfig( migratedConfig.rebaseWhen = 'never'; } } else if (key === 'exposeEnv') { + migratedConfig.exposeAllEnv = val; delete migratedConfig.exposeEnv; - if (val === true) { - migratedConfig.trustLevel = 'high'; - } else if (val === false) { - migratedConfig.trustLevel = 'low'; + } else if (key === 'trustLevel') { + delete migratedConfig.trustLevel; + if (val === 'high') { + migratedConfig.allowCustomCrateRegistries ??= true; + migratedConfig.allowScripts ??= true; + migratedConfig.exposeAllEnv ??= true; + } + } else if (key === 'ignoreNpmrcFile') { + delete migratedConfig.ignoreNpmrcFile; + if (!is.string(migratedConfig.npmrc)) { + migratedConfig.npmrc = ''; } } else if ( key === 'branchName' && diff --git a/lib/config/presets/index.ts b/lib/config/presets/index.ts index 356d47782ecccd..7e71fc68e1716f 100644 --- a/lib/config/presets/index.ts +++ b/lib/config/presets/index.ts @@ -100,6 +100,7 @@ export function parsePreset(input: string): ParsedPreset { str = str.slice(0, str.indexOf('(')); } const presetsPackages = [ + 'compatibility', 'config', 'default', 'docker', diff --git a/lib/config/presets/internal/compatibility.ts b/lib/config/presets/internal/compatibility.ts new file mode 100644 index 00000000000000..ce1175f569fb34 --- /dev/null +++ b/lib/config/presets/internal/compatibility.ts @@ -0,0 +1,24 @@ +import { Preset } from '../types'; + +export const presets: Record = { + additionalBranchPrefix: { + buildkite: { + additionalBranchPrefix: 'buildkite-', + }, + cargo: { + additionalBranchPrefix: 'rust-', + }, + docker: { + additionalBranchPrefix: 'docker-', + }, + homebrew: { + additionalBranchPrefix: 'homebrew-', + }, + packageRules: [ + { + matchDatasources: ['helm'], + additionalBranchPrefix: 'helm-', + }, + ], + }, +}; diff --git a/lib/config/presets/internal/group.ts b/lib/config/presets/internal/group.ts index edfcd3b643464b..20a4c9a135f8b7 100644 --- a/lib/config/presets/internal/group.ts +++ b/lib/config/presets/internal/group.ts @@ -29,10 +29,24 @@ const staticGroups = { }, ], }, + nodeJs: { + description: + "Group anything that looks like Node.js together so that it's updated together", + packageRules: [ + { + matchDatasources: ['docker'], + matchPackageNames: ['node'], + matchPackagePatterns: ['/node$'], + excludePackageNames: ['calico/node'], + commitMessageTopic: 'Node.js', + }, + ], + }, recommended: { description: 'Use curated list of recommended non-monorepo package groupings', extends: [ + 'group:nodeJs', 'group:allApollographql', 'group:fortawesome', 'group:fusionjs', diff --git a/lib/config/presets/internal/index.ts b/lib/config/presets/internal/index.ts index fbbdd6a790ede3..e152b9747e19d7 100644 --- a/lib/config/presets/internal/index.ts +++ b/lib/config/presets/internal/index.ts @@ -1,4 +1,5 @@ import type { Preset, PresetConfig } from '../types'; +import * as compatibilityPreset from './compatibility'; import * as configPreset from './config'; import * as defaultPreset from './default'; import * as dockerPreset from './docker'; @@ -13,6 +14,7 @@ import * as schedulePreset from './schedule'; import * as workaroundsPreset from './workarounds'; export const groups: Record> = { + compatibility: compatibilityPreset.presets, config: configPreset.presets, default: defaultPreset.presets, docker: dockerPreset.presets, diff --git a/lib/config/presets/npm/index.spec.ts b/lib/config/presets/npm/index.spec.ts index 931ae3d39d6c60..fa5bd9afd76e95 100644 --- a/lib/config/presets/npm/index.spec.ts +++ b/lib/config/presets/npm/index.spec.ts @@ -7,7 +7,6 @@ jest.mock('registry-auth-token'); jest.mock('delay'); describe(getName(__filename), () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); setAdminConfig(); diff --git a/lib/config/types.ts b/lib/config/types.ts index 21806dd46c7ec6..2ef022c21c49b8 100644 --- a/lib/config/types.ts +++ b/lib/config/types.ts @@ -74,7 +74,6 @@ export interface GlobalOnlyConfig { gitPrivateKey?: string; logFile?: string; logFileLevel?: LogLevel; - logLevel?: LogLevel; prCommitsPerRunLimit?: number; privateKeyPath?: string; redisUrl?: string; @@ -84,15 +83,17 @@ export interface GlobalOnlyConfig { // Config options used within the repository worker, but not user configurable // The below should contain config options where admin=true export interface RepoAdminConfig { + allowCustomCrateRegistries?: boolean; allowPostUpgradeCommandTemplating?: boolean; + allowScripts?: boolean; allowedPostUpgradeCommands?: string[]; customEnvVariables?: Record; dockerChildPrefix?: string; dockerImagePrefix?: string; dockerUser?: string; dryRun?: boolean; + exposeAllEnv?: boolean; privateKey?: string | Buffer; - trustLevel?: 'low' | 'high'; } export interface LegacyAdminConfig { diff --git a/lib/constants/error-messages.ts b/lib/constants/error-messages.ts index b032e18fcee8a2..eec1bbff1ecdff 100644 --- a/lib/constants/error-messages.ts +++ b/lib/constants/error-messages.ts @@ -12,6 +12,7 @@ export const PLATFORM_RATE_LIMIT_EXCEEDED = 'rate-limit-exceeded'; // Config Error export const CONFIG_VALIDATION = 'config-validation'; +export const CONFIG_PRESETS_INVALID = 'config-presets-invalid'; export const CONFIG_SECRETS_EXPOSED = 'config-secrets-exposed'; export const CONFIG_SECRETS_INVALID = 'config-secrets-invalid'; diff --git a/lib/datasource/crate/__snapshots__/index.spec.ts.snap b/lib/datasource/crate/__snapshots__/index.spec.ts.snap index 48572b6e73a18d..6e8b60c6991564 100644 --- a/lib/datasource/crate/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/crate/__snapshots__/index.spec.ts.snap @@ -331,7 +331,7 @@ Array [ ] `; -exports[`datasource/crate/index getReleases refuses to clone if trustLevel is not high 1`] = `null`; +exports[`datasource/crate/index getReleases refuses to clone if allowCustomCrateRegistries is not true 1`] = `null`; exports[`datasource/crate/index getReleases returns null for 404 1`] = ` Array [ diff --git a/lib/datasource/crate/index.spec.ts b/lib/datasource/crate/index.spec.ts index a83b9f6293da56..dd8e79fdefb2cb 100644 --- a/lib/datasource/crate/index.spec.ts +++ b/lib/datasource/crate/index.spec.ts @@ -225,7 +225,7 @@ describe(getName(__filename), () => { expect(res).toBeDefined(); expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('refuses to clone if trustLevel is not high', async () => { + it('refuses to clone if allowCustomCrateRegistries is not true', async () => { const { mockClone } = setupGitMocks(); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; @@ -240,7 +240,7 @@ describe(getName(__filename), () => { }); it('clones cloudsmith private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; const res = await getPkgReleases({ datasource, @@ -254,7 +254,7 @@ describe(getName(__filename), () => { }); it('clones other private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/testregistry'; const res = await getPkgReleases({ datasource, @@ -268,7 +268,7 @@ describe(getName(__filename), () => { }); it('clones once then reuses the cache', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await getPkgReleases({ datasource, @@ -284,7 +284,7 @@ describe(getName(__filename), () => { }); it('guards against race conditions while cloning', async () => { const { mockClone } = setupGitMocks(250); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await Promise.all([ @@ -310,7 +310,7 @@ describe(getName(__filename), () => { }); it('returns null when git clone fails', async () => { setupErrorGitMock(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; const result = await getPkgReleases({ diff --git a/lib/datasource/crate/index.ts b/lib/datasource/crate/index.ts index cce827f726b39f..44d39cb1852829 100644 --- a/lib/datasource/crate/index.ts +++ b/lib/datasource/crate/index.ts @@ -163,9 +163,9 @@ async function fetchRegistryInfo( }; if (flavor !