Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: v25 #9394

Merged
merged 21 commits into from Apr 22, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
482012a
feat: remove RENOVATE_LEGACY_GIT_AUTHOR_EMAIL (#9389)
rarkins Apr 4, 2021
8516aac
feat: drop NPM_TOKEN support (#9391)
rarkins Apr 21, 2021
f74e0d7
feat: remove logLevel support in config (#9390)
rarkins Apr 4, 2021
6c381cf
feat: split trustLevel into separate options (#9388)
rarkins Apr 15, 2021
aa717ea
feat(config): remove manager additionalBranchPrefix defaults (#9373)
rarkins Apr 21, 2021
d5d2954
feat: updateType=patch (#9393)
rarkins Apr 21, 2021
c2980e9
feat(terraform): rework dep types (#9116)
secustor Apr 4, 2021
c67b068
docs: improve sentences (#9395)
HonkingGoose Apr 4, 2021
55debcc
docs: outdated remove trustLevel doc references
rarkins Apr 5, 2021
305b449
refactor: skipInstalls -> artifactUpdateApproach (#9119)
rarkins Apr 21, 2021
7067b39
feat(npm): remove ignoreNpmrcFile support (#9409)
rarkins Apr 6, 2021
2bad77b
feat(npm): remove ~/.npmrc support (#9400)
rarkins Apr 6, 2021
67228ea
feat(config): delay preset resolution until after platform initializa…
rarkins Apr 21, 2021
3904e90
feat: drop dockerMapDotFiles (#9417)
rarkins Apr 10, 2021
45fcaa4
refactor(config): explicit migration string check
rarkins Apr 7, 2021
c9fac51
feat: group:Nodejs (#9469)
rarkins Apr 9, 2021
8a63f20
feat(docker): enable major updates by default (#9470)
rarkins Apr 9, 2021
26b2762
chore: update snapshot
rarkins Apr 10, 2021
3e45ccd
feat(npm): retain npmrc lines without variables (#9484)
rarkins Apr 10, 2021
b701371
refactor: artifactUpdateApproach -> skipInstalls
rarkins Apr 21, 2021
31edce4
chore: revert hasFancyRefs
rarkins Apr 22, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 0 additions & 1 deletion docs/development/local-development.md
Expand Up @@ -75,7 +75,6 @@ The Renovate project uses the [Yarn](https://github.com/yarnpkg/yarn) package ma

To ensure everything is working properly on your end, you must:

1. Make sure you don't have a local `.npmrc` file that overrides npm's default registry
1. Install all dependencies with `yarn install`
1. Make a build with `yarn build`, which should pass with no errors
1. Verify all tests pass and have 100% test coverage, by running `yarn test`
Expand Down
11 changes: 1 addition & 10 deletions docs/usage/configuration-options.md
Expand Up @@ -69,7 +69,7 @@ With the above config:
## additionalBranchPrefix

This value defaults to an empty string, and is typically not necessary.
Some managers populate this field for historical reasons, for example we use `docker-` for Docker branches, so they may look like `renovate/docker-ubuntu-16.x`.
Some managers previously populated this field, but they no longer do so by default.
You normally don't need to configure this, but one example where it can be useful is combining with `parentDir` in monorepos to split PRs based on where the package definition is located, e.g.

```json
Expand Down Expand Up @@ -969,13 +969,6 @@ The above is the same as if you wrote this package rule:
}
```

## ignoreNpmrcFile

By default, Renovate will look for and use any `.npmrc` file it finds in a repository.
Additionally, it will be read in by `npm` or `yarn` at the time of lock file generation.
Sometimes this causes problems, for example if the file contains placeholder values, so you can configure this to `true` and Renovate will ignore any `.npmrc` files it finds and temporarily remove the file before running `npm install` or `yarn install`.
Renovate will try to configure this to `true` also if you have configured any `npmrc` string within your config file.

## ignorePaths

Using this setting, you can selectively ignore package files that you don't want Renovate autodiscovering.
Expand Down Expand Up @@ -1517,7 +1510,6 @@ For example to apply a special label for Major updates:
## patch

Add to this object if you wish to define rules that apply only to patch updates.
Only applies if `separateMinorPatch` is set to true.

