From 7a2d672bec5b835fa53415f23adaea27874197b4 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 09:18:56 +0200 Subject: [PATCH 01/27] feat: remove RENOVATE_LEGACY_GIT_AUTHOR_EMAIL (#9389) Removes RENOVATE_LEGACY_GIT_AUTHOR_EMAIL support. Closes #9111 BREAKING CHANGE: RENOVATE_LEGACY_GIT_AUTHOR_EMAIL is no longer supported. Use `ignoredAuthors` in config instead. --- docs/usage/self-hosted-experimental.md | 5 ----- lib/util/git/index.ts | 1 - 2 files changed, 6 deletions(-) diff --git a/docs/usage/self-hosted-experimental.md b/docs/usage/self-hosted-experimental.md index 1151bd65d624ac..2f00716900c3b6 100644 --- a/docs/usage/self-hosted-experimental.md +++ b/docs/usage/self-hosted-experimental.md @@ -27,11 +27,6 @@ If set to any integer, Renovate will use this integer instead of the default npm If set to any value, Renovate will skip its default artifacts filter check in the Maven datasource. Skiping the check will speed things up, but may result in versions being returned which don't properly exist on the server. -## RENOVATE_LEGACY_GIT_AUTHOR_EMAIL - -An additional `gitAuthor` email to ignore. -This variable is deprecated: use `ignoredAuthors` instead. - ## RENOVATE_PAGINATE_ALL If set to any value, Renovate will always paginate requests to GitHub fully, instead of stopping after 10 pages. diff --git a/lib/util/git/index.ts b/lib/util/git/index.ts index 79686b17974561..2def06c69124dc 100644 --- a/lib/util/git/index.ts +++ b/lib/util/git/index.ts @@ -489,7 +489,6 @@ export async function isBranchModified(branchName: string): Promise { ).trim(); const { gitAuthorEmail } = config; if ( - lastAuthor === process.env.RENOVATE_LEGACY_GIT_AUTHOR_EMAIL || // remove in next major release lastAuthor === gitAuthorEmail || config.ignoredAuthors.some((ignoredAuthor) => lastAuthor === ignoredAuthor) ) { From 69ea8fc2621959ee2ec5d702c810003eb2e82324 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 09:36:31 +0200 Subject: [PATCH 02/27] feat: drop NPM_TOKEN support (#9391) Removes support for NPM_TOKEN. BREAKING CHANGE: Do not use NPM_TOKEN in env to configure npm authentication. Configure hostRules instead. --- docs/usage/private-modules.md | 2 +- lib/config/presets/npm/index.spec.ts | 1 - .../npm/__snapshots__/index.spec.ts.snap | 39 ------------------- lib/datasource/npm/index.spec.ts | 16 -------- lib/datasource/npm/npmrc.spec.ts | 1 - lib/datasource/npm/npmrc.ts | 5 --- lib/manager/npm/post-update/lerna.ts | 1 - lib/manager/npm/post-update/npm.ts | 1 - lib/manager/npm/post-update/pnpm.ts | 1 - lib/manager/npm/post-update/yarn.ts | 1 - 10 files changed, 1 insertion(+), 67 deletions(-) diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md index 44d95db472515c..2c8e596f774dc9 100644 --- a/docs/usage/private-modules.md +++ b/docs/usage/private-modules.md @@ -64,7 +64,7 @@ module.exports = { }; ``` -**NOTE:** Do not use `NPM_TOKEN` as an environment variable, it's incompatible with `hostRules` and will be deprecated soon. +**NOTE:** Do not use `NPM_TOKEN` as an environment variable. ### Commit .npmrc file into repository diff --git a/lib/config/presets/npm/index.spec.ts b/lib/config/presets/npm/index.spec.ts index 8cd3601638dd68..11750dde63c657 100644 --- a/lib/config/presets/npm/index.spec.ts +++ b/lib/config/presets/npm/index.spec.ts @@ -6,7 +6,6 @@ jest.mock('registry-auth-token'); jest.mock('delay'); describe('config/presets/npm', () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); setAdminConfig(); diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap index e45039df17686d..9877b9a8d6ef70 100644 --- a/lib/datasource/npm/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/npm/__snapshots__/index.spec.ts.snap @@ -519,45 +519,6 @@ Array [ ] `; -exports[`datasource/npm/index should use NPM_TOKEN if provided 1`] = ` -Object { - "name": "@foobar/core", - "registryUrl": "https://registry.npmjs.org/", - "releases": Array [ - Object { - "releaseTimestamp": "2018-05-06T05:21:53.000Z", - "version": "0.0.1", - }, - Object { - "releaseTimestamp": "2018-05-07T05:21:53.000Z", - "version": "0.0.2", - }, - ], - "sourceDirectory": "src/a", - "sourceUrl": "https://github.com/renovateapp/dummy", - "tags": Object { - "latest": "0.0.1", - }, - "versions": Object {}, -} -`; - -exports[`datasource/npm/index should use NPM_TOKEN if provided 2`] = ` -Array [ - Object { - "headers": Object { - "accept": "application/json", - "accept-encoding": "gzip, deflate", - "authorization": "Bearer some-token", - "host": "registry.npmjs.org", - "user-agent": "https://github.com/renovatebot/renovate", - }, - "method": "GET", - "url": "https://registry.npmjs.org/@foobar%2Fcore", - }, -] -`; - exports[`datasource/npm/index should use default registry if missing from npmrc 1`] = ` Object { "name": "foobar", diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index a4979577cf60cb..1b630c14be2635 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -15,7 +15,6 @@ const registryAuthToken: jest.Mock<_registryAuthToken.NpmCredentials> = _registr let npmResponse: any; describe(getName(__filename), () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); httpMock.setup(); @@ -269,21 +268,6 @@ describe(getName(__filename), () => { expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('should use NPM_TOKEN if provided', async () => { - httpMock - .scope('https://registry.npmjs.org', { - reqheaders: { authorization: 'Bearer some-token' }, - }) - .get('/@foobar%2Fcore') - .reply(200, { ...npmResponse, name: '@foobar/core' }); - const oldToken = process.env.NPM_TOKEN; - process.env.NPM_TOKEN = 'some-token'; - const res = await getPkgReleases({ datasource, depName: '@foobar/core' }); - process.env.NPM_TOKEN = oldToken; - expect(res).toMatchSnapshot(); - expect(httpMock.getTrace()).toMatchSnapshot(); - }); - it('should use host rules by hostName if provided', async () => { hostRules.add({ hostType: 'npm', diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index d340093435907f..186e4969726351 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -9,7 +9,6 @@ const sanitize = mocked(_sanitize); describe(getName(__filename), () => { beforeEach(() => { - delete process.env.NPM_TOKEN; setNpmrc(''); setAdminConfig(); jest.resetAllMocks(); diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index c366b8e2a1ead3..7fd179fe11dd6e 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -129,11 +129,6 @@ export function resolvePackage(packageName: string): PackageResolution { { token: maskToken(authInfo.token), npmName: packageName }, 'Using auth (via npmrc) for npm lookup' ); - } else if (process.env.NPM_TOKEN && process.env.NPM_TOKEN !== 'undefined') { - logger.warn( - 'Support for NPM_TOKEN in env will be dropped in the next major release' - ); - headers.authorization = `Bearer ${process.env.NPM_TOKEN}`; } return { headers, packageUrl, registryUrl }; } diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts index 9799471ae71c6f..c2bb0bd3187e41 100644 --- a/lib/manager/npm/post-update/lerna.ts +++ b/lib/manager/npm/post-update/lerna.ts @@ -99,7 +99,6 @@ export async function generateLockFiles( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts index d3e43876605615..0025d620fe4c76 100644 --- a/lib/manager/npm/post-update/npm.ts +++ b/lib/manager/npm/post-update/npm.ts @@ -74,7 +74,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts index 7816267e786744..6541a412870a23 100644 --- a/lib/manager/npm/post-update/pnpm.ts +++ b/lib/manager/npm/post-update/pnpm.ts @@ -53,7 +53,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts index 30d75fd4efab82..c7c2d3b1131ac4 100644 --- a/lib/manager/npm/post-update/yarn.ts +++ b/lib/manager/npm/post-update/yarn.ts @@ -123,7 +123,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = From a5c785a40676efaf0797dc443726230d8baf5f09 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 10:58:32 +0200 Subject: [PATCH 03/27] feat: remove logLevel support in config (#9390) Remove support for logLevel in config. Must be configured using LOG_LEVEL instead. Closes #8291 BREAKING CHANGE: Configure LOG_LEVEL in env and not in config or CLI --- docs/usage/self-hosted-configuration.md | 12 ------------ lib/config/definitions.ts | 7 ------- lib/config/index.ts | 11 +---------- lib/config/types.ts | 1 - 4 files changed, 1 insertion(+), 30 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index 138be9db3ca1be..f6a10fbe5b3edf 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -225,18 +225,6 @@ If left as default (null), a random short ID will be selected. ## logFileLevel -## logLevel - -We recommend that you run the Renovate bot at the debug level if you can. -Use the environment variable `LOG_LEVEL=debug` to run Renovate at the debug level. - -When you use `LOG_LEVEL=debug`, debug logging starts from the beginning of the app. -If you had configured debug logging in a file config, then the debug logging starts _after_ the file config is parsed. - -Additionally, if you configure `LOG_FORMAT=json` in env then logging will be done in JSON format instead of "pretty" format, which is usually better if you're doing any ingestion or parsing of the logs. - -Warning: Configuring `logLevel` config option or `--log-level` cli option is deprecated and will be removed in a major version. - ## onboarding Set this to `false` only if all three statements are true: diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index ecf25ed6724fac..418e8f0625767d 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -275,13 +275,6 @@ const options: RenovateOptions[] = [ admin: true, }, // Log options - { - name: 'logLevel', - description: 'Logging level. Deprecated, use `LOG_LEVEL` environment.', - stage: 'global', - type: 