== RegistryFlavor.CratesIo) { - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().allowCustomCrateRegistries) { logger.warn( - 'crate datasource: trustLevel=high is required for registries other than crates.io, bailing out' + 'crate datasource: allowCustomCrateRegistries=true is required for registries other than crates.io, bailing out' ); return null; } diff --git a/lib/datasource/docker/index.ts b/lib/datasource/docker/index.ts index 7cc5bc301f6c01..368c8c070b2d9f 100644 --- a/lib/datasource/docker/index.ts +++ b/lib/datasource/docker/index.ts @@ -26,9 +26,7 @@ export const defaultVersioning = dockerVersioning.id; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'docker-', commitMessageTopic: '{{{depName}}} Docker tag', - major: { enabled: false }, commitMessageExtra: 'to v{{#if isMajor}}{{{newMajor}}}{{else}}{{{newVersion}}}{{/if}}', digest: { diff --git a/lib/datasource/helm/index.ts b/lib/datasource/helm/index.ts index ea1105841ac2d0..af28e7caee5fbe 100644 --- a/lib/datasource/helm/index.ts +++ b/lib/datasource/helm/index.ts @@ -17,7 +17,6 @@ export const defaultRegistryUrls = ['https://charts.helm.sh/stable']; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'helm-', commitMessageTopic: 'Helm release {{depName}}', group: { commitMessageTopic: '{{{groupName}}} Helm releases', diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap index 85d618101b79ab..847462a985443d 100644 --- a/lib/datasource/npm/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/npm/__snapshots__/index.spec.ts.snap @@ -519,49 +519,10 @@ Array [ ] `; -exports[`datasource/npm/index should use NPM_TOKEN if provided 1`] = ` -Object { - "name": "@foobar/core", - "registryUrl": "https://registry.npmjs.org/", - "releases": Array [ - Object { - "releaseTimestamp": "2018-05-06T05:21:53.000Z", - "version": "0.0.1", - }, - Object { - "releaseTimestamp": "2018-05-07T05:21:53.000Z", - "version": "0.0.2", - }, - ], - "sourceDirectory": "src/a", - "sourceUrl": "https://github.com/renovateapp/dummy", - "tags": Object { - "latest": "0.0.1", - }, - "versions": Object {}, -} -`; - -exports[`datasource/npm/index should use NPM_TOKEN if provided 2`] = ` -Array [ - Object { - "headers": Object { - "accept": "application/json", - "accept-encoding": "gzip, deflate, br", - "authorization": "Bearer some-token", - "host": "registry.npmjs.org", - "user-agent": "https://github.com/renovatebot/renovate", - }, - "method": "GET", - "url": "https://registry.npmjs.org/@foobar%2Fcore", - }, -] -`; - exports[`datasource/npm/index should use default registry if missing from npmrc 1`] = ` Object { "name": "foobar", - "registryUrl": "https://registry.npmjs.org", + "registryUrl": "https://registry.npmjs.org/", "releases": Array [ Object { "releaseTimestamp": "2018-05-06T05:21:53.000Z", diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index a4979577cf60cb..d398428ebf8c67 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -15,7 +15,6 @@ const registryAuthToken: jest.Mock<_registryAuthToken.NpmCredentials> = _registr let npmResponse: any; describe(getName(__filename), () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); httpMock.setup(); @@ -269,21 +268,6 @@ describe(getName(__filename), () => { expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('should use NPM_TOKEN if provided', async () => { - httpMock - .scope('https://registry.npmjs.org', { - reqheaders: { authorization: 'Bearer some-token' }, - }) - .get('/@foobar%2Fcore') - .reply(200, { ...npmResponse, name: '@foobar/core' }); - const oldToken = process.env.NPM_TOKEN; - process.env.NPM_TOKEN = 'some-token'; - const res = await getPkgReleases({ datasource, depName: '@foobar/core' }); - process.env.NPM_TOKEN = oldToken; - expect(res).toMatchSnapshot(); - expect(httpMock.getTrace()).toMatchSnapshot(); - }); - it('should use host rules by hostName if provided', async () => { hostRules.add({ hostType: 'npm', @@ -330,7 +314,7 @@ describe(getName(__filename), () => { setNpmrc(npmrcContent); setNpmrc(npmrcContent); setNpmrc(); - expect(getNpmrc()).toBeNull(); + expect(getNpmrc()).toEqual({}); }); it('should use default registry if missing from npmrc', async () => { @@ -375,7 +359,7 @@ describe(getName(__filename), () => { .reply(200, npmResponse); process.env.REGISTRY = 'https://registry.from-env.com'; process.env.RENOVATE_CACHE_NPM_MINUTES = '15'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string const npmrc = 'registry=${REGISTRY}'; const res = await getPkgReleases({ datasource, depName: 'foobar', npmrc }); @@ -384,7 +368,7 @@ describe(getName(__filename), () => { }); it('should throw error if necessary env var is not present', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string expect(() => setNpmrc('registry=${REGISTRY_MISSING}')).toThrow( Error('env-replace') diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index d340093435907f..ed44bfee821bb1 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -9,7 +9,6 @@ const sanitize = mocked(_sanitize); describe(getName(__filename), () => { beforeEach(() => { - delete process.env.NPM_TOKEN; setNpmrc(''); setAdminConfig(); jest.resetAllMocks(); @@ -39,7 +38,7 @@ describe(getName(__filename), () => { }); it('sanitize _authtoken with high trust', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); process.env.TEST_TOKEN = 'test'; setNpmrc( // eslint-disable-next-line no-template-curly-in-string @@ -52,6 +51,6 @@ describe(getName(__filename), () => { it('ignores localhost', () => { setNpmrc(`registry=http://localhost`); expect(sanitize.add).toHaveBeenCalledTimes(0); - expect(getNpmrc()).toBeNull(); + expect(getNpmrc()).toEqual({}); }); }); diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index 7afc4c89b13e52..b7d700acac3c6a 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -9,8 +9,8 @@ import type { OutgoingHttpHeaders } from '../../util/http/types'; import { maskToken } from '../../util/mask'; import { add } from '../../util/sanitize'; -let npmrc: Record | null = null; -let npmrcRaw: string; +let npmrc: Record = {}; +let npmrcRaw = ''; export type Npmrc = Record; @@ -61,13 +61,13 @@ export function setNpmrc(input?: string): void { npmrcRaw = input; logger.debug('Setting npmrc'); npmrc = ini.parse(input.replace(/\\n/g, '\n')); - const { trustLevel } = getAdminConfig(); + const { exposeAllEnv } = getAdminConfig(); for (const [key, val] of Object.entries(npmrc)) { - if (trustLevel !== 'high') { + if (!exposeAllEnv) { sanitize(key, val); } if ( - trustLevel !== 'high' && + !exposeAllEnv && key.endsWith('registry') && val && val.includes('localhost') @@ -80,7 +80,7 @@ export function setNpmrc(input?: string): void { return; } } - if (trustLevel !== 'high') { + if (!exposeAllEnv) { return; } for (const key of Object.keys(npmrc)) { @@ -89,8 +89,8 @@ export function setNpmrc(input?: string): void { } } else if (npmrc) { logger.debug('Resetting npmrc'); - npmrc = null; - npmrcRaw = null; + npmrc = {}; + npmrcRaw = ''; } } @@ -106,7 +106,7 @@ export function resolvePackage(packageName: string): PackageResolution { try { registryUrl = getRegistryUrl(scope, getNpmrc()); } catch (err) { - registryUrl = 'https://registry.npmjs.org'; + registryUrl = 'https://registry.npmjs.org/'; } const packageUrl = url.resolve( registryUrl, @@ -129,11 +129,6 @@ export function resolvePackage(packageName: string): PackageResolution { { token: maskToken(authInfo.token), npmName: packageName }, 'Using auth (via npmrc) for npm lookup' ); - } else if (process.env.NPM_TOKEN && process.env.NPM_TOKEN !== 'undefined') { - logger.warn( - 'Support for NPM_TOKEN in env will be dropped in the next major release' - ); - headers.authorization = `Bearer ${process.env.NPM_TOKEN}`; } return { headers, packageUrl, registryUrl }; } diff --git a/lib/manager/buildkite/index.ts b/lib/manager/buildkite/index.ts index a97b1018ed28c4..d678d7fd3c206d 100644 --- a/lib/manager/buildkite/index.ts +++ b/lib/manager/buildkite/index.ts @@ -7,5 +7,4 @@ export const defaultConfig = { commitMessageTopic: 'buildkite plugin {{depName}}', commitMessageExtra: 'to {{#if isMajor}}v{{{newMajor}}}{{else}}{{{newValue}}}{{/if}}', - additionalBranchPrefix: 'buildkite-', }; diff --git a/lib/manager/cargo/index.ts b/lib/manager/cargo/index.ts index e18f8527d5244c..e91db57470e3be 100644 --- a/lib/manager/cargo/index.ts +++ b/lib/manager/cargo/index.ts @@ -10,7 +10,6 @@ export { extractPackageFile, updateArtifacts, language }; export const defaultConfig = { commitMessageTopic: 'Rust crate {{depName}}', - additionalBranchPrefix: 'rust-', fileMatch: ['(^|/)Cargo.toml$'], versioning: cargoVersioning.id, rangeStrategy: 'bump', diff --git a/lib/manager/circleci/__snapshots__/extract.spec.ts.snap b/lib/manager/circleci/__snapshots__/extract.spec.ts.snap index 099414ce7920f5..e6ff11b229c9b1 100644 --- a/lib/manager/circleci/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/circleci/__snapshots__/extract.spec.ts.snap @@ -4,7 +4,6 @@ exports[`manager/circleci/extract extractPackageFile() extracts image without le Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "14.8.0", "datasource": "docker", @@ -20,7 +19,6 @@ exports[`manager/circleci/extract extractPackageFile() extracts multiple image l Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": undefined, "datasource": "docker", @@ -31,7 +29,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "4", "datasource": "docker", @@ -42,7 +39,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "6", "datasource": "docker", @@ -53,7 +49,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8.9.0", "datasource": "docker", diff --git a/lib/manager/cloudbuild/__snapshots__/extract.spec.ts.snap b/lib/manager/cloudbuild/__snapshots__/extract.spec.ts.snap index ffd3d8a3be8486..6bffda93dcec3e 100644 --- a/lib/manager/cloudbuild/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/cloudbuild/__snapshots__/extract.spec.ts.snap @@ -12,7 +12,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "12", "datasource": "docker", diff --git a/lib/manager/composer/artifacts.spec.ts b/lib/manager/composer/artifacts.spec.ts index d7798754387c6c..fca585b9583432 100644 --- a/lib/manager/composer/artifacts.spec.ts +++ b/lib/manager/composer/artifacts.spec.ts @@ -30,6 +30,7 @@ const config = { localDir: join('/tmp/github/some/repo'), cacheDir: join('/tmp/renovate/cache'), composerIgnorePlatformReqs: true, + ignoreScripts: false, }; const repoStatus = partial({ @@ -46,7 +47,7 @@ describe('.updateArtifacts()', () => { await setUtilConfig(config); docker.resetPrefetchedImages(); hostRules.clear(); - setAdminConfig(); + setAdminConfig({ allowScripts: false }); }); it('returns if no composer.lock found', async () => { expect( @@ -63,7 +64,7 @@ describe('.updateArtifacts()', () => { const execSnapshots = mockExecAll(exec); fs.readLocalFile.mockReturnValueOnce('Current composer.lock' as any); git.getRepoStatus.mockResolvedValue(repoStatus); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); expect( await composer.updateArtifacts({ packageFileName: 'composer.json', diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts index 9515106780c284..bffbe7510c707e 100644 --- a/lib/manager/composer/artifacts.ts +++ b/lib/manager/composer/artifacts.ts @@ -151,7 +151,7 @@ export async function updateArtifacts({ args += ' --ignore-platform-reqs'; } args += ' --no-ansi --no-interaction'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --no-scripts --no-autoloader'; } logger.debug({ cmd, args }, 'composer command'); diff --git a/lib/manager/docker-compose/__snapshots__/extract.spec.ts.snap b/lib/manager/docker-compose/__snapshots__/extract.spec.ts.snap index ce8eb2b879c7e3..716a76d5bdd2c3 100644 --- a/lib/manager/docker-compose/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/docker-compose/__snapshots__/extract.spec.ts.snap @@ -12,7 +12,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "10.0.0", "datasource": "docker", @@ -80,7 +79,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "10.0.0", "datasource": "docker", @@ -148,7 +146,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "10.0.0", "datasource": "docker", diff --git a/lib/manager/dockerfile/__snapshots__/extract.spec.ts.snap b/lib/manager/dockerfile/__snapshots__/extract.spec.ts.snap index c1ebae9f7b88c3..7b7696e59e5ab1 100644 --- a/lib/manager/dockerfile/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/dockerfile/__snapshots__/extract.spec.ts.snap @@ -4,7 +4,6 @@ exports[`manager/dockerfile/extract extractPackageFile() detects ["stage"] and [ Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8.15.1-alpine", "datasource": "docker", @@ -123,7 +122,6 @@ exports[`manager/dockerfile/extract extractPackageFile() extracts images on adja Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": "sha256:d743b4141b02fcfb8beb68f92b4cd164f60ee457bf2d053f36785bf86de16b0d", "currentValue": "8.11.3-alpine", "datasource": "docker", @@ -147,7 +145,6 @@ exports[`manager/dockerfile/extract extractPackageFile() extracts multiple FROM Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "6.12.3", "datasource": "docker", @@ -185,7 +182,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles abnormal spacin Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8.7.0", "datasource": "docker", @@ -214,7 +210,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles comments 1`] = Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": undefined, "datasource": "docker", @@ -229,7 +224,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles custom hosts 1` Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8", "datasource": "docker", @@ -244,7 +238,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles custom hosts an Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8-alpine", "datasource": "docker", @@ -259,7 +252,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles custom hosts wi Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8", "datasource": "docker", @@ -274,7 +266,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles custom hosts wi Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8", "datasource": "docker", @@ -289,7 +280,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles custom hosts wi Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": undefined, "datasource": "docker", @@ -304,7 +294,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles digest 1`] = ` Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": "sha256:eb85fc5b1198f5e1ec025ea07586bdbbf397e7d82df66c90d7511f533517e063", "currentValue": undefined, "datasource": "docker", @@ -319,7 +308,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles from as 1`] = ` Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8.9.0-alpine", "datasource": "docker", @@ -334,7 +322,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles naked dep 1`] = Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": undefined, "datasource": "docker", @@ -349,7 +336,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles namespaced imag Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8", "datasource": "docker", @@ -364,7 +350,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles tag 1`] = ` Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "8.9.0-alpine", "datasource": "docker", @@ -379,7 +364,6 @@ exports[`manager/dockerfile/extract extractPackageFile() handles tag and digest Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": "sha256:eb85fc5b1198f5e1ec025ea07586bdbbf397e7d82df66c90d7511f533517e063", "currentValue": "8.9.0", "datasource": "docker", @@ -409,7 +393,6 @@ exports[`manager/dockerfile/extract extractPackageFile() is case insensitive 1`] Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": undefined, "datasource": "docker", @@ -424,7 +407,6 @@ exports[`manager/dockerfile/extract extractPackageFile() skips index reference C Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "6.12.3", "datasource": "docker", @@ -439,7 +421,6 @@ exports[`manager/dockerfile/extract extractPackageFile() skips named multistage Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "6.12.3", "datasource": "docker", @@ -454,7 +435,6 @@ exports[`manager/dockerfile/extract extractPackageFile() skips named multistage Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "6.12.3", "datasource": "docker", diff --git a/lib/manager/dockerfile/extract.ts b/lib/manager/dockerfile/extract.ts index fae09b1aff9eab..01d9e58af7be95 100644 --- a/lib/manager/dockerfile/extract.ts +++ b/lib/manager/dockerfile/extract.ts @@ -48,14 +48,6 @@ export function getDep( '{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}'; } dep.datasource = datasourceDocker.id; - if ( - dep.depName && - (dep.depName === 'node' || dep.depName.endsWith('/node')) && - dep.depName !