## php

Expand All @@ -1542,7 +1534,6 @@ If enabled Renovate will pin Docker images by means of their SHA256 digest and n
Post-upgrade tasks are commands that are executed by Renovate after a dependency has been updated but before the commit is created.
The intention is to run any additional command line tools that would modify existing files or generate new files when a dependency changes.

This is only available on Renovate instances that have a `trustLevel` of 'high'.
Each command must match at least one of the patterns defined in `allowedPostUpgradeTasks` in order to be executed.
If the list of allowed tasks is empty then no tasks will be executed.

Expand Down
3 changes: 1 addition & 2 deletions docs/usage/configuration-templates.md
Expand Up @@ -21,8 +21,7 @@ Most users will be happy with the default `branchPrefix` of `renovate/`, but you
Say you don't want the forward slashes, in that case you would use `renovate-` as your `branchPrefix`.
The onboarding PR will always use `renovate/configure`.

`additionalBranchPrefix` is optional and by default is empty for all JavaScript dependencies.
We use `docker-` for all Docker updates, branches will look like this: `renovate/docker-ubuntu-16.x`.
`additionalBranchPrefix` is optional and by default is empty.

`branchTopic` depends on the package manager and upgrade type, so you will see a lot of variety.
This is probably a setting you want to change yourself.
Expand Down
5 changes: 1 addition & 4 deletions docs/usage/faq.md
Expand Up @@ -208,10 +208,7 @@ To learn more read the section below.

You can see in the example above that Renovate won't normally open a PR for the `snorgleborf` patch release.

There are 2 ways to tell Renovate to open a separate PR for the patch release:

- Set `separateMinorPatch` to `true`
- Set `automerge` to the value: `"patch"`
You can tell Renovate to open a separate PR for the patch release by setting `separateMinorPatch` to `true`.

In both cases, Renovate will open 3 PRs:

Expand Down
18 changes: 2 additions & 16 deletions docs/usage/private-modules.md
Expand Up @@ -33,8 +33,6 @@ The recommended approaches in order of preference are:

**Self-hosted hostRules**: Configure a hostRules entry in the bot's `config.js` with the `hostType`, `hostName` and `token` specified

**Self-hosted .npmrc**: copy an `.npmrc` file to the home dir of the bot.

**Renovate App with private modules from npmjs.org**: Add an encrypted `npmToken` to your Renovate config

**Renovate App with a private registry**: Add an unencrypted `npmrc` plus an encrypted `npmToken` in config
Expand Down Expand Up @@ -64,23 +62,11 @@ module.exports = {
};
```

**NOTE:** Do not use `NPM_TOKEN` as an environment variable, it's incompatible with `hostRules` and will be deprecated soon.

### Commit .npmrc file into repository

One approach that many projects use for private repositories is to simply check in an authenticated `.npmrc` into the repository that is then shared between all developers.
Therefore anyone running `npm install` or `yarn install` from the project root will be automatically authenticated with npm without having to distribute npm logins to every developer and make sure they've run `npm login` first before installing.

The good news is that this works for Renovate too.
If Renovate detects a `.npmrc` or `.yarnrc` file then it will use it for its install.

Does not work if using binarySource=docker.
_This method will be deprecated soon_
**NOTE:** Do not use `NPM_TOKEN` as an environment variable.

### Add npmrc string to Renovate config

The above solution maybe have a downside that all users of the repository (e.g. developers) will also use any `.npmrc` that is checked into the repository, instead of their own one in `~/.npmrc`.
To avoid this, you can instead add your `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this:
You can add an `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this:

```json
{
Expand Down
48 changes: 13 additions & 35 deletions docs/usage/self-hosted-configuration.md
Expand Up @@ -9,6 +9,8 @@ The configuration options listed in this document are applicable to self-hosted

Please also see [Self-Hosted Experimental Options](./self-hosted-experimental.md).