'string', - allowedValues: ['fatal', 'error', 'warn', 'info', 'debug', 'trace'], - }, { name: 'logFile', description: 'Log file path.', diff --git a/lib/config/index.ts b/lib/config/index.ts index df118c916d050c..ec3aa0ef6cbf71 100644 --- a/lib/config/index.ts +++ b/lib/config/index.ts @@ -1,4 +1,4 @@ -import { addStream, levels, logger, setContext } from '../logger'; +import { addStream, logger, setContext } from '../logger'; import { get, getLanguageList, getManagerList } from '../manager'; import { ensureDir, getSubDirectory, readFile } from '../util/fs'; import { ensureTrailingSlash } from '../util/url'; @@ -84,15 +84,6 @@ export async function parseConfigs( delete config.privateKeyPath; } - // Deprecated set log level: https://github.com/renovatebot/renovate/issues/8291 - // istanbul ignore if - if (config.logLevel) { - logger.warn( - 'Configuring logLevel in CLI or file is deprecated. Use LOG_LEVEL environment variable instead' - ); - levels('stdout', config.logLevel); - } - if (config.logContext) { // This only has an effect if logContext was defined via file or CLI, otherwise it would already have been detected in env setContext(config.logContext); diff --git a/lib/config/types.ts b/lib/config/types.ts index f98003293e1d49..d426d845071713 100644 --- a/lib/config/types.ts +++ b/lib/config/types.ts @@ -74,7 +74,6 @@ export interface GlobalOnlyConfig { gitPrivateKey?: string; logFile?: string; logFileLevel?: LogLevel; - logLevel?: LogLevel; prCommitsPerRunLimit?: number; privateKeyPath?: string; redisUrl?: string; From 2eb962cb81a6c9cc20575475dd95d33d7451bb32 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:02:07 +0200 Subject: [PATCH 04/27] feat: split trustLevel into separate options (#9388) Removes trustLevel and replaces it with 3 other options instead. No longer necessary to set anything additional is configuring `allowedPostUpgradeCommands` BREAKING CHANGE: `trustLevel` is no longer supported and instead broken into `allowCustomCrateRegistries` , `allowScripts` , and `exposeAllEnv`. --- docs/usage/self-hosted-configuration.md | 20 +++++++------- .../__snapshots__/migration.spec.ts.snap | 6 +++-- lib/config/admin.ts | 4 ++- lib/config/definitions.ts | 26 +++++++++++++++---- lib/config/migration.spec.ts | 1 + lib/config/migration.ts | 11 +++++--- lib/config/types.ts | 4 ++- .../crate/__snapshots__/index.spec.ts.snap | 2 +- lib/datasource/crate/index.spec.ts | 12 ++++----- lib/datasource/crate/index.ts | 4 +-- lib/datasource/npm/index.spec.ts | 4 +-- lib/datasource/npm/npmrc.spec.ts | 2 +- lib/datasource/npm/npmrc.ts | 8 +++--- lib/manager/composer/artifacts.spec.ts | 5 ++-- lib/manager/composer/artifacts.ts | 2 +- lib/manager/npm/extract/index.ts | 2 +- lib/manager/npm/post-update/lerna.spec.ts | 2 +- lib/manager/npm/post-update/lerna.ts | 7 ++--- lib/manager/npm/post-update/npm.ts | 2 +- lib/manager/npm/post-update/pnpm.ts | 4 +-- lib/manager/npm/post-update/yarn.ts | 4 +-- lib/manager/pip_requirements/extract.spec.ts | 2 +- lib/manager/pip_requirements/extract.ts | 2 +- lib/util/exec/env.spec.ts | 2 +- lib/util/exec/env.ts | 2 +- lib/util/exec/exec.spec.ts | 2 +- lib/workers/branch/index.spec.ts | 8 +++--- lib/workers/branch/index.ts | 1 - 28 files changed, 88 insertions(+), 63 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index f6a10fbe5b3edf..bf2299cd5ec709 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -9,6 +9,8 @@ The configuration options listed in this document are applicable to self-hosted Please also see [Self-Hosted Experimental Options](./self-hosted-experimental.md). +## allowCustomCrateRegistries + ## allowPostUpgradeCommandTemplating Set to true to allow templating of post-upgrade commands. @@ -52,6 +54,8 @@ npm ci --ignore-scripts npx ng update @angular/core --from=9.0.0 --to=10.0.0 --migrateOnly --allowDirty --force ``` +## allowScripts + ## allowedPostUpgradeCommands A list of regular expressions that determine which commands in `postUpgradeTasks` are allowed to be executed. @@ -178,6 +182,13 @@ e.g. ## endpoint +## exposeAllEnv + +By default, Renovate will only pass a limited set of environment variables to package managers. +Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against. + +Setting this to true will also allow for variable substitution in `.npmrc` files. + ## force This object is used as a "force override" when you need to make sure certain configuration overrides whatever is configured in the repository. @@ -367,13 +378,4 @@ This is currently applicable to `npm` and `lerna`/`npm` only, and only used in c ## token -## trustLevel - -Setting trustLevel to `"high"` can make sense in many self-hosted cases where the bot operator trusts the content in each repository. - -Setting trustLevel=high means: - -- Child processes are run with full access to `env` -- `.npmrc` files can have environment variable substitution performed - ## username diff --git a/lib/config/__snapshots__/migration.spec.ts.snap b/lib/config/__snapshots__/migration.spec.ts.snap index 56fcc4411705de..12e971e3f69fbd 100644 --- a/lib/config/__snapshots__/migration.spec.ts.snap +++ b/lib/config/__snapshots__/migration.spec.ts.snap @@ -78,6 +78,8 @@ Array [ exports[`config/migration migrateConfig(config, parentConfig) migrates config 1`] = ` Object { "additionalBranchPrefix": "{{parentDir}}-", + "allowCustomCrateRegistries": true, + "allowScripts": true, "autodiscover": true, "automerge": false, "automergeType": "branch", @@ -94,6 +96,7 @@ Object { "dependencyDashboard": true, "dependencyDashboardTitle": "foo", "enabled": true, + "exposeAllEnv": true, "extends": Array [ "config:js-app", "config:js-lib", @@ -108,8 +111,8 @@ Object { "includeForks": true, "lockFileMaintenance": Object { "automerge": true, + "exposeAllEnv": false, "schedule": "before 5am", - "trustLevel": "low", }, "major": Object { "automerge": false, @@ -233,7 +236,6 @@ Object { "travis": Object { "enabled": true, }, - "trustLevel": "high", } `; diff --git a/lib/config/admin.ts b/lib/config/admin.ts index f6af54b53fac83..7407e91af58fd9 100644 --- a/lib/config/admin.ts +++ b/lib/config/admin.ts @@ -4,14 +4,16 @@ let adminConfig: RepoAdminConfig = {}; // TODO: once admin config work is complete, add a test to make sure this list includes all options with admin=true export const repoAdminOptions = [ + 'allowCustomCrateRegistries', 'allowPostUpgradeCommandTemplating', + 'allowScripts', 'allowedPostUpgradeCommands', 'customEnvVariables', 'dockerImagePrefix', 'dockerUser', 'dryRun', + 'exposeAllEnv', 'privateKey', - 'trustLevel', ]; export function setAdminConfig(config: RenovateConfig = {}): void { diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index 418e8f0625767d..25d9db12e36ff8 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -454,17 +454,33 @@ const options: RenovateOptions[] = [ default: false, }, { - name: 'trustLevel', + name: 'exposeAllEnv', description: - 'Set this to "high" if the bot should trust the repository owners/contents.', + 'Configure this to true to allow passing of all env variables to package managers.', admin: true, - type: 'string', - default: 'low', + type: 'boolean', + default: false, + }, + { + name: 'allowScripts', + description: + 'Configure this to true if repositories are allowed to run install scripts.', + admin: true, + type: 'boolean', + default: false, + }, + { + name: 'allowCustomCrateRegistries', + description: + 'Configure this to true if custom crate registries are allowed.', + admin: true, + type: 'boolean', + default: false, }, { name: 'ignoreScripts', description: - 'Configure this to true if trustLevel is high but you wish to skip running scripts when updating lock files.', + 'Configure this to true if allowScripts=true but you wish to skip running scripts when updating lock files.', type: 'boolean', default: false, }, diff --git a/lib/config/migration.spec.ts b/lib/config/migration.spec.ts index 176aade6904eeb..66b64df0777562 100644 --- a/lib/config/migration.spec.ts +++ b/lib/config/migration.spec.ts @@ -46,6 +46,7 @@ describe('config/migration', () => { masterIssueTitle: 'foo', gomodTidy: true, upgradeInRange: true, + trustLevel: 'high', automergeType: 'branch-push', branchName: '{{{branchPrefix}}}{{{managerBranchPrefix}}}{{{branchTopic}}}{{{baseDir}}}', diff --git a/lib/config/migration.ts b/lib/config/migration.ts index 69ad69d8eec1d9..e7189ebc211895 100644 --- a/lib/config/migration.ts +++ b/lib/config/migration.ts @@ -189,11 +189,14 @@ export function migrateConfig( migratedConfig.rebaseWhen = 'never'; } } else if (key === 'exposeEnv') { + migratedConfig.exposeAllEnv = val; delete migratedConfig.exposeEnv; - if (val === true) { - migratedConfig.trustLevel = 'high'; - } else if (val === false) { - migratedConfig.trustLevel = 'low'; + } else if (key === 'trustLevel') { + delete migratedConfig.trustLevel; + if (val === 'high') { + migratedConfig.allowCustomCrateRegistries ??= true; + migratedConfig.allowScripts ??= true; + migratedConfig.exposeAllEnv ??