== 'calico/node' - ) { - dep.commitMessageTopic = 'Node.js'; - } - if (dep.depName === 'ubuntu') { dep.versioning = ubuntuVersioning.id; } diff --git a/lib/manager/droneci/__snapshots__/extract.spec.ts.snap b/lib/manager/droneci/__snapshots__/extract.spec.ts.snap index 3723edeab59ae7..4d74cfdddd02b0 100644 --- a/lib/manager/droneci/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/droneci/__snapshots__/extract.spec.ts.snap @@ -13,7 +13,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": "sha256:36adc17e9cceab32179d3314da9cb9c737ffb11f0de4e688f407ad6d9ca32201", "currentValue": "10.0.0", "datasource": "docker", diff --git a/lib/manager/github-actions/__snapshots__/extract.spec.ts.snap b/lib/manager/github-actions/__snapshots__/extract.spec.ts.snap index 900449a8c59363..d7d3f17dee9b11 100644 --- a/lib/manager/github-actions/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/github-actions/__snapshots__/extract.spec.ts.snap @@ -67,7 +67,6 @@ Array [ }, Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": "sha256:7b65413af120ec5328077775022c78101f103258a1876ec2f83890bce416e896", "currentValue": "6", "datasource": "docker", diff --git a/lib/manager/gitlabci/__snapshots__/extract.spec.ts.snap b/lib/manager/gitlabci/__snapshots__/extract.spec.ts.snap index 0cb54034e6210a..89a2a0259235a0 100644 --- a/lib/manager/gitlabci/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/gitlabci/__snapshots__/extract.spec.ts.snap @@ -148,7 +148,6 @@ Array [ "deps": Array [ Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", - "commitMessageTopic": "Node.js", "currentDigest": undefined, "currentValue": "12", "datasource": "docker", diff --git a/lib/manager/homebrew/index.ts b/lib/manager/homebrew/index.ts index 62bb3b08a55d92..b45e932cf7f9a7 100644 --- a/lib/manager/homebrew/index.ts +++ b/lib/manager/homebrew/index.ts @@ -3,6 +3,5 @@ export { updateDependency } from './update'; export const defaultConfig = { commitMessageTopic: 'Homebrew Formula {{depName}}', - additionalBranchPrefix: 'homebrew-', fileMatch: ['^Formula/[^/]+[.]rb$'], }; diff --git a/lib/manager/npm/extract/__snapshots__/index.spec.ts.snap b/lib/manager/npm/extract/__snapshots__/index.spec.ts.snap index e0b886ce2fb95c..4d7be39d441995 100644 --- a/lib/manager/npm/extract/__snapshots__/index.spec.ts.snap +++ b/lib/manager/npm/extract/__snapshots__/index.spec.ts.snap @@ -11,7 +11,6 @@ Object { "skipReason": "invalid-name", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -135,7 +134,6 @@ Object { "prettyDepType": "engine", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -299,7 +297,6 @@ Object { "sourceUrl": "https://github.com/owner/n", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -349,7 +346,6 @@ Object { "skipReason": "unknown-version", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -410,7 +406,6 @@ Object { "skipReason": "unknown-volta", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -465,7 +460,6 @@ Object { "skipReason": "unknown-version", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -602,7 +596,6 @@ Object { "prettyDepType": "resolutions", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": "npm", "lernaPackages": undefined, "managerData": Object { @@ -739,7 +732,6 @@ Object { "prettyDepType": "resolutions", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": "yarn", "lernaPackages": undefined, "managerData": Object { @@ -876,7 +868,6 @@ Object { "prettyDepType": "resolutions", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -899,7 +890,6 @@ exports[`manager/npm/extract/index .extractPackageFile() finds complex yarn work Object { "constraints": Object {}, "deps": Array [], - "ignoreNpmrcFile": undefined, "lernaClient": "npm", "lernaPackages": undefined, "managerData": Object { @@ -1038,7 +1028,6 @@ Object { "prettyDepType": "resolutions", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": "npm", "lernaPackages": undefined, "managerData": Object { @@ -1061,7 +1050,6 @@ exports[`manager/npm/extract/index .extractPackageFile() finds simple yarn works Object { "constraints": Object {}, "deps": Array [], - "ignoreNpmrcFile": undefined, "lernaClient": "npm", "lernaPackages": undefined, "managerData": Object { @@ -1086,7 +1074,6 @@ exports[`manager/npm/extract/index .extractPackageFile() finds simple yarn works Object { "constraints": Object {}, "deps": Array [], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { @@ -1225,7 +1212,6 @@ Object { "prettyDepType": "resolutions", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { diff --git a/lib/manager/npm/extract/index.spec.ts b/lib/manager/npm/extract/index.spec.ts index fa78521e8218ba..beda16f2a1b85c 100644 --- a/lib/manager/npm/extract/index.spec.ts +++ b/lib/manager/npm/extract/index.spec.ts @@ -113,11 +113,25 @@ describe(getName(__filename), () => { ); expect(res.npmrc).toBeDefined(); }); - it('finds and discards .npmrc', async () => { + it('ignores .npmrc when config.npmrc is defined', async () => { + fs.readLocalFile = jest.fn((fileName) => { + if (fileName === '.npmrc') { + return 'some-npmrc\n'; + } + return null; + }); + const res = await npmExtract.extractPackageFile( + input01Content, + 'package.json', + { npmrc: 'some-configured-npmrc' } + ); + expect(res.npmrc).toBeUndefined(); + }); + it('finds and filters .npmrc with variables', async () => { fs.readLocalFile = jest.fn((fileName) => { if (fileName === '.npmrc') { // eslint-disable-next-line - return '//registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}\n'; + return 'registry=https://registry.npmjs.org\n//registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}\n'; } return null; }); @@ -126,7 +140,7 @@ describe(getName(__filename), () => { 'package.json', {} ); - expect(res.npmrc).toBeUndefined(); + expect(res.npmrc).toEqual('registry=https://registry.npmjs.org\n'); }); it('finds lerna', async () => { fs.readLocalFile = jest.fn((fileName) => { diff --git a/lib/manager/npm/extract/index.ts b/lib/manager/npm/extract/index.ts index 7bccc130f11d2a..b6192925fe83f7 100644 --- a/lib/manager/npm/extract/index.ts +++ b/lib/manager/npm/extract/index.ts @@ -6,11 +6,7 @@ import * as datasourceGithubTags from '../../../datasource/github-tags'; import { id as npmId } from '../../../datasource/npm'; import { logger } from '../../../logger'; import { SkipReason } from '../../../types'; -import { - deleteLocalFile, - getSiblingFileName, - readLocalFile, -} from '../../../util/fs'; +import { getSiblingFileName, readLocalFile } from '../../../util/fs'; import * as nodeVersioning from '../../../versioning/node'; import { isValid, isVersion } from '../../../versioning/npm'; import type { @@ -95,26 +91,30 @@ export async function extractPackageFile( delete lockFiles.shrinkwrapJson; let npmrc: string; - let ignoreNpmrcFile: boolean; const npmrcFileName = getSiblingFileName(fileName, '.npmrc'); - // istanbul ignore if - if (config.ignoreNpmrcFile) { - await deleteLocalFile(npmrcFileName); - } else { - npmrc = await readLocalFile(npmrcFileName, 'utf8'); - if (npmrc?.includes('package-lock')) { - logger.debug('Stripping package-lock setting from npmrc'); - npmrc = npmrc.replace(/(^|\n)package-lock.*?(\n|$)/g, '\n'); - } - if (is.string(npmrc)) { - if (npmrc.includes('=${') && getAdminConfig().trustLevel !== 'high') { - logger.debug('Discarding .npmrc file with variables'); - ignoreNpmrcFile = true; - npmrc = undefined; - await deleteLocalFile(npmrcFileName); - } + const npmrcContent = await readLocalFile(npmrcFileName, 'utf8'); + if (is.string(npmrcContent)) { + if (is.string(config.npmrc)) { + logger.debug( + { npmrcFileName }, + 'Repo .npmrc file is ignored due to presence of config.npmrc' + ); } else { - npmrc = undefined; + npmrc = npmrcContent; + if (npmrc?.includes('package-lock')) { + logger.debug('Stripping package-lock setting from .npmrc'); + npmrc = npmrc.replace(/(^|\n)package-lock.*?