## allowCustomCrateRegistries

## allowPostUpgradeCommandTemplating

Set to true to allow templating of dependency level post-upgrade commands.
Expand Down Expand Up @@ -52,18 +54,18 @@ npm ci --ignore-scripts
npx ng update @angular/core --from=10.0.0 --to=11.0.0 --migrate-only --allow-dirty --force
```

## allowScripts

## allowedPostUpgradeCommands

A list of regular expressions that determine which commands in `postUpgradeTasks` are allowed to be executed.
If this list is empty then no tasks will be executed.
Also you need to have `"trustLevel": "high"`, otherwise these tasks will be ignored.

e.g.

```json
{
"allowedPostUpgradeCommands": ["^tslint --fix$", "^tslint --[a-z]+$"],
"trustLevel": "high"
"allowedPostUpgradeCommands": ["^tslint --fix$", "^tslint --[a-z]+$"]
}
```

Expand Down Expand Up @@ -156,17 +158,6 @@ You would use put this in your configuration file:

If you pulled a new `node` image, the final image would be `ghcr.io/renovatebot/node` instead of `docker.io/renovate/node`.

## dockerMapDotfiles

This is used if you want to map "dotfiles" from your host computer home directory to containers that Renovate creates, e.g. for updating lock files.
Currently applicable to `.npmrc` only.