= true; } } else if ( key === 'branchName' && diff --git a/lib/config/types.ts b/lib/config/types.ts index d426d845071713..efb079a8f699fd 100644 --- a/lib/config/types.ts +++ b/lib/config/types.ts @@ -83,14 +83,16 @@ export interface GlobalOnlyConfig { // Config options used within the repository worker, but not user configurable // The below should contain config options where admin=true export interface RepoAdminConfig { + allowCustomCrateRegistries?: boolean; allowPostUpgradeCommandTemplating?: boolean; + allowScripts?: boolean; allowedPostUpgradeCommands?: string[]; customEnvVariables?: Record; dockerImagePrefix?: string; dockerUser?: string; dryRun?: boolean; + exposeAllEnv?: boolean; privateKey?: string | Buffer; - trustLevel?: 'low' | 'high'; } export interface LegacyAdminConfig { diff --git a/lib/datasource/crate/__snapshots__/index.spec.ts.snap b/lib/datasource/crate/__snapshots__/index.spec.ts.snap index ab4be51e18052e..fa5d5d45d2e4c0 100644 --- a/lib/datasource/crate/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/crate/__snapshots__/index.spec.ts.snap @@ -331,7 +331,7 @@ Array [ ] `; -exports[`datasource/crate getReleases refuses to clone if trustLevel is not high 1`] = `null`; +exports[`datasource/crate getReleases refuses to clone if allowCustomCrateRegistries is not true 1`] = `null`; exports[`datasource/crate getReleases returns null for 404 1`] = ` Array [ diff --git a/lib/datasource/crate/index.spec.ts b/lib/datasource/crate/index.spec.ts index 5b4c7f29538353..7cfea76071d517 100644 --- a/lib/datasource/crate/index.spec.ts +++ b/lib/datasource/crate/index.spec.ts @@ -224,7 +224,7 @@ describe('datasource/crate', () => { expect(res).toBeDefined(); expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('refuses to clone if trustLevel is not high', async () => { + it('refuses to clone if allowCustomCrateRegistries is not true', async () => { const { mockClone } = setupGitMocks(); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; @@ -239,7 +239,7 @@ describe('datasource/crate', () => { }); it('clones cloudsmith private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; const res = await getPkgReleases({ datasource, @@ -253,7 +253,7 @@ describe('datasource/crate', () => { }); it('clones other private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/testregistry'; const res = await getPkgReleases({ datasource, @@ -267,7 +267,7 @@ describe('datasource/crate', () => { }); it('clones once then reuses the cache', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await getPkgReleases({ datasource, @@ -283,7 +283,7 @@ describe('datasource/crate', () => { }); it('guards against race conditions while cloning', async () => { const { mockClone } = setupGitMocks(250); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await Promise.all([ @@ -309,7 +309,7 @@ describe('datasource/crate', () => { }); it('returns null when git clone fails', async () => { setupErrorGitMock(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; const result = await getPkgReleases({ diff --git a/lib/datasource/crate/index.ts b/lib/datasource/crate/index.ts index cce827f726b39f..44d39cb1852829 100644 --- a/lib/datasource/crate/index.ts +++ b/lib/datasource/crate/index.ts @@ -163,9 +163,9 @@ async function fetchRegistryInfo( }; if (flavor !== RegistryFlavor.CratesIo) { - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().allowCustomCrateRegistries) { logger.warn( - 'crate datasource: trustLevel=high is required for registries other than crates.io, bailing out' + 'crate datasource: allowCustomCrateRegistries=true is required for registries other than crates.io, bailing out' ); return null; } diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index 1b630c14be2635..d5091d722de3ad 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -359,7 +359,7 @@ describe(getName(__filename), () => { .reply(200, npmResponse); process.env.REGISTRY = 'https://registry.from-env.com'; process.env.RENOVATE_CACHE_NPM_MINUTES = '15'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string const npmrc = 'registry=${REGISTRY}'; const res = await getPkgReleases({ datasource, depName: 'foobar', npmrc }); @@ -368,7 +368,7 @@ describe(getName(__filename), () => { }); it('should throw error if necessary env var is not present', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string expect(() => setNpmrc('registry=${REGISTRY_MISSING}')).toThrow( Error('env-replace') diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index 186e4969726351..41fff3d27c3457 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -38,7 +38,7 @@ describe(getName(__filename), () => { }); it('sanitize _authtoken with high trust', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); process.env.TEST_TOKEN = 'test'; setNpmrc( // eslint-disable-next-line no-template-curly-in-string diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index 7fd179fe11dd6e..d5af080d35f91d 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -61,13 +61,13 @@ export function setNpmrc(input?: string): void { npmrcRaw = input; logger.debug('Setting npmrc'); npmrc = ini.parse(input.replace(/\\n/g, '\n')); - const { trustLevel } = getAdminConfig(); + const { exposeAllEnv } = getAdminConfig(); for (const [key, val] of Object.entries(npmrc)) { - if (trustLevel !== 'high') { + if (!exposeAllEnv) { sanitize(key, val); } if ( - trustLevel !== 'high' && + !exposeAllEnv && key.endsWith('registry') && val && val.includes('localhost') @@ -80,7 +80,7 @@ export function setNpmrc(input?: string): void { return; } } - if (trustLevel !== 'high') { + if (!exposeAllEnv) { return; } for (const key of Object.keys(npmrc)) { diff --git a/lib/manager/composer/artifacts.spec.ts b/lib/manager/composer/artifacts.spec.ts index d7798754387c6c..fca585b9583432 100644 --- a/lib/manager/composer/artifacts.spec.ts +++ b/lib/manager/composer/artifacts.spec.ts @@ -30,6 +30,7 @@ const config = { localDir: join('/tmp/github/some/repo'), cacheDir: join('/tmp/renovate/cache'), composerIgnorePlatformReqs: true, + ignoreScripts: false, }; const repoStatus = partial({ @@ -46,7 +47,7 @@ describe('.updateArtifacts()', () => { await setUtilConfig(config); docker.resetPrefetchedImages(); hostRules.clear(); - setAdminConfig(); + setAdminConfig({ allowScripts: false }); }); it('returns if no composer.lock found', async () => { expect( @@ -63,7 +64,7 @@ describe('.updateArtifacts()', () => { const execSnapshots = mockExecAll(exec); fs.readLocalFile.mockReturnValueOnce('Current composer.lock' as any); git.getRepoStatus.mockResolvedValue(repoStatus); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); expect( await composer.updateArtifacts({ packageFileName: 'composer.json', diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts index 9515106780c284..bffbe7510c707e 100644 --- a/lib/manager/composer/artifacts.ts +++ b/lib/manager/composer/artifacts.ts @@ -151,7 +151,7 @@ export async function updateArtifacts({ args += ' --ignore-platform-reqs'; } args += ' --no-ansi --no-interaction'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --no-scripts --no-autoloader'; } logger.debug({ cmd, args }, 'composer command'); diff --git a/lib/manager/npm/extract/index.ts b/lib/manager/npm/extract/index.ts index c8c496fb7aea8e..9207058fd348ff 100644 --- a/lib/manager/npm/extract/index.ts +++ b/lib/manager/npm/extract/index.ts @@ -107,7 +107,7 @@ export async function extractPackageFile( npmrc = npmrc.replace(/(^|\n)package-lock.*?(\n|$)/g, '\n'); } if (is.string(npmrc)) { - if (npmrc.includes('=${') && getAdminConfig().trustLevel !== 'high') { + if (npmrc.includes('=${') && !getAdminConfig().exposeAllEnv) { logger.debug('Discarding .npmrc file with variables'); ignoreNpmrcFile = true; npmrc = undefined; diff --git a/lib/manager/npm/post-update/lerna.spec.ts b/lib/manager/npm/post-update/lerna.spec.ts index 0dddb7c585fe5d..b5a596d671bbc5 100644 --- a/lib/manager/npm/post-update/lerna.spec.ts +++ b/lib/manager/npm/post-update/lerna.spec.ts @@ -109,7 +109,7 @@ describe(getName(__filename), () => { }); it('allows scripts for trust level high', async () => { const execSnapshots = mockExecAll(exec); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); const res = await lernaHelper.generateLockFiles( lernaPkgFile('npm'), 'some-dir', diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts index c2bb0bd3187e41..39b463e9991c92 100644 --- a/lib/manager/npm/post-update/lerna.ts +++ b/lib/manager/npm/post-update/lerna.ts @@ -72,10 +72,7 @@ export async function generateLockFiles( return { error: false }; } let lernaCommand = `lerna bootstrap --no-ci --ignore-scripts -- `; - if ( - getAdminConfig().trustLevel === 'high' && - config.ignoreScripts !== false - ) { + if (getAdminConfig().allowScripts && config.ignoreScripts !== false) { cmdOptions = cmdOptions.replace('--ignore-scripts ', ''); lernaCommand = lernaCommand.replace('--ignore-scripts ', ''); } @@ -96,7 +93,7 @@ export async function generateLockFiles( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts index 0025d620fe4c76..a11bce39231f08 100644 --- a/lib/manager/npm/post-update/npm.ts +++ b/lib/manager/npm/post-update/npm.ts @@ -71,7 +71,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts index 6541a412870a23..b9842631f96f53 100644 --- a/lib/manager/npm/post-update/pnpm.ts +++ b/lib/manager/npm/post-update/pnpm.ts @@ -50,7 +50,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } @@ -62,7 +62,7 @@ export async function generateLockFile( } cmd = 'pnpm'; let args = 'install --recursive --lockfile-only'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --ignore-scripts'; args += ' --ignore-pnpmfile'; } diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts index c7c2d3b1131ac4..4056d2e165544a 100644 --- a/lib/manager/npm/post-update/yarn.ts +++ b/lib/manager/npm/post-update/yarn.ts @@ -101,7 +101,7 @@ export async function generateLockFile( } else { extraEnv.YARN_HTTP_TIMEOUT = '100000'; } - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { if (isYarn1) { cmdOptions += ' --ignore-scripts'; } else { @@ -120,7 +120,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/pip_requirements/extract.spec.ts b/lib/manager/pip_requirements/extract.spec.ts index 43ead688ceb873..73771848b77f1e 100644 --- a/lib/manager/pip_requirements/extract.spec.ts +++ b/lib/manager/pip_requirements/extract.spec.ts @@ -128,7 +128,7 @@ describe('lib/manager/pip_requirements/extract', () => { }); it('should