(\n|$)/g, '\n'); + } + if (npmrc.includes('=${') && !getAdminConfig().exposeAllEnv) { + logger.debug( + { npmrcFileName }, + 'Stripping .npmrc file of lines with variables' + ); + npmrc = npmrc + .split('\n') + .filter((line) => !line.includes('=${')) + .join('\n'); + } } } const yarnrcFileName = getSiblingFileName(fileName, '.yarnrc'); @@ -364,7 +364,6 @@ export async function extractPackageFile( packageFileVersion, packageJsonType, npmrc, - ignoreNpmrcFile, yarnrc, ...lockFiles, managerData: { diff --git a/lib/manager/npm/post-update/__snapshots__/lerna.spec.ts.snap b/lib/manager/npm/post-update/__snapshots__/lerna.spec.ts.snap index e8f5d06c35c0a7..4dc615e84774c2 100644 --- a/lib/manager/npm/post-update/__snapshots__/lerna.spec.ts.snap +++ b/lib/manager/npm/post-update/__snapshots__/lerna.spec.ts.snap @@ -236,65 +236,6 @@ Array [ ] `; -exports[`manager/npm/post-update/lerna generateLockFiles() maps dot files 1`] = ` -Array [ - Object { - "cmd": "lerna info || echo \\"Ignoring lerna info failure\\"", - "options": Object { - "cwd": "some-dir", - "encoding": "utf-8", - "env": Object { - "HOME": "/home/user", - "HTTPS_PROXY": "https://example.com", - "HTTP_PROXY": "http://example.com", - "LANG": "en_US.UTF-8", - "LC_ALL": "en_US", - "NO_PROXY": "localhost", - "PATH": "/tmp/path", - }, - "maxBuffer": 10485760, - "timeout": 900000, - }, - }, - Object { - "cmd": "npm install --ignore-scripts --no-audit --package-lock-only", - "options": Object { - "cwd": "some-dir", - "encoding": "utf-8", - "env": Object { - "HOME": "/home/user", - "HTTPS_PROXY": "https://example.com", - "HTTP_PROXY": "http://example.com", - "LANG": "en_US.UTF-8", - "LC_ALL": "en_US", - "NO_PROXY": "localhost", - "PATH": "/tmp/path", - }, - "maxBuffer": 10485760, - "timeout": 900000, - }, - }, - Object { - "cmd": "lerna bootstrap --no-ci --ignore-scripts -- --ignore-scripts --no-audit --package-lock-only", - "options": Object { - "cwd": "some-dir", - "encoding": "utf-8", - "env": Object { - "HOME": "/home/user", - "HTTPS_PROXY": "https://example.com", - "HTTP_PROXY": "http://example.com", - "LANG": "en_US.UTF-8", - "LC_ALL": "en_US", - "NO_PROXY": "localhost", - "PATH": "/tmp/path", - }, - "maxBuffer": 10485760, - "timeout": 900000, - }, - }, -] -`; - exports[`manager/npm/post-update/lerna generateLockFiles() performs full npm install 1`] = ` Array [ Object { diff --git a/lib/manager/npm/post-update/index.ts b/lib/manager/npm/post-update/index.ts index 083272c1612b0f..aa992b653e70e8 100644 --- a/lib/manager/npm/post-update/index.ts +++ b/lib/manager/npm/post-update/index.ts @@ -144,9 +144,6 @@ export async function writeExistingFiles( } catch (err) /* istanbul ignore next */ { logger.warn({ npmrcFilename, err }, 'Error writing .npmrc'); } - } else if (config.ignoreNpmrcFile) { - logger.debug('Removing ignored .npmrc file before artifact generation'); - await remove(npmrcFilename); } if (packageFile.yarnrc) { logger.debug(`Writing .yarnrc to ${basedir}`); diff --git a/lib/manager/npm/post-update/lerna.spec.ts b/lib/manager/npm/post-update/lerna.spec.ts index 0dddb7c585fe5d..267bef2c31d306 100644 --- a/lib/manager/npm/post-update/lerna.spec.ts +++ b/lib/manager/npm/post-update/lerna.spec.ts @@ -93,27 +93,13 @@ describe(getName(__filename), () => { expect(res.error).toBe(false); expect(execSnapshots).toMatchSnapshot(); }); - it('maps dot files', async () => { - const execSnapshots = mockExecAll(exec); - const res = await lernaHelper.generateLockFiles( - lernaPkgFile('npm'), - 'some-dir', - { - dockerMapDotfiles: true, - constraints: { npm: '^6.0.0' }, - }, - {} - ); - expect(res.error).toBe(false); - expect(execSnapshots).toMatchSnapshot(); - }); it('allows scripts for trust level high', async () => { const execSnapshots = mockExecAll(exec); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); const res = await lernaHelper.generateLockFiles( lernaPkgFile('npm'), 'some-dir', - {}, + { constraints: { npm: '^6.0.0' } }, {} ); expect(res.error).toBe(false); diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts index 08cfc8be3d4c6c..4cf0bc54750c0c 100644 --- a/lib/manager/npm/post-update/lerna.ts +++ b/lib/manager/npm/post-update/lerna.ts @@ -1,6 +1,5 @@ import semver, { validRange } from 'semver'; import { quote } from 'shlex'; -import { join } from 'upath'; import { getAdminConfig } from '../../../config/admin'; import { TEMPORARY_ERROR } from '../../../constants/error-messages'; import { logger } from '../../../logger'; @@ -72,10 +71,7 @@ export async function generateLockFiles( return { error: false }; } let lernaCommand = `lerna bootstrap --no-ci --ignore-scripts -- `; - if ( - getAdminConfig().trustLevel === 'high' && - config.ignoreScripts !== false - ) { + if (getAdminConfig().allowScripts && config.ignoreScripts !== false) { cmdOptions = cmdOptions.replace('--ignore-scripts ', ''); lernaCommand = lernaCommand.replace('--ignore-scripts ', ''); } @@ -96,16 +92,9 @@ export async function generateLockFiles( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; - } - if (config.dockerMapDotfiles) { - const homeDir = - process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE; - const homeNpmrc = join(homeDir, '.npmrc'); - execOptions.docker.volumes = [[homeNpmrc, '/home/ubuntu/.npmrc']]; } const lernaVersion = getLernaVersion(lernaPackageFile); logger.debug('Using lerna version ' + lernaVersion); diff --git a/lib/manager/npm/post-update/npm.spec.ts b/lib/manager/npm/post-update/npm.spec.ts index f235cb63cc2af1..b896545b9bde2e 100644 --- a/lib/manager/npm/post-update/npm.spec.ts +++ b/lib/manager/npm/post-update/npm.spec.ts @@ -27,7 +27,6 @@ describe('generateLockFile', () => { const execSnapshots = mockExecAll(exec); fs.readFile = jest.fn(() => 'package-lock-contents') as never; const skipInstalls = true; - const dockerMapDotfiles = true; const postUpdateOptions = ['npmDedupe']; const updates = [ { depName: 'some-dep', newVersion: '1.0.1', isLockfileUpdate: false }, @@ -36,7 +35,7 @@ describe('generateLockFile', () => { 'some-dir', {}, 'package-lock.json', - { dockerMapDotfiles, skipInstalls, postUpdateOptions }, + { skipInstalls, postUpdateOptions }, updates ); expect(fs.readFile).toHaveBeenCalledTimes(1); diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts index d3e43876605615..8b28332155c787 100644 --- a/lib/manager/npm/post-update/npm.ts +++ b/lib/manager/npm/post-update/npm.ts @@ -71,16 +71,9 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; - } - if (config.dockerMapDotfiles) { - const homeDir = - process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE; - const homeNpmrc = join(homeDir, '.npmrc'); - execOptions.docker.volumes = [[homeNpmrc, '/home/ubuntu/.npmrc']]; } if (!upgrades.every((upgrade) => upgrade.isLockfileUpdate)) { diff --git a/lib/manager/npm/post-update/pnpm.spec.ts b/lib/manager/npm/post-update/pnpm.spec.ts index f1146a0d018a09..195690f3d41cf7 100644 --- a/lib/manager/npm/post-update/pnpm.spec.ts +++ b/lib/manager/npm/post-update/pnpm.spec.ts @@ -24,7 +24,6 @@ describe('generateLockFile', () => { env.getChildProcessEnv.mockReturnValue(envMock.basic); }); it('generates lock files', async () => { - config.dockerMapDotfiles = true; const execSnapshots = mockExecAll(exec); fs.readFile = jest.fn(() => 'package-lock-contents') as never; const res = await pnpmHelper.generateLockFile('some-dir', {}, config); diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts index 7816267e786744..f6a802fc609a01 100644 --- a/lib/manager/npm/post-update/pnpm.ts +++ b/lib/manager/npm/post-update/pnpm.ts @@ -50,20 +50,13 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; - } - if (config.dockerMapDotfiles) { - const homeDir = - process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE; - const homeNpmrc = join(homeDir, '.npmrc'); - execOptions.docker.volumes = [[homeNpmrc, '/home/ubuntu/.npmrc']]; } cmd = 'pnpm'; let args = 'install --recursive --lockfile-only'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --ignore-scripts'; args += ' --ignore-pnpmfile'; } diff --git a/lib/manager/npm/post-update/yarn.spec.ts b/lib/manager/npm/post-update/yarn.spec.ts index 0274362190686b..84173a6d8232a8 100644 --- a/lib/manager/npm/post-update/yarn.spec.ts +++ b/lib/manager/npm/post-update/yarn.spec.ts @@ -54,7 +54,6 @@ describe(getName(__filename), () => { ); }); const config = { - dockerMapDotfiles: true, constraints: { yarn: yarnCompatibility, }, @@ -140,7 +139,6 @@ describe(getName(__filename), () => { ); }); const config = { - dockerMapDotfiles: true, constraints: { yarn: yarnCompatibility, }, diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts index e179f717703ead..f555bcbce78f02 100644 --- a/lib/manager/npm/post-update/yarn.ts +++ b/lib/manager/npm/post-update/yarn.ts @@ -102,7 +102,7 @@ export async function generateLockFile( extraEnv.YARN_ENABLE_IMMUTABLE_INSTALLS = 'false'; extraEnv.YARN_HTTP_TIMEOUT = '100000'; } - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { if (isYarn1) { cmdOptions += ' --ignore-scripts'; } else { @@ -121,16 +121,9 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; - } - if (config.dockerMapDotfiles) { - const