```json
{
"dockerMapDotfiles": true
}
```

## dockerUser

Override default user and group used by Docker-based binaries.
Expand All @@ -186,6 +177,14 @@ e.g.

## endpoint

## exposeAllEnv

By default, Renovate only passes a limited set of environment variables to package managers.
Confidential data can be leaked if a malicious script enumerates all environment variables.
Set `exposeAllEnv` to `true` only if you have reviewed (and trust) the repositories which Renovate bot runs against.

Setting this to `true` will also allow for variable substitution in `.npmrc` files.

## force

This object is used as a "force override" when you need to make sure certain configuration overrides whatever is configured in the repository.
Expand Down Expand Up @@ -233,18 +232,6 @@ If left as default (null), a random short ID will be selected.

## logFileLevel

## logLevel

We recommend that you run the Renovate bot at the debug level if you can.
Use the environment variable `LOG_LEVEL=debug` to run Renovate at the debug level.

When you use `LOG_LEVEL=debug`, debug logging starts from the beginning of the app.
If you had configured debug logging in a file config, then the debug logging starts _after_ the file config is parsed.

Additionally, if you configure `LOG_FORMAT=json` in env then logging will be done in JSON format instead of "pretty" format, which is usually better if you're doing any ingestion or parsing of the logs.

Warning: Configuring `logLevel` config option or `--log-level` cli option is deprecated and will be removed in a major version.

## onboarding

Set this to `false` only if all three statements are true:
Expand Down Expand Up @@ -387,13 +374,4 @@ This is currently applicable to `npm` and `lerna`/`npm` only, and only used in c

## token

## trustLevel

Setting trustLevel to `"high"` can make sense in many self-hosted cases where the bot operator trusts the content in each repository.

Setting trustLevel=high means:

- Child processes are run with full access to `env`
- `.npmrc` files can have environment variable substitution performed

## username
5 changes: 0 additions & 5 deletions docs/usage/self-hosted-experimental.md
Expand Up @@ -27,11 +27,6 @@ If set to any integer, Renovate will use this integer instead of the default npm
If set to any value, Renovate will skip its default artifacts filter check in the Maven datasource.
Skiping the check will speed things up, but may result in versions being returned which don't properly exist on the server.

## RENOVATE_LEGACY_GIT_AUTHOR_EMAIL

An additional `gitAuthor` email to ignore.
This variable is deprecated: use `ignoredAuthors` instead.

## RENOVATE_PAGINATE_ALL

If set to any value, Renovate will always paginate requests to GitHub fully, instead of stopping after 10 pages.
Expand Down
7 changes: 5 additions & 2 deletions lib/config/__snapshots__/migration.spec.ts.snap
Expand Up @@ -78,6 +78,8 @@ Array [
exports[`config/migration migrateConfig(config, parentConfig) migrates config 1`] = `
Object {
"additionalBranchPrefix": "{{parentDir}}-",
"allowCustomCrateRegistries": true,
"allowScripts": true,
"autodiscover": true,
"automerge": false,
"automergeType": "branch",
Expand All @@ -94,6 +96,7 @@ Object {
"dependencyDashboard": true,
"dependencyDashboardTitle": "foo",
"enabled": true,
"exposeAllEnv": true,
"extends": Array [
":automergeBranch",
"config:js-app",
Expand All @@ -109,8 +112,8 @@ Object {
"includeForks": true,
"lockFileMaintenance": Object {
"automerge": true,
"exposeAllEnv": false,
"schedule": "before 5am",
"trustLevel": "low",
},
"major": Object {
"automerge": false,
Expand All @@ -121,6 +124,7 @@ Object {
"minor": Object {
"automerge": true,
},
"npmrc": "",
"nvmrc": Object {
"packageRules": Array [
Object {
Expand Down Expand Up @@ -243,7 +247,6 @@ Object {
"travis": Object {
"enabled": true,
},
"trustLevel": "high",
}
`;

Expand Down
4 changes: 3 additions & 1 deletion lib/config/admin.ts
Expand Up @@ -4,15 +4,17 @@ let adminConfig: RepoAdminConfig = {};

// TODO: once admin config work is complete, add a test to make sure this list includes all options with admin=true
export const repoAdminOptions = [
'allowCustomCrateRegistries',
'allowPostUpgradeCommandTemplating',
'allowScripts',
'allowedPostUpgradeCommands',
'customEnvVariables',
'dockerChildPrefix',
'dockerImagePrefix',
'dockerUser',
'dryRun',
'exposeAllEnv',
'privateKey',
'trustLevel',
];

export function setAdminConfig(config: RenovateConfig = {}): void {
Expand Down
50 changes: 22 additions & 28 deletions lib/config/definitions.ts
Expand Up @@ -254,14 +254,6 @@ const options: RenovateOptions[] = [
type: 'object',
default: false,
},
{
name: 'dockerMapDotfiles',
description:
'Map relevant home directory dotfiles into containers when binarySource=docker.',
admin: true,
type: 'boolean',
default: false,
},
{
name: 'dockerChildPrefix',
description:
Expand Down Expand Up @@ -294,13 +286,6 @@ const options: RenovateOptions[] = [
admin: true,
},
// Log options
{
name: 'logLevel',
description: 'Logging level. Deprecated, use `LOG_LEVEL` environment.',
stage: 'global',
type: 'string',
allowedValues: ['fatal', 'error', 'warn', 'info', 'debug', 'trace'],
},
{
name: 'logFile',
description: 'Log file path.',
Expand Down Expand Up @@ -480,17 +465,33 @@ const options: RenovateOptions[] = [
default: false,
},
{
name: 'trustLevel',
name: 'exposeAllEnv',
description:
'Set this to "high" if the bot should trust the repository owners/contents.',
'Configure this to true to allow passing of all env variables to package managers.',
rarkins marked this conversation as resolved.
Show resolved Hide resolved
admin: true,
type: 'string',
default: 'low',
type: 'boolean',
default: false,
},
{
name: 'allowScripts',
description:
'Configure this to true if repositories are allowed to run install scripts.',
admin: true,
type: 'boolean',
default: false,
},
{
name: 'allowCustomCrateRegistries',
description:
'Configure this to true if custom crate registries are allowed.',
admin: true,
type: 'boolean',
default: false,
},
{
name: 'ignoreScripts',
description:
'Configure this to true if trustLevel is high but you wish to skip running scripts when updating lock files.',
'Configure this to true if allowScripts=true but you wish to skip running scripts when updating lock files.',
type: 'boolean',
default: false,
},
Expand Down Expand Up @@ -562,12 +563,6 @@ const options: RenovateOptions[] = [
default: null,
admin: true,
},
{
name: 'ignoreNpmrcFile',
description: 'Whether to ignore any .npmrc file found in repository.',
type: 'boolean',
default: false,
},
{
name: 'autodiscover',
description: 'Autodiscover all repositories.',
Expand Down Expand Up @@ -1068,8 +1063,7 @@ const options: RenovateOptions[] = [
},
{
name: 'patch',
description:
'Configuration to apply when an update type is patch. Only applies if `separateMinorPatch` is set to true.',
description: 'Configuration to apply when an update type is patch.',
stage: 'package',
type: 'object',
default: {},
Expand Down