replace env vars in high trust mode', () => { process.env.PIP_TEST_TOKEN = 'its-a-secret'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); const res = extractPackageFile(requirements7, 'unused_file_name', {}); expect(res.registryUrls).toEqual([ 'https://pypi.org/pypi/', diff --git a/lib/manager/pip_requirements/extract.ts b/lib/manager/pip_requirements/extract.ts index 87e2ffaec01963..87fc491b410ce2 100644 --- a/lib/manager/pip_requirements/extract.ts +++ b/lib/manager/pip_requirements/extract.ts @@ -84,7 +84,7 @@ export function extractPackageFile( res.registryUrls = registryUrls.map((url) => { // handle the optional quotes in eg. `--extra-index-url "https://foo.bar"` const cleaned = url.replace(/^"/, '').replace(/"$/, ''); - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().exposeAllEnv) { return cleaned; } // interpolate any environment variables diff --git a/lib/util/exec/env.spec.ts b/lib/util/exec/env.spec.ts index e3a0eabc258ad3..ebc1c16900a513 100644 --- a/lib/util/exec/env.spec.ts +++ b/lib/util/exec/env.spec.ts @@ -58,7 +58,7 @@ describe('getChildProcess environment when trustlevel set to low', () => { describe('getChildProcessEnv when trustlevel set to high', () => { it('returns process.env if trustlevel set to high', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); expect(getChildProcessEnv()).toMatchObject(process.env); }); }); diff --git a/lib/util/exec/env.ts b/lib/util/exec/env.ts index 38950e4e867a95..faffd61bf81526 100644 --- a/lib/util/exec/env.ts +++ b/lib/util/exec/env.ts @@ -17,7 +17,7 @@ export function getChildProcessEnv( customEnvVars: string[] = [] ): NodeJS.ProcessEnv { const env: NodeJS.ProcessEnv = {}; - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { return { ...env, ...process.env }; } const envVars = [...basicEnvVars, ...customEnvVars]; diff --git a/lib/util/exec/exec.spec.ts b/lib/util/exec/exec.spec.ts index 3fb345ca0d1f9a..185c3b31596eb8 100644 --- a/lib/util/exec/exec.spec.ts +++ b/lib/util/exec/exec.spec.ts @@ -194,7 +194,7 @@ describe(getName(__filename), () => { maxBuffer: 10485760, }, ], - adminConfig: { trustLevel: 'high' }, + adminConfig: { exposeAllEnv: true }, }, ], diff --git a/lib/workers/branch/index.spec.ts b/lib/workers/branch/index.spec.ts index 51ff0568bcf091..a51907c79f2b9e 100644 --- a/lib/workers/branch/index.spec.ts +++ b/lib/workers/branch/index.spec.ts @@ -731,7 +731,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -809,7 +809,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^exit 1$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -878,7 +878,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: false, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); const result = await branchWorker.processBranch({ @@ -956,7 +956,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{depName}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); diff --git a/lib/workers/branch/index.ts b/lib/workers/branch/index.ts index ae4eb0ccc9573d..cc556ea418878e 100644 --- a/lib/workers/branch/index.ts +++ b/lib/workers/branch/index.ts @@ -360,7 +360,6 @@ export async function processBranch( (config.updatedPackageFiles?.length > 0 || /* ... or changes to artifacts */ config.updatedArtifacts?.length > 0) && - getAdminConfig().trustLevel === 'high' && is.nonEmptyArray(allowedPostUpgradeCommands) ) { for (const upgrade of config.upgrades) { From 2ee681f11e4730702aadfdd4684a6ddae2b2f295 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:02:54 +0200 Subject: [PATCH 05/27] feat(config): remove manager additionalBranchPrefix defaults (#9373) Resets any language or manager` additionalBranchPrefix` values to empty string. Add the `compatibility:additionalBranchPrefix` prefix to restore previous behavior. BREAKING CHANGE: Removal of default `additionalBranchPrefix` values will cause branch names to change for docker/helm/buildkite/cargo/homebrew. --- docs/usage/configuration-options.md | 2 +- docs/usage/configuration-templates.md | 3 +-- lib/config/presets/index.ts | 1 + lib/config/presets/internal/compatibility.ts | 24 ++++++++++++++++++++ lib/config/presets/internal/index.ts | 2 ++ lib/datasource/docker/index.ts | 1 - lib/datasource/helm/index.ts | 1 - lib/manager/buildkite/index.ts | 1 - lib/manager/cargo/index.ts | 1 - lib/manager/homebrew/index.ts | 1 - lib/workers/repository/updates/flatten.ts | 9 -------- 11 files changed, 29 insertions(+), 17 deletions(-) create mode 100644 lib/config/presets/internal/compatibility.ts diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md index a8f43c2a7cc12a..c31c26c3784761 100644 --- a/docs/usage/configuration-options.md +++ b/docs/usage/configuration-options.md @@ -69,7 +69,7 @@ With the above config: ## additionalBranchPrefix This value defaults to an empty string, and is typically not necessary. -Some managers populate this field for historical reasons, for example we use `docker-` for Docker branches, so they may look like `renovate/docker-ubuntu-16.x`. +Some managers previously populated this field, but they no longer do so by default. You normally don't need to configure this, but one example where it can be useful is combining with `parentDir` in monorepos to split PRs based on where the package definition is located, e.g. ```json diff --git a/docs/usage/configuration-templates.md b/docs/usage/configuration-templates.md index 10911f76f2857f..c239ac69fe898a 100644 --- a/docs/usage/configuration-templates.md +++ b/docs/usage/configuration-templates.md @@ -21,8 +21,7 @@ Most users will be happy with the default `branchPrefix` of `renovate/`, but you Say you don't want the forward slashes, in that case you would use `renovate-` as your `branchPrefix`. The onboarding PR will always use `renovate/configure`. -`additionalBranchPrefix` is optional and by default is empty for all JavaScript dependencies. -We use `docker-` for all Docker updates, branches will look like this: `renovate/docker-ubuntu-16.x`. +`additionalBranchPrefix` is optional and by default is empty. `branchTopic` depends on the package manager and upgrade type, so you will see a lot of variety. This is probably a setting you want to change yourself. diff --git a/lib/config/presets/index.ts b/lib/config/presets/index.ts index b3453affb237d6..ccfc6f58e6ae63 100644 --- a/lib/config/presets/index.ts +++ b/lib/config/presets/index.ts @@ -93,6 +93,7 @@ export function parsePreset(input: string): ParsedPreset { str = str.slice(0, str.indexOf('(')); } const presetsPackages = [ + 'compatibility', 'config', 'default', 'docker', diff --git a/lib/config/presets/internal/compatibility.ts b/lib/config/presets/internal/compatibility.ts new file mode 100644 index 00000000000000..ce1175f569fb34 --- /dev/null +++ b/lib/config/presets/internal/compatibility.ts @@ -0,0 +1,24 @@ +import { Preset } from '../types'; + +export const presets: Record = { + additionalBranchPrefix: { + buildkite: { + additionalBranchPrefix: 'buildkite-', + }, + cargo: { + additionalBranchPrefix: 'rust-', + }, + docker: { + additionalBranchPrefix: 'docker-', + }, + homebrew: { + additionalBranchPrefix: 'homebrew-', + }, + packageRules: [ + { + matchDatasources: ['helm'], + additionalBranchPrefix: 'helm-', + }, + ], + }, +}; diff --git a/lib/config/presets/internal/index.ts b/lib/config/presets/internal/index.ts index fbbdd6a790ede3..e152b9747e19d7 100644 --- a/lib/config/presets/internal/index.ts +++ b/lib/config/presets/internal/index.ts @@ -1,4 +1,5 @@ import type { Preset, PresetConfig } from '../types'; +import * as compatibilityPreset from './compatibility'; import * as configPreset from './config'; import * as defaultPreset from './default'; import * as dockerPreset from './docker'; @@ -13,6 +14,7 @@ import * as schedulePreset from './schedule'; import * as workaroundsPreset from './workarounds'; export const groups: Record> = { + compatibility: compatibilityPreset.presets, config: configPreset.presets, default: defaultPreset.presets, docker: dockerPreset.presets, diff --git a/lib/datasource/docker/index.ts b/lib/datasource/docker/index.ts index 68ee2f26561082..91f4187e94305f 100644 --- a/lib/datasource/docker/index.ts +++ b/lib/datasource/docker/index.ts @@ -26,7 +26,6 @@ export const defaultVersioning = dockerVersioning.id; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'docker-', commitMessageTopic: '{{{depName}}} Docker tag', major: { enabled: false }, commitMessageExtra: diff --git a/lib/datasource/helm/index.ts b/lib/datasource/helm/index.ts index ea1105841ac2d0..af28e7caee5fbe 100644 --- a/lib/datasource/helm/index.ts +++ b/lib/datasource/helm/index.ts @@ -17,7 +17,6 @@ export const defaultRegistryUrls = ['https://charts.helm.sh/stable']; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'helm-', commitMessageTopic: 'Helm release {{depName}}', group: { commitMessageTopic: '{{{groupName}}} Helm releases', diff --git a/lib/manager/buildkite/index.ts b/lib/manager/buildkite/index.ts index a97b1018ed28c4..d678d7fd3c206d 100644 --- a/lib/manager/buildkite/index.ts +++ b/lib/manager/buildkite/index.ts @@ -7,5 +7,4 @@ export const defaultConfig = { commitMessageTopic: 'buildkite plugin {{depName}}', commitMessageExtra: 'to {{#if isMajor}}v{{{newMajor}}}{{else}}{{{newValue}}}{{/if}}', - additionalBranchPrefix: 'buildkite-', }; diff --git a/lib/manager/cargo/index.ts b/lib/manager/cargo/index.ts index e18f8527d5244c..e91db57470e3be 100644 --- a/lib/manager/cargo/index.ts +++ b/lib/manager/cargo/index.ts @@ -10,7 +10,6 @@ export { extractPackageFile, updateArtifacts, language }; export const defaultConfig = { commitMessageTopic: 'Rust crate {{depName}}', - additionalBranchPrefix: 'rust-', fileMatch: ['(^|/)Cargo.toml$'], versioning: cargoVersioning.id, rangeStrategy: 'bump', diff --git a/lib/manager/homebrew/index.ts b/lib/manager/homebrew/index.ts index 62bb3b08a55d92..b45e932cf7f9a7 100644 --- a/lib/manager/homebrew/index.ts +++ b/lib/manager/homebrew/index.ts @@ -3,6 +3,5 @@ export { updateDependency } from './update'; export const defaultConfig = { commitMessageTopic: 'Homebrew Formula {{depName}}', - additionalBranchPrefix: 'homebrew-', fileMatch: ['^Formula/[^/]+[.]rb$'], }; diff --git a/lib/workers/repository/updates/flatten.ts b/lib/workers/repository/updates/flatten.ts index 9a195d1d3e331d..4e825084d6327d 100644 --- a/lib/workers/repository/updates/flatten.ts +++ b/lib/workers/repository/updates/flatten.ts @@ -4,7 +4,6 @@ import { getManagerConfig, mergeChildConfig, } from '../../../config'; -import { LANGUAGE_DOCKER } from '../../../constants/languages'; import { getDefaultConfig } from '../../../datasource'; import { get } from '../../../manager'; import { applyPackageRules } from '../../../util/package-rules'; @@ -27,14 +26,6 @@ export function applyUpdateConfig(input: BranchUpgradeConfig): any { .replace(/-+/, '-') .toLowerCase() : undefined; - if ( - updateConfig.language === LANGUAGE_DOCKER && - /(^|\/)node$/.exec(updateConfig.depName) && - updateConfig.depName !