homeDir = - process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE; - const homeNpmrc = join(homeDir, '.npmrc'); - execOptions.docker.volumes = [[homeNpmrc, '/home/ubuntu/.npmrc']]; } // This command updates the lock file based on package.json diff --git a/lib/manager/pip_requirements/extract.spec.ts b/lib/manager/pip_requirements/extract.spec.ts index 6226ab5fc424da..9607c03eebc135 100644 --- a/lib/manager/pip_requirements/extract.spec.ts +++ b/lib/manager/pip_requirements/extract.spec.ts @@ -129,7 +129,7 @@ describe(getName(__filename), () => { }); it('should replace env vars in high trust mode', () => { process.env.PIP_TEST_TOKEN = 'its-a-secret'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); const res = extractPackageFile(requirements7, 'unused_file_name', {}); expect(res.registryUrls).toEqual([ 'https://pypi.org/pypi/', diff --git a/lib/manager/pip_requirements/extract.ts b/lib/manager/pip_requirements/extract.ts index 87e2ffaec01963..87fc491b410ce2 100644 --- a/lib/manager/pip_requirements/extract.ts +++ b/lib/manager/pip_requirements/extract.ts @@ -84,7 +84,7 @@ export function extractPackageFile( res.registryUrls = registryUrls.map((url) => { // handle the optional quotes in eg. `--extra-index-url "https://foo.bar"` const cleaned = url.replace(/^"/, '').replace(/"$/, ''); - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().exposeAllEnv) { return cleaned; } // interpolate any environment variables diff --git a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap index a7c0567b1cf466..1fba3faa42c84d 100644 --- a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap @@ -7,7 +7,7 @@ Object { "currentValue": "1.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -15,7 +15,7 @@ Object { Object { "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -23,7 +23,7 @@ Object { Object { "datasource": "helm", "depName": "./charts/example", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -33,7 +33,7 @@ Object { "currentValue": "4.0.1", "datasource": "helm", "depName": undefined, - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -43,7 +43,7 @@ Object { "currentValue": "5.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -52,7 +52,7 @@ Object { "currentValue": "6.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -68,86 +68,86 @@ Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "next", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "tfmodule_one-v0.0.9", "datasource": "github-tags", "depName": "github.com/githubuser/myrepo", - "depType": "github", + "depType": "module", "lookupName": "githubuser/myrepo", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "0.1.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v2.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "<= 2.4.0", "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "1.28.3", "datasource": "terraform-module", "depName": "particuleio/addons/kubernetes", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "~> 1.1.0", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -156,7 +156,7 @@ Object { "currentValue": "~> 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -165,7 +165,7 @@ Object { "currentValue": "~~ 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -174,7 +174,7 @@ Object { "currentValue": ">= 1.0.0, <= 2.0.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "skipReason": "local", @@ -186,89 +186,90 @@ Object { "currentValue": "1.36.1", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=2.4", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=1.3", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "V1.9", "datasource": "terraform-provider", "depName": "newrelic", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "next", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.1", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.2", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "http://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.3", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "ssh://git@bitbucket.com/hashicorp/example", }, Object { "currentValue": ">= 2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 2.0.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 0.13", "datasource": "github-tags", "depName": "hashicorp/terraform", + "depType": "required_version", "extractVersion": "v(?.*)$", "lineNumber": 230, }, @@ -276,7 +277,7 @@ Object { "currentValue": "2.7.2", "datasource": "terraform-provider", "depName": "docker", - "depType": "terraform", + "depType": "required_provider", "registryUrls": Array [ "https://releases.hashicorp.com", ], @@ -285,34 +286,34 @@ Object { "currentValue": "2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", "lookupName": "aws", }, Object { "currentValue": "=2.27.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "invalid", - "depType": "terraform", + "depType": "required_provider", "skipReason": "unsupported-url", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/helm", }, Object { "currentValue": ">= 1.0", "datasource": "terraform-provider", "depName": "kubernetes", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/kubernetes", "registryUrls": Array [ "https://terraform.example.com", @@ -324,6 +325,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_image", "replaceString": "nginx:1.7.8", }, Object { @@ -332,6 +334,7 @@ Object { Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", "datasource": "docker", + "depType": "docker_image", "replaceString": "\${data.docker_registry_image.ubuntu.name}", "skipReason": "contains-variable", }, @@ -341,6 +344,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_container", "replaceString": "nginx:1.7.8", }, Object { @@ -352,6 +356,7 @@ Object { "currentValue": "v1", "datasource": "docker", "depName": "repo.mycompany.com:8080/foo-service", + "depType": "docker_service", "replaceString": "repo.mycompany.com:8080/foo-service:v1", }, Object { diff --git a/lib/manager/terraform/extract.ts b/lib/manager/terraform/extract.ts index 4658a80336cbe7..0048bde408dc4a 100644 --- a/lib/manager/terraform/extract.ts +++ b/lib/manager/terraform/extract.ts @@ -5,7 +5,10 @@ import { analyzeTerraformProvider, extractTerraformProvider, } from './providers'; -import { extractTerraformRequiredProviders } from './required-providers'; +import { + analyzeTerraformRequiredProvider, + extractTerraformRequiredProviders, +} from './required-providers'; import { analyseTerraformVersion, extractTerraformRequiredVersion, @@ -98,6 +101,8 @@ export function extractPackageFile(content: string): PackageFile | null { deps.forEach((dep) => { switch (dep.managerData.terraformDependencyType) { case TerraformDependencyTypes.required_providers: + analyzeTerraformRequiredProvider(dep); + break; case TerraformDependencyTypes.provider: analyzeTerraformProvider(dep); break; diff --git a/lib/manager/terraform/modules.ts b/lib/manager/terraform/modules.ts index f3336a1ab7ff09..692c120328e77f 100644 --- a/lib/manager/terraform/modules.ts +++ b/lib/manager/terraform/modules.ts @@ -30,12 +30,12 @@ export function analyseTerraformModule(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ if (githubRefMatch) { dep.lookupName = githubRefMatch.groups.project.replace(/\.git$/, ''); - dep.depType = 'github'; + dep.depType = 'module'; dep.depName = 'github.com/' + dep.lookupName; dep.currentValue = githubRefMatch.groups.tag; dep.datasource = datasourceGithubTags.id; } else if (gitTagsRefMatch) { - dep.depType = 'gitTags'; + dep.depType = 'module'; if (gitTagsRefMatch.groups.path.includes('//')) { logger.debug('Terraform module contains subdirectory'); dep.depName = gitTagsRefMatch.groups.path.split('//')[0]; @@ -56,7 +56,7 @@ export function analyseTerraformModule(dep: PackageDependency): void { if (hostnameMatch) { dep.registryUrls = [`https://${hostnameMatch.groups.hostname}`]; } - dep.depType = 'terraform'; + dep.depType = 'module'; dep.depName = moduleParts.join('/'); dep.datasource = datasourceTerraformModule.id; } diff --git a/lib/manager/terraform/providers.ts b/lib/manager/terraform/providers.ts index 7be0e7653a3889..aa06ad0d73609c 100644 --- a/lib/manager/terraform/providers.ts +++ b/lib/manager/terraform/providers.ts @@ -61,7 +61,7 @@ export function extractTerraformProvider( export function