== 'calico/node' - ) { - updateConfig.additionalBranchPrefix = ''; - updateConfig.depNameSanitized = 'node'; - } generateBranchName(updateConfig); return updateConfig; } From ff15c91cbd37c0f72a51eb95c49f8cdb88d11895 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:05:55 +0200 Subject: [PATCH 06/27] feat: updateType=patch (#9393) Changes behavior so that patch updateType is not rewritten to minor by default. Closes #2818 BREAKING CHANGE: patch updates are not considered updateType=minor by default. --- docs/usage/configuration-options.md | 1 - docs/usage/faq.md | 5 +- lib/config/definitions.ts | 3 +- lib/config/presets/internal/group.ts | 12 ++ .../lookup/__snapshots__/index.spec.ts.snap | 110 +++++++++--------- .../repository/process/lookup/index.spec.ts | 8 +- .../repository/process/lookup/update-type.ts | 5 +- 7 files changed, 74 insertions(+), 70 deletions(-) diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md index c31c26c3784761..24b29ed98584cf 100644 --- a/docs/usage/configuration-options.md +++ b/docs/usage/configuration-options.md @@ -1517,7 +1517,6 @@ For example to apply a special label for Major updates: ## patch Add to this object if you wish to define rules that apply only to patch updates. -Only applies if `separateMinorPatch` is set to true. ## php diff --git a/docs/usage/faq.md b/docs/usage/faq.md index bcf253b27896bf..5c71756c2c5e31 100644 --- a/docs/usage/faq.md +++ b/docs/usage/faq.md @@ -208,10 +208,7 @@ To learn more read the section below. You can see in the example above that Renovate won't normally open a PR for the `snorgleborf` patch release. -There are 2 ways to tell Renovate to open a separate PR for the patch release: - -- Set `separateMinorPatch` to `true` -- Set `automerge` to the value: `"patch"` +You can tell Renovate to open a separate PR for the patch release by setting `separateMinorPatch` to `true`. In both cases, Renovate will open 3 PRs: diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index 25d9db12e36ff8..049bb00fa2b11b 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -1058,8 +1058,7 @@ const options: RenovateOptions[] = [ }, { name: 'patch', - description: - 'Configuration to apply when an update type is patch. Only applies if `separateMinorPatch` is set to true.', + description: 'Configuration to apply when an update type is patch.', stage: 'package', type: 'object', default: {}, diff --git a/lib/config/presets/internal/group.ts b/lib/config/presets/internal/group.ts index 3f9d21d16bb3fa..e4e75ef8898c6e 100644 --- a/lib/config/presets/internal/group.ts +++ b/lib/config/presets/internal/group.ts @@ -499,6 +499,9 @@ const staticGroups = { minor: { groupName: 'JS unit test packages', }, + patch: { + groupName: 'JS unit test packages', + }, }, ], }, @@ -519,6 +522,9 @@ const staticGroups = { minor: { groupName: 'unit test packages', }, + patch: { + groupName: 'unit test packages', + }, }, ], }, @@ -539,6 +545,9 @@ const staticGroups = { minor: { groupName: 'JS test packages', }, + patch: { + groupName: 'JS test packages', + }, }, ], }, @@ -559,6 +568,9 @@ const staticGroups = { minor: { groupName: 'test packages', }, + patch: { + groupName: 'test packages', + }, }, ], }, diff --git a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap index 4949a7f74b6b64..cbd11fcf390893 100644 --- a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap +++ b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap @@ -112,7 +112,7 @@ Array [ "0.9.5", "0.9.6", ], - "updateType": "minor", + "updateType": "patch", }, Object { "blockedByPin": true, @@ -705,53 +705,7 @@ Array [ "0.9.5", "0.9.6", ], - "updateType": "minor", - }, - Object { - "bucket": "major", - "currentVersion": "0.9.0", - "isSingleVersion": true, - "newMajor": 1, - "newMinor": 4, - "newValue": "1.4.1", - "newVersion": "1.4.1", - "releaseTimestamp": "2015-05-17T04:25:07.299Z", - "skippedOverVersions": Array [ - "1.0.0", - "1.0.1", - "1.1.0", - "1.1.1", - "1.1.2", - "1.2.0", - "1.2.1", - "1.3.0", - "1.4.0", - ], - "updateType": "major", - }, -] -`; - -exports[`workers/repository/process/lookup .lookupUpdates() returns minor update if separate patches not configured 1`] = ` -Array [ - Object { - "bucket": "non-major", - "currentVersion": "0.9.0", - "isSingleVersion": true, - "newMajor": 0, - "newMinor": 9, - "newValue": "0.9.7", - "newVersion": "0.9.7", - "releaseTimestamp": "2013-09-04T17:07:22.948Z", - "skippedOverVersions": Array [ - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - ], - "updateType": "minor", + "updateType": "patch", }, Object { "bucket": "major", @@ -979,6 +933,52 @@ Array [ ] `; +exports[`workers/repository/process/lookup .lookupUpdates() returns patch update even if separate patches not configured 1`] = ` +Array [ + Object { + "bucket": "non-major", + "currentVersion": "0.9.0", + "isSingleVersion": true, + "newMajor": 0, + "newMinor": 9, + "newValue": "0.9.7", + "newVersion": "0.9.7", + "releaseTimestamp": "2013-09-04T17:07:22.948Z", + "skippedOverVersions": Array [ + "0.9.1", + "0.9.2", + "0.9.3", + "0.9.4", + "0.9.5", + "0.9.6", + ], + "updateType": "patch", + }, + Object { + "bucket": "major", + "currentVersion": "0.9.0", + "isSingleVersion": true, + "newMajor": 1, + "newMinor": 4, + "newValue": "1.4.1", + "newVersion": "1.4.1", + "releaseTimestamp": "2015-05-17T04:25:07.299Z", + "skippedOverVersions": Array [ + "1.0.0", + "1.0.1", + "1.1.0", + "1.1.1", + "1.1.2", + "1.2.0", + "1.2.1", + "1.3.0", + "1.4.0", + ], + "updateType": "major", + }, +] +`; + exports[`workers/repository/process/lookup .lookupUpdates() returns patch update if separateMinorPatch 1`] = ` Array [ Object { @@ -1096,7 +1096,7 @@ Array [ "3.1.0-dev.20180809", "3.1.0-dev.20180810", ], - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1112,7 +1112,7 @@ Array [ "newValue": "2.5.17-beta.0", "newVersion": "2.5.17-beta.0", "releaseTimestamp": "2018-03-23T23:29:13.819Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1140,7 +1140,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1171,7 +1171,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1187,7 +1187,7 @@ Array [ "newValue": "3.0.1", "newVersion": "3.0.1", "releaseTimestamp": "2018-07-30T16:21:13.150Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1218,7 +1218,7 @@ Array [ "newValue": "^0.0.35", "newVersion": "0.0.35", "releaseTimestamp": "2017-04-27T16:59:06.479Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -2648,7 +2648,7 @@ Array [ "newValue": "1.0.1", "newVersion": "1.0.1", "releaseTimestamp": "2014-03-11T18:47:17.560Z", - "updateType": "minor", + "updateType": "patch", }, ] `; diff --git a/lib/workers/repository/process/lookup/index.spec.ts b/lib/workers/repository/process/lookup/index.spec.ts index fbee93dd5f69f8..59ad3eb91dd16e 100644 --- a/lib/workers/repository/process/lookup/index.spec.ts +++ b/lib/workers/repository/process/lookup/index.spec.ts @@ -186,7 +186,7 @@ describe('workers/repository/process/lookup', () => { Error(CONFIG_VALIDATION) ); }); - it('returns minor update if separate patches not configured', async () => { + it('returns patch update even if separate patches not configured', async () => { config.currentValue = '0.9.0'; config.rangeStrategy = 'pin'; config.depName = 'q'; @@ -195,8 +195,8 @@ describe('workers/repository/process/lookup', () => { const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); expect(res.updates).toHaveLength(2); - expect(res.updates[0].updateType).not.toEqual('patch'); - expect(res.updates[1].updateType).not.toEqual('patch'); + expect(res.updates[0].updateType).toEqual('patch'); + expect(res.updates[1].updateType).toEqual('major'); }); it('returns minor update if automerging both patch and minor', async () => { config.patch = { @@ -212,7 +212,7 @@ describe('workers/repository/process/lookup', () => { nock('https://registry.npmjs.org').get('/q').reply(200, qJson); const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); - expect(res.updates[0].updateType).toEqual('minor'); + expect(res.updates[0].updateType).toEqual('patch'); }); it('returns patch update if separateMinorPatch', async () => { config.separateMinorPatch = true; diff --git a/lib/workers/repository/process/lookup/update-type.ts b/lib/workers/repository/process/lookup/update-type.ts index 2ec97d4dba5011..028931a23d32ae 100644 --- a/lib/workers/repository/process/lookup/update-type.ts +++ b/lib/workers/repository/process/lookup/update-type.ts @@ -19,8 +19,5 @@ export function getUpdateType( if (versioning.getMinor(newVersion) > versioning.getMinor(currentVersion)) { return 'minor'; } - if (config.separateMinorPatch) { - return 'patch'; - } - return 'minor'; + return 'patch'; } From e5fc93ef7458f5c1da3a29a5c6b9be5706acbe53 Mon Sep 17 00:00:00 2001 From: Sebastian Poxhofer Date: Sun, 4 Apr 2021 14:48:52 +0200 Subject: [PATCH 07/27] feat(terraform): rework dep types (#9116) Improves the `depType` values returned by the terraform manager. Closes #8792 BREAKING CHANGE: Values for extracted `depType` in terraform manager have changed, please see the `terraform` manager readme for details. --- .../__snapshots__/extract.spec.ts.snap | 87 ++++++++++--------- lib/manager/terraform/extract.ts | 7 +- lib/manager/terraform/modules.ts | 6 +- lib/manager/terraform/providers.ts | 2 +- lib/manager/terraform/readme.md | 41 ++++++--- lib/manager/terraform/required-providers.ts | 8 ++ lib/manager/terraform/required-version.ts | 1 + lib/manager/terraform/resources.ts | 5 +- 8 files changed, 98 insertions(+), 59 deletions(-) diff --git a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap index 645e3106b84897..c966a632f4767c 100644 --- a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap @@ -7,7 +7,7 @@ Object { "currentValue": "1.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -15,7 +15,7 @@ Object { Object { "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -23,7 +23,7 @@ Object { Object { "datasource": "helm", "depName": "./charts/example", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -33,7 +33,7 @@ Object { "currentValue": "4.0.1", "datasource": "helm", "depName": undefined, - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -43,7 +43,7 @@ Object { "currentValue": "5.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -52,7 +52,7 @@ Object { "currentValue": "6.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -68,86 +68,86 @@ Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "next", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "tfmodule_one-v0.0.9", "datasource": "github-tags", "depName": "github.com/githubuser/myrepo", - "depType": "github", + "depType": "module", "lookupName": "githubuser/myrepo", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "0.1.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v2.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "<= 2.4.0", "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "1.28.3", "datasource": "terraform-module", "depName": "particuleio/addons/kubernetes", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "~> 1.1.0", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -156,7 +156,7 @@ Object { "currentValue": "~> 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -165,7 +165,7 @@ Object { "currentValue": "~~ 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -174,7 +174,7 @@ Object { "currentValue": ">= 1.0.0, <= 2.0.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "skipReason": "local", @@ -186,89 +186,90 @@ Object { "currentValue": "1.36.1", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=2.4", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=1.3", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "V1.9", "datasource": "terraform-provider", "depName": "newrelic", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "next", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.1", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.2", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "http://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.3", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "ssh://git@bitbucket.com/hashicorp/example", }, Object { "currentValue": ">= 2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 2.0.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 0.13", "datasource": "github-tags", "depName": "hashicorp/terraform", + "depType": "required_version", "extractVersion": "v(?.*)$", "lineNumber": 229, }, @@ -276,7 +277,7 @@ Object { "currentValue": "2.7.2", "datasource": "terraform-provider", "depName": "docker", - "depType": "terraform", + "depType": "required_provider", "registryUrls": Array [ "https://releases.hashicorp.com", ], @@ -285,34 +286,34 @@ Object { "currentValue": "2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", "lookupName": "aws", }, Object { "currentValue": "=2.27.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "invalid", - "depType": "terraform", + "depType": "required_provider", "skipReason": "unsupported-url", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/helm", }, Object { "currentValue": ">= 1.0", "datasource": "terraform-provider", "depName": "kubernetes", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/kubernetes", "registryUrls": Array [ "https://terraform.example.com", @@ -324,6 +325,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_image", "replaceString": "nginx:1.7.8", }, Object { @@ -332,6 +334,7 @@ Object { Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", "datasource": "docker", + "depType": "docker_image", "replaceString": "\${data.docker_registry_image.ubuntu.name}", "skipReason": "contains-variable", }, @@ -341,6 +344,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_container", "replaceString": "nginx:1.7.8", }, Object { @@ -352,6 +356,7 @@ Object { "currentValue": "v1", "datasource": "docker", "depName": "repo.mycompany.com:8080/foo-service", + "depType": "docker_service", "replaceString": "repo.mycompany.com:8080/foo-service:v1", }, Object { diff --git a/lib/manager/terraform/extract.ts b/lib/manager/terraform/extract.ts index 4658a80336cbe7..0048bde408dc4a 100644 --- a/lib/manager/terraform/extract.ts +++ b/lib/manager/terraform/extract.ts @@ -5,7 +5,10 @@ import { analyzeTerraformProvider, extractTerraformProvider, } from './providers'; -import { extractTerraformRequiredProviders } from './required-providers'; +import { + analyzeTerraformRequiredProvider, + extractTerraformRequiredProviders, +} from './required-providers'; import { analyseTerraformVersion, extractTerraformRequiredVersion, @@ -98,6 +101,8 @@ export function extractPackageFile(content: string): PackageFile | null { deps.forEach((dep) => { switch (dep.managerData.terraformDependencyType) { case TerraformDependencyTypes.required_providers: + analyzeTerraformRequiredProvider(dep); + break; case TerraformDependencyTypes.provider: analyzeTerraformProvider(dep); break; diff --git a/lib/manager/terraform/modules.ts b/lib/manager/terraform/modules.ts index f3336a1ab7ff09..692c120328e77f 100644 --- a/lib/manager/terraform/modules.ts +++ b/lib/manager/terraform/modules.ts @@ -30,12 +30,12 @@ export function analyseTerraformModule(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ if (githubRefMatch) { dep.lookupName = githubRefMatch.groups.project.replace(/\.git$/, ''); - dep.depType = 'github'; + dep.depType = 'module'; dep.depName = 'github.com/' + dep.lookupName; dep.currentValue = githubRefMatch.groups.tag; dep.datasource = datasourceGithubTags.id; } else if (gitTagsRefMatch) { - dep.depType = 'gitTags'; + dep.depType = 'module'; if (gitTagsRefMatch.groups.path.includes('//')) { logger.debug('Terraform module contains subdirectory'); dep.depName = gitTagsRefMatch.groups.path.split('//')[0]; @@ -56,7 +56,7 @@ export function analyseTerraformModule(dep: PackageDependency): void { if (hostnameMatch) { dep.registryUrls = [`https://${hostnameMatch.groups.hostname}`]; } - dep.depType = 'terraform'; + dep.depType = 'module'; dep.depName = moduleParts.join('/'); dep.datasource = datasourceTerraformModule.id; } diff --git a/lib/manager/terraform/providers.ts b/lib/manager/terraform/providers.ts index f49240b2e9276f..c4930fab14cfad 100644 --- a/lib/manager/terraform/providers.ts +++ b/lib/manager/terraform/providers.ts @@ -57,7 +57,7 @@ export function extractTerraformProvider( export function analyzeTerraformProvider(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ - dep.depType = 'terraform'; + dep.depType = 'provider'; dep.depName = dep.managerData.moduleName; dep.datasource = datasourceTerraformProvider.id; diff --git a/lib/manager/terraform/readme.md b/lib/manager/terraform/readme.md index 4dd83219332888..9d3138c89cb327 100644 --- a/lib/manager/terraform/readme.md +++ b/lib/manager/terraform/readme.md @@ -1,21 +1,38 @@ -Currently Terraform support is limited to Terraform registry sources and GitHub sources that include SemVer refs, e.g. like `github.com/hashicorp/example?ref=v1.0.0`. +Currently, Terraform supports renovating the following dependencies, where sub points represent hosting options of the dependencies: -Fixed versions like the following will receive a PR whenever there is a newer version available: +- modules + - GitTags + - GithubTags + - TerraformRegistry ( Public and Private ) +- providers ( deprecated in Terraform 0.13.0 ) + - TerraformRegistry ( Public and Private ) +- required_providers block ( Terraform >= 0.13.0) + - TerraformRegistry ( Public and Private ) +- required_version +- helm_release + - chart repository ( Public and Private ) +- docker\_\* + - Docker registry ( Public and Private ) -``` -module "consul" { - source = "hashicorp/consul/aws" - version = "0.0.5" - servers = 3 -} -``` - -The following _range_ constraints are also supported: +Terraform range constraints are supported: - `>= 1.2.0`: version 1.2.0 or newer - `<= 1.2.0`: version 1.2.0 or older - `~> 1.2.0`: any non-beta version >= 1.2.0 and < 1.3.0, e.g. 1.2.X - `~> 1.2`: any non-beta version >= 1.2.0 and < 2.0.0, e.g. 1.X.Y -- `>= 1.0.0`, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive +- `>= 1.0.0, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive + +For fine-grained control, e.g. to turn off only parts of this manager, there are following `depTypes` provided: + +| resource | depType | +| --------------------------- | :---------------: | +| terraform provider | provider | +| required terraform provider | required_provider | +| required terraform version | required_version | +| terraform module | module | +| helm release | helm_release | +| docker container | docker_container | +| docker image | docker_image | +| docker service | docker_service | If you need to change the versioning format, read the [versioning](https://docs.renovatebot.com/modules/versioning/) documentation to learn more. diff --git a/lib/manager/terraform/required-providers.ts b/lib/manager/terraform/required-providers.ts index 9319737a69c94f..44b1186210c23e 100644 --- a/lib/manager/terraform/required-providers.ts +++ b/lib/manager/terraform/required-providers.ts @@ -1,4 +1,5 @@ import type { PackageDependency } from '../types'; +import { analyzeTerraformProvider } from './providers'; import { ExtractionResult, TerraformDependencyTypes, @@ -72,3 +73,10 @@ export function extractTerraformRequiredProviders( } while (line.trim() !