analyzeTerraformProvider(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ - dep.depType = 'terraform'; + dep.depType = 'provider'; dep.depName = dep.managerData.moduleName; dep.datasource = datasourceTerraformProvider.id; diff --git a/lib/manager/terraform/readme.md b/lib/manager/terraform/readme.md index 4dd83219332888..9d3138c89cb327 100644 --- a/lib/manager/terraform/readme.md +++ b/lib/manager/terraform/readme.md @@ -1,21 +1,38 @@ -Currently Terraform support is limited to Terraform registry sources and GitHub sources that include SemVer refs, e.g. like `github.com/hashicorp/example?ref=v1.0.0`. +Currently, Terraform supports renovating the following dependencies, where sub points represent hosting options of the dependencies: -Fixed versions like the following will receive a PR whenever there is a newer version available: +- modules + - GitTags + - GithubTags + - TerraformRegistry ( Public and Private ) +- providers ( deprecated in Terraform 0.13.0 ) + - TerraformRegistry ( Public and Private ) +- required_providers block ( Terraform >= 0.13.0) + - TerraformRegistry ( Public and Private ) +- required_version +- helm_release + - chart repository ( Public and Private ) +- docker\_\* + - Docker registry ( Public and Private ) -``` -module "consul" { - source = "hashicorp/consul/aws" - version = "0.0.5" - servers = 3 -} -``` - -The following _range_ constraints are also supported: +Terraform range constraints are supported: - `>= 1.2.0`: version 1.2.0 or newer - `<= 1.2.0`: version 1.2.0 or older - `~> 1.2.0`: any non-beta version >= 1.2.0 and < 1.3.0, e.g. 1.2.X - `~> 1.2`: any non-beta version >= 1.2.0 and < 2.0.0, e.g. 1.X.Y -- `>= 1.0.0`, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive +- `>= 1.0.0, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive + +For fine-grained control, e.g. to turn off only parts of this manager, there are following `depTypes` provided: + +| resource | depType | +| --------------------------- | :---------------: | +| terraform provider | provider | +| required terraform provider | required_provider | +| required terraform version | required_version | +| terraform module | module | +| helm release | helm_release | +| docker container | docker_container | +| docker image | docker_image | +| docker service | docker_service | If you need to change the versioning format, read the [versioning](https://docs.renovatebot.com/modules/versioning/) documentation to learn more. diff --git a/lib/manager/terraform/required-providers.ts b/lib/manager/terraform/required-providers.ts index 9319737a69c94f..44b1186210c23e 100644 --- a/lib/manager/terraform/required-providers.ts +++ b/lib/manager/terraform/required-providers.ts @@ -1,4 +1,5 @@ import type { PackageDependency } from '../types'; +import { analyzeTerraformProvider } from './providers'; import { ExtractionResult, TerraformDependencyTypes, @@ -72,3 +73,10 @@ export function extractTerraformRequiredProviders( } while (line.trim() !== '}'); return { lineNumber, dependencies: deps }; } + +export function analyzeTerraformRequiredProvider(dep: PackageDependency): void { + /* eslint-disable no-param-reassign */ + analyzeTerraformProvider(dep); + dep.depType = `required_provider`; + /* eslint-enable no-param-reassign */ +} diff --git a/lib/manager/terraform/required-version.ts b/lib/manager/terraform/required-version.ts index f5deb89a8b87fd..c8bb1e4dad6f32 100644 --- a/lib/manager/terraform/required-version.ts +++ b/lib/manager/terraform/required-version.ts @@ -48,6 +48,7 @@ export function extractTerraformRequiredVersion( export function analyseTerraformVersion(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ + dep.depType = 'required_version'; dep.datasource = datasourceGithubTags.id; dep.depName = 'hashicorp/terraform'; dep.extractVersion = 'v(?.*)$'; diff --git a/lib/manager/terraform/resources.ts b/lib/manager/terraform/resources.ts index 62c986261c8806..4937a8e98ef4d6 100644 --- a/lib/manager/terraform/resources.ts +++ b/lib/manager/terraform/resources.ts @@ -73,6 +73,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_container: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_container'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -81,6 +82,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_image: if (dep.managerData.name) { applyDockerDependency(dep, dep.managerData.name); + dep.depType = 'docker_image'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -89,6 +91,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_service: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_service'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -100,7 +103,7 @@ export function analyseTerraformResource( } else if (checkIfStringIsPath(dep.managerData.chart)) { dep.skipReason = SkipReason.LocalChart; } - dep.depType = 'helm'; + dep.depType = 'helm_release'; dep.registryUrls = [dep.managerData.repository]; dep.depName = dep.managerData.chart; dep.datasource = datasourceHelm.id; diff --git a/lib/manager/types.ts b/lib/manager/types.ts index 2c167ecc539103..c73d71f4775962 100644 --- a/lib/manager/types.ts +++ b/lib/manager/types.ts @@ -23,7 +23,7 @@ export interface ExtractConfig extends ManagerConfig { endpoint?: string; gradle?: { timeout?: number }; aliases?: Record; - ignoreNpmrcFile?: boolean; + npmrc?: string; yarnrc?: string; skipInstalls?: boolean; versioning?: string; @@ -90,7 +90,6 @@ export interface PackageFile> datasource?: string; registryUrls?: string[]; deps: PackageDependency[]; - ignoreNpmrcFile?: boolean; lernaClient?: string; lernaPackages?: string[]; mavenProps?: Record; diff --git a/lib/util/exec/env.spec.ts b/lib/util/exec/env.spec.ts index e3a0eabc258ad3..ebc1c16900a513 100644 --- a/lib/util/exec/env.spec.ts +++ b/lib/util/exec/env.spec.ts @@ -58,7 +58,7 @@ describe('getChildProcess environment when trustlevel set to low', () => { describe('getChildProcessEnv when trustlevel set to high', () => { it('returns process.env if trustlevel set to high', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); expect(getChildProcessEnv()).toMatchObject(process.env); }); }); diff --git a/lib/util/exec/env.ts b/lib/util/exec/env.ts index 38950e4e867a95..faffd61bf81526 100644 --- a/lib/util/exec/env.ts +++ b/lib/util/exec/env.ts @@ -17,7 +17,7 @@ export function getChildProcessEnv( customEnvVars: string[] = [] ): NodeJS.ProcessEnv { const env: NodeJS.ProcessEnv = {}; - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { return { ...env, ...process.env }; } const envVars = [...basicEnvVars, ...customEnvVars]; diff --git a/lib/util/exec/exec.spec.ts b/lib/util/exec/exec.spec.ts index f5a67fbda53284..e5db81a628a4e8 100644 --- a/lib/util/exec/exec.spec.ts +++ b/lib/util/exec/exec.spec.ts @@ -194,7 +194,7 @@ describe(getName(__filename), () => { maxBuffer: 10485760, }, ], - adminConfig: { trustLevel: 'high' }, + adminConfig: { exposeAllEnv: true }, }, ], diff --git a/lib/util/git/index.ts b/lib/util/git/index.ts index 3ced1d68ead6f5..829f18abe8cdcd 100644 --- a/lib/util/git/index.ts +++ b/lib/util/git/index.ts @@ -488,7 +488,6 @@ export async function isBranchModified(branchName: string): Promise { ).trim(); const { gitAuthorEmail } = config; if ( - lastAuthor === process.env.RENOVATE_LEGACY_GIT_AUTHOR_EMAIL || // remove in next major release lastAuthor === gitAuthorEmail || config.ignoredAuthors.some((ignoredAuthor) => lastAuthor === ignoredAuthor) ) { diff --git a/lib/workers/branch/index.spec.ts b/lib/workers/branch/index.spec.ts index a38f6cce331b99..73d68242507905 100644 --- a/lib/workers/branch/index.spec.ts +++ b/lib/workers/branch/index.spec.ts @@ -736,7 +736,7 @@ describe(getName(__filename), () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -816,7 +816,7 @@ describe(getName(__filename), () => { const adminConfig = { allowedPostUpgradeCommands: ['^exit 1$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -885,7 +885,7 @@ describe(getName(__filename), () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: false, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); const result = await branchWorker.processBranch({ @@ -965,7 +965,7 @@ describe(getName(__filename), () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{depName}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); diff --git a/lib/workers/global/index.ts