== '}'); return { lineNumber, dependencies: deps }; } + +export function analyzeTerraformRequiredProvider(dep: PackageDependency): void { + /* eslint-disable no-param-reassign */ + analyzeTerraformProvider(dep); + dep.depType = `required_provider`; + /* eslint-enable no-param-reassign */ +} diff --git a/lib/manager/terraform/required-version.ts b/lib/manager/terraform/required-version.ts index f5deb89a8b87fd..c8bb1e4dad6f32 100644 --- a/lib/manager/terraform/required-version.ts +++ b/lib/manager/terraform/required-version.ts @@ -48,6 +48,7 @@ export function extractTerraformRequiredVersion( export function analyseTerraformVersion(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ + dep.depType = 'required_version'; dep.datasource = datasourceGithubTags.id; dep.depName = 'hashicorp/terraform'; dep.extractVersion = 'v(?.*)$'; diff --git a/lib/manager/terraform/resources.ts b/lib/manager/terraform/resources.ts index 62c986261c8806..4937a8e98ef4d6 100644 --- a/lib/manager/terraform/resources.ts +++ b/lib/manager/terraform/resources.ts @@ -73,6 +73,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_container: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_container'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -81,6 +82,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_image: if (dep.managerData.name) { applyDockerDependency(dep, dep.managerData.name); + dep.depType = 'docker_image'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -89,6 +91,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_service: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_service'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -100,7 +103,7 @@ export function analyseTerraformResource( } else if (checkIfStringIsPath(dep.managerData.chart)) { dep.skipReason = SkipReason.LocalChart; } - dep.depType = 'helm'; + dep.depType = 'helm_release'; dep.registryUrls = [dep.managerData.repository]; dep.depName = dep.managerData.chart; dep.datasource = datasourceHelm.id; From bb95d9e5dbdf99f179814f445c79802a7f154a1d Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Sun, 4 Apr 2021 14:50:26 +0200 Subject: [PATCH 08/27] docs: improve sentences (#9395) --- docs/usage/self-hosted-configuration.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index bf2299cd5ec709..ec8117de5ba802 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -184,10 +184,11 @@ e.g. ## exposeAllEnv -By default, Renovate will only pass a limited set of environment variables to package managers. -Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against. +By default, Renovate only passes a limited set of environment variables to package managers. +Confidential data can be leaked if a malicious script enumerates all environment variables. +Set `exposeAllEnv` to `true` only if you have reviewed (and trust) the repositories which Renovate bot runs against. -Setting this to true will also allow for variable substitution in `.npmrc` files. +Setting this to `true` will also allow for variable substitution in `.npmrc` files. ## force From 7504640080558f129d02322e87e9c0352a9c7663 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 21:26:24 +0200 Subject: [PATCH 09/27] feat(npm): deprecate ~/.npmrc support Deprecates support for reading `.npmrc` from ~. BREAKING CHANGE: Renovate will no longer read from ~/.npmrc. Configure `npmrc` in config instead. --- lib/datasource/npm/__snapshots__/index.spec.ts.snap | 2 +- lib/datasource/npm/index.spec.ts | 2 +- lib/datasource/npm/npmrc.spec.ts | 2 +- lib/datasource/npm/npmrc.ts | 11 ++++++----- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap index e45039df17686d..2d76acab217416 100644 --- a/lib/datasource/npm/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/npm/__snapshots__/index.spec.ts.snap @@ -561,7 +561,7 @@ Array [ exports[`datasource/npm/index should use default registry if missing from npmrc 1`] = ` Object { "name": "foobar", - "registryUrl": "https://registry.npmjs.org", + "registryUrl": "https://registry.npmjs.org/", "releases": Array [ Object { "releaseTimestamp": "2018-05-06T05:21:53.000Z", diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index a4979577cf60cb..f3e654af545911 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -330,7 +330,7 @@ describe(getName(__filename), () => { setNpmrc(npmrcContent); setNpmrc(npmrcContent); setNpmrc(); - expect(getNpmrc()).toBeNull(); + expect(getNpmrc()).toEqual({}); }); it('should use default registry if missing from npmrc', async () => { diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index d340093435907f..4af2229c4fc9f8 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -52,6 +52,6 @@ describe(getName(__filename), () => { it('ignores localhost', () => { setNpmrc(`registry=http://localhost`); expect(sanitize.add).toHaveBeenCalledTimes(0); - expect(getNpmrc()).toBeNull(); + expect(getNpmrc()).toEqual({}); }); }); diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index c366b8e2a1ead3..98ad794e74f7de 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -8,9 +8,10 @@ import { getAdminConfig } from '../../config/admin'; import { logger } from '../../logger'; import { maskToken } from '../../util/mask'; import { add } from '../../util/sanitize'; +import { ensureTrailingSlash } from '../../util/url'; -let npmrc: Record | null = null; -let npmrcRaw: string; +let npmrc: Record = {}; +let npmrcRaw = ''; export type Npmrc = Record; @@ -89,8 +90,8 @@ export function setNpmrc(input?: string): void { } } else if (npmrc) { logger.debug('Resetting npmrc'); - npmrc = null; - npmrcRaw = null; + npmrc = {}; + npmrcRaw = ''; } } @@ -106,7 +107,7 @@ export function resolvePackage(packageName: string): PackageResolution { try { registryUrl = getRegistryUrl(scope, getNpmrc()); } catch (err) { - registryUrl = 'https://registry.npmjs.org'; + registryUrl = 'https://registry.npmjs.org/'; } const packageUrl = url.resolve( registryUrl, From 301fa1335fa8c3612fc01b399da47a5c67147991 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 21:43:04 +0200 Subject: [PATCH 10/27] update docs --- docs/development/local-development.md | 1 - docs/usage/private-modules.md | 16 +--------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/docs/development/local-development.md b/docs/development/local-development.md index 06de394c7a06bf..da8d7ac4678e63 100644 --- a/docs/development/local-development.md +++ b/docs/development/local-development.md @@ -75,7 +75,6 @@ The Renovate project uses the [Yarn](https://github.com/yarnpkg/yarn) package ma To ensure everything is working properly on your end, you must: -1. Make sure you don't have a local `.npmrc` file that overrides npm's default registry 1. Install all dependencies with `yarn install` 1. Make a build with `yarn build`, which should pass with no errors 1. Verify all tests pass and have 100% test coverage, by running `yarn test` diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md index 2c8e596f774dc9..de8f6e3a801f4a 100644 --- a/docs/usage/private-modules.md +++ b/docs/usage/private-modules.md @@ -33,8 +33,6 @@ The recommended approaches in order of preference are: **Self-hosted hostRules**: Configure a hostRules entry in the bot's `config.js` with the `hostType`, `hostName` and `token` specified -**Self-hosted .npmrc**: copy an `.npmrc` file to the home dir of the bot. - **Renovate App with private modules from npmjs.org**: Add an encrypted `npmToken` to your Renovate config **Renovate App with a private registry**: Add an unencrypted `npmrc` plus an encrypted `npmToken` in config @@ -66,21 +64,9 @@ module.exports = { **NOTE:** Do not use `NPM_TOKEN` as an environment variable. -### Commit .npmrc file into repository - -One approach that many projects use for private repositories is to simply check in an authenticated `.npmrc` into the repository that is then shared between all developers. -Therefore anyone running `npm install` or `yarn install` from the project root will be automatically authenticated with npm without having to distribute npm logins to every developer and make sure they've run `npm login` first before installing. - -The good news is that this works for Renovate too. -If Renovate detects a `.npmrc` or `.yarnrc` file then it will use it for its install. - -Does not work if using binarySource=docker. -_This method will be deprecated soon_ - ### Add npmrc string to Renovate config -The above solution maybe have a downside that all users of the repository (e.g. developers) will also use any `.npmrc` that is checked into the repository, instead of their own one in `~/.npmrc`. -To avoid this, you can instead add your `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this: +You can add an `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this: ```json { From 8fd9af2cbbe45cf78dd475c049064f033f1ed5c5 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 21:59:18 +0200 Subject: [PATCH 11/27] fix lint --- lib/datasource/npm/npmrc.