b/lib/workers/global/index.ts index 0d7978fb735f75..d7715983fe8c8c 100644 --- a/lib/workers/global/index.ts +++ b/lib/workers/global/index.ts @@ -5,12 +5,14 @@ import { satisfies } from 'semver'; import upath from 'upath'; import * as pkg from '../../../package.json'; import * as configParser from '../../config'; +import { resolveConfigPresets } from '../../config/presets'; import { validateConfigSecrets } from '../../config/secrets'; import type { GlobalConfig, RenovateConfig, RenovateRepository, } from '../../config/types'; +import { CONFIG_PRESETS_INVALID } from '../../constants/error-messages'; import { getProblems, logger, setMeta } from '../../logger'; import { setUtilConfig } from '../../util'; import * as hostRules from '../../util/host-rules'; @@ -70,6 +72,14 @@ function checkEnv(): void { } } +export async function validatePresets(config: GlobalConfig): Promise { + try { + await resolveConfigPresets(config); + } catch (err) /* istanbul ignore next */ { + throw new Error(CONFIG_PRESETS_INVALID); + } +} + export async function start(): Promise { let config: GlobalConfig; try { @@ -78,6 +88,8 @@ export async function start(): Promise { // initialize all submodules config = await globalInitialize(config); + await validatePresets(config); + checkEnv(); // validate secrets. Will throw and abort if invalid diff --git a/lib/workers/repository/extract/__snapshots__/manager-files.spec.ts.snap b/lib/workers/repository/extract/__snapshots__/manager-files.spec.ts.snap index 7b05cb15e52b9f..52bad56bc98bae 100644 --- a/lib/workers/repository/extract/__snapshots__/manager-files.spec.ts.snap +++ b/lib/workers/repository/extract/__snapshots__/manager-files.spec.ts.snap @@ -14,7 +14,6 @@ Array [ "prettyDepType": "dependency", }, ], - "ignoreNpmrcFile": undefined, "lernaClient": undefined, "lernaPackages": undefined, "managerData": Object { diff --git a/lib/workers/repository/init/config.ts b/lib/workers/repository/init/config.ts index fb802acef351f8..15a92b1e2f9b1a 100644 --- a/lib/workers/repository/init/config.ts +++ b/lib/workers/repository/init/config.ts @@ -203,7 +203,6 @@ export async function mergeRenovateConfig( 'Ignoring any .npmrc files in repository due to configured npmrc' ); npmApi.setNpmrc(resolvedConfig.npmrc); - resolvedConfig.ignoreNpmrcFile = true; } // istanbul ignore if if (resolvedConfig.hostRules) { diff --git a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap index 35d60b78c71ea5..871c729a8f4b3a 100644 --- a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap +++ b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap @@ -50,7 +50,7 @@ Array [ "newValue": "==0.9.7", "newVersion": "0.9.7", "releaseTimestamp": "2013-09-04T17:07:22.948Z", - "updateType": "minor", + "updateType": "patch", }, Object { "bucket": "major", @@ -446,30 +446,7 @@ Array [ "newValue": "0.9.7", "newVersion": "0.9.7", "releaseTimestamp": "2013-09-04T17:07:22.948Z", - "updateType": "minor", - }, - Object { - "bucket": "major", - "newMajor": 1, - "newMinor": 4, - "newValue": "1.4.1", - "newVersion": "1.4.1", - "releaseTimestamp": "2015-05-17T04:25:07.299Z", - "updateType": "major", - }, -] -`; - -exports[`workers/repository/process/lookup/index .lookupUpdates() returns minor update if separate patches not configured 1`] = ` -Array [ - Object { - "bucket": "non-major", - "newMajor": 0, - "newMinor": 9, - "newValue": "0.9.7", - "newVersion": "0.9.7", - "releaseTimestamp": "2013-09-04T17:07:22.948Z", - "updateType": "minor", + "updateType": "patch", }, Object { "bucket": "major", @@ -552,6 +529,29 @@ Array [ ] `; +exports[`workers/repository/process/lookup/index .lookupUpdates() returns patch update even if separate patches not configured 1`] = ` +Array [ + Object { + "bucket": "non-major", + "newMajor": 0, + "newMinor": 9, + "newValue": "0.9.7", + "newVersion": "0.9.7", + "releaseTimestamp": "2013-09-04T17:07:22.948Z", + "updateType": "patch", + }, + Object { + "bucket": "major", + "newMajor": 1, + "newMinor": 4, + "newValue": "1.4.1", + "newVersion": "1.4.1", + "releaseTimestamp": "2015-05-17T04:25:07.299Z", + "updateType": "major", + }, +] +`; + exports[`workers/repository/process/lookup/index .lookupUpdates() returns patch update if separateMinorPatch 1`] = ` Array [ Object { @@ -617,7 +617,7 @@ Array [ "newValue": "3.1.0-dev.20180813", "newVersion": "3.1.0-dev.20180813", "releaseTimestamp": "2018-08-13T19:05:14.347Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -631,7 +631,7 @@ Array [ "newValue": "2.5.17-beta.0", "newVersion": "2.5.17-beta.0", "releaseTimestamp": "2018-03-23T23:29:13.819Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -655,7 +655,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -682,7 +682,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -696,7 +696,7 @@ Array [ "newValue": "3.0.1", "newVersion": "3.0.1", "releaseTimestamp": "2018-07-30T16:21:13.150Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -723,7 +723,7 @@ Array [ "newValue": "^0.0.35", "newVersion": "0.0.35", "releaseTimestamp": "2017-04-27T16:59:06.479Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1503,7 +1503,7 @@ Array [ "newValue": "1.0.1", "newVersion": "1.0.1", "releaseTimestamp": "2014-03-11T18:47:17.560Z", - "updateType": "minor", + "updateType": "patch", }, ] `; diff --git a/lib/workers/repository/process/lookup/index.spec.ts b/lib/workers/repository/process/lookup/index.spec.ts index 93413f8a63acdb..1edb6aa299597f 100644 --- a/lib/workers/repository/process/lookup/index.spec.ts +++ b/lib/workers/repository/process/lookup/index.spec.ts @@ -186,7 +186,7 @@ describe(getName(__filename), () => { Error(CONFIG_VALIDATION) ); }); - it('returns minor update if separate patches not configured', async () => { + it('returns patch update even if separate patches not configured', async () => { config.currentValue = '0.9.0'; config.rangeStrategy = 'pin'; config.depName = 'q'; @@ -195,8 +195,8 @@ describe(getName(__filename), () => { const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); expect(res.updates).toHaveLength(2); - expect(res.updates[0].updateType).not.toEqual('patch'); - expect(res.updates[1].updateType).not.toEqual('patch'); + expect(res.updates[0].updateType).toEqual('patch'); + expect(res.updates[1].updateType).toEqual('major'); }); it('returns minor update if automerging both patch and minor', async () => { config.patch = { @@ -212,7 +212,7 @@ describe(getName(__filename), () => { nock('https://registry.npmjs.org').get('/q').reply(200, qJson); const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); - expect(res.updates[0].updateType).toEqual('minor'); + expect(res.updates[0].updateType).toEqual('patch'); }); it('returns patch update if separateMinorPatch', async () => { config.separateMinorPatch = true; diff --git a/lib/workers/repository/process/lookup/update-type.ts b/lib/workers/repository/process/lookup/update-type.ts index 956d7b310a88ed..90768a16d11d3f 100644 --- a/lib/workers/repository/process/lookup/update-type.ts +++ b/lib/workers/repository/process/lookup/update-type.ts @@ -19,8 +19,5 @@ export function getUpdateType( if (versioning.getMinor(newVersion) > versioning.getMinor(currentVersion)) { return 'minor'; } - if (config.separateMinorPatch) { - return 'patch'; - } - return 'minor'; + return 'patch'; } diff --git a/lib/workers/repository/updates/flatten.ts b/lib/workers/repository/updates/flatten.ts index 6261b851c88ca9..7c7ef3008846ab 100644 --- a/lib/workers/repository/updates/flatten.ts +++ b/lib/workers/repository/updates/flatten.ts @@ -4,7 +4,6 @@ import { mergeChildConfig, } from '../../../config'; import type { RenovateConfig } from '../../../config/types'; -import { LANGUAGE_DOCKER } from '../../../constants/languages'; import { getDefaultConfig } from '../../../datasource'; import { get } from '../../../manager'; import { applyPackageRules } from '../../../util/package-rules'; @@ -27,14 +26,6 @@ export function applyUpdateConfig(input: BranchUpgradeConfig): any { .replace(/-+/, '-') .toLowerCase() : undefined; - if ( - updateConfig.language === LANGUAGE_DOCKER && - /(^|\/)node$/.exec(updateConfig.depName) && - updateConfig.depName !== 'calico/node' - ) { - updateConfig.additionalBranchPrefix = ''; - updateConfig.depNameSanitized = 'node'; - } generateBranchName(updateConfig); return updateConfig; }