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index ef4766acf1b77f..bfa2812dd25d6a 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -8,7 +8,6 @@ import { getAdminConfig } from '../../config/admin'; import { logger } from '../../logger'; import { maskToken } from '../../util/mask'; import { add } from '../../util/sanitize'; -import { ensureTrailingSlash } from '../../util/url'; let npmrc: Record = {}; let npmrcRaw = ''; From 229a835b35522a42e1cd7571a5235e31b98eee09 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 09:18:56 +0200 Subject: [PATCH 12/27] feat: remove RENOVATE_LEGACY_GIT_AUTHOR_EMAIL (#9389) Removes RENOVATE_LEGACY_GIT_AUTHOR_EMAIL support. Closes #9111 BREAKING CHANGE: RENOVATE_LEGACY_GIT_AUTHOR_EMAIL is no longer supported. Use `ignoredAuthors` in config instead. --- docs/usage/self-hosted-experimental.md | 5 ----- lib/util/git/index.ts | 1 - 2 files changed, 6 deletions(-) diff --git a/docs/usage/self-hosted-experimental.md b/docs/usage/self-hosted-experimental.md index 1151bd65d624ac..2f00716900c3b6 100644 --- a/docs/usage/self-hosted-experimental.md +++ b/docs/usage/self-hosted-experimental.md @@ -27,11 +27,6 @@ If set to any integer, Renovate will use this integer instead of the default npm If set to any value, Renovate will skip its default artifacts filter check in the Maven datasource. Skiping the check will speed things up, but may result in versions being returned which don't properly exist on the server. -## RENOVATE_LEGACY_GIT_AUTHOR_EMAIL - -An additional `gitAuthor` email to ignore. -This variable is deprecated: use `ignoredAuthors` instead. - ## RENOVATE_PAGINATE_ALL If set to any value, Renovate will always paginate requests to GitHub fully, instead of stopping after 10 pages. diff --git a/lib/util/git/index.ts b/lib/util/git/index.ts index 79686b17974561..2def06c69124dc 100644 --- a/lib/util/git/index.ts +++ b/lib/util/git/index.ts @@ -489,7 +489,6 @@ export async function isBranchModified(branchName: string): Promise { ).trim(); const { gitAuthorEmail } = config; if ( - lastAuthor === process.env.RENOVATE_LEGACY_GIT_AUTHOR_EMAIL || // remove in next major release lastAuthor === gitAuthorEmail || config.ignoredAuthors.some((ignoredAuthor) => lastAuthor === ignoredAuthor) ) { From 49f08daa341589a906216f11dc436907bb5ebef5 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 09:36:31 +0200 Subject: [PATCH 13/27] feat: drop NPM_TOKEN support (#9391) Removes support for NPM_TOKEN. BREAKING CHANGE: Do not use NPM_TOKEN in env to configure npm authentication. Configure hostRules instead. --- docs/usage/private-modules.md | 2 +- lib/config/presets/npm/index.spec.ts | 1 - .../npm/__snapshots__/index.spec.ts.snap | 39 ------------------- lib/datasource/npm/index.spec.ts | 16 -------- lib/datasource/npm/npmrc.spec.ts | 1 - lib/datasource/npm/npmrc.ts | 5 --- lib/manager/npm/post-update/lerna.ts | 1 - lib/manager/npm/post-update/npm.ts | 1 - lib/manager/npm/post-update/pnpm.ts | 1 - lib/manager/npm/post-update/yarn.ts | 1 - 10 files changed, 1 insertion(+), 67 deletions(-) diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md index 44d95db472515c..2c8e596f774dc9 100644 --- a/docs/usage/private-modules.md +++ b/docs/usage/private-modules.md @@ -64,7 +64,7 @@ module.exports = { }; ``` -**NOTE:** Do not use `NPM_TOKEN` as an environment variable, it's incompatible with `hostRules` and will be deprecated soon. +**NOTE:** Do not use `NPM_TOKEN` as an environment variable. ### Commit .npmrc file into repository diff --git a/lib/config/presets/npm/index.spec.ts b/lib/config/presets/npm/index.spec.ts index 8cd3601638dd68..11750dde63c657 100644 --- a/lib/config/presets/npm/index.spec.ts +++ b/lib/config/presets/npm/index.spec.ts @@ -6,7 +6,6 @@ jest.mock('registry-auth-token'); jest.mock('delay'); describe('config/presets/npm', () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); setAdminConfig(); diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap index e45039df17686d..9877b9a8d6ef70 100644 --- a/lib/datasource/npm/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/npm/__snapshots__/index.spec.ts.snap @@ -519,45 +519,6 @@ Array [ ] `; -exports[`datasource/npm/index should use NPM_TOKEN if provided 1`] = ` -Object { - "name": "@foobar/core", - "registryUrl": "https://registry.npmjs.org/", - "releases": Array [ - Object { - "releaseTimestamp": "2018-05-06T05:21:53.000Z", - "version": "0.0.1", - }, - Object { - "releaseTimestamp": "2018-05-07T05:21:53.000Z", - "version": "0.0.2", - }, - ], - "sourceDirectory": "src/a", - "sourceUrl": "https://github.com/renovateapp/dummy", - "tags": Object { - "latest": "0.0.1", - }, - "versions": Object {}, -} -`; - -exports[`datasource/npm/index should use NPM_TOKEN if provided 2`] = ` -Array [ - Object { - "headers": Object { - "accept": "application/json", - "accept-encoding": "gzip, deflate", - "authorization": "Bearer some-token", - "host": "registry.npmjs.org", - "user-agent": "https://github.com/renovatebot/renovate", - }, - "method": "GET", - "url": "https://registry.npmjs.org/@foobar%2Fcore", - }, -] -`; - exports[`datasource/npm/index should use default registry if missing from npmrc 1`] = ` Object { "name": "foobar", diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index a4979577cf60cb..1b630c14be2635 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -15,7 +15,6 @@ const registryAuthToken: jest.Mock<_registryAuthToken.NpmCredentials> = _registr let npmResponse: any; describe(getName(__filename), () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); httpMock.setup(); @@ -269,21 +268,6 @@ describe(getName(__filename), () => { expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('should use NPM_TOKEN if provided', async () => { - httpMock - .scope('https://registry.npmjs.org', { - reqheaders: { authorization: 'Bearer some-token' }, - }) - .get('/@foobar%2Fcore') - .reply(200, { ...npmResponse, name: '@foobar/core' }); - const oldToken = process.env.NPM_TOKEN; - process.env.NPM_TOKEN = 'some-token'; - const res = await getPkgReleases({ datasource, depName: '@foobar/core' }); - process.env.NPM_TOKEN = oldToken; - expect(res).toMatchSnapshot(); - expect(httpMock.getTrace()).toMatchSnapshot(); - }); - it('should use host rules by hostName if provided', async () => { hostRules.add({ hostType: 'npm', diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index d340093435907f..186e4969726351 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -9,7 +9,6 @@ const sanitize = mocked(_sanitize); describe(getName(__filename), () => { beforeEach(() => { - delete process.env.NPM_TOKEN; setNpmrc(''); setAdminConfig(); jest.resetAllMocks(); diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index c366b8e2a1ead3..7fd179fe11dd6e 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -129,11 +129,6 @@ export function resolvePackage(packageName: string): PackageResolution { { token: maskToken(authInfo.token), npmName: packageName }, 'Using auth (via npmrc) for npm lookup' ); - } else if (process.env.NPM_TOKEN && process.env.NPM_TOKEN !== 'undefined') { - logger.warn( - 'Support for NPM_TOKEN in env will be dropped in the next major release' - ); - headers.authorization = `Bearer ${process.env.NPM_TOKEN}`; } return { headers, packageUrl, registryUrl }; } diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts index 9799471ae71c6f..c2bb0bd3187e41 100644 --- a/lib/manager/npm/post-update/lerna.ts +++ b/lib/manager/npm/post-update/lerna.ts @@ -99,7 +99,6 @@ export async function generateLockFiles( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts index d3e43876605615..0025d620fe4c76 100644 --- a/lib/manager/npm/post-update/npm.ts +++ b/lib/manager/npm/post-update/npm.ts @@ -74,7 +74,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts index 7816267e786744..6541a412870a23 100644 --- a/lib/manager/npm/post-update/pnpm.ts +++ b/lib/manager/npm/post-update/pnpm.ts @@ -53,7 +53,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts index 30d75fd4efab82..c7c2d3b1131ac4 100644 --- a/lib/manager/npm/post-update/yarn.ts +++ b/lib/manager/npm/post-update/yarn.ts @@ -123,7 +123,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = From 07439a519761792451088f6ddbed1376937f8259 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 10:58:32 +0200 Subject: [PATCH 14/27] feat: remove logLevel support in config (#9390) Remove support for logLevel in config. Must be configured using LOG_LEVEL instead. Closes #8291 BREAKING CHANGE: Configure LOG_LEVEL in env and not in config or CLI --- docs/usage/self-hosted-configuration.md | 12 ------------ lib/config/definitions.ts | 7 ------- lib/config/index.ts | 11 +---------- lib/config/types.ts | 1 - 4 files changed, 1 insertion(+), 30 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index 138be9db3ca1be..f6a10fbe5b3edf 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -225,18 +225,6 @@ If left as default (null), a random short ID will be selected. ## logFileLevel -## logLevel - -We recommend that you run the Renovate bot at the debug level if you can. -Use the environment variable `LOG_LEVEL=debug` to run Renovate at the debug level. - -When you use `LOG_LEVEL=debug`, debug logging starts from the beginning of the app. -If you had configured debug logging in a file config, then the debug logging starts _after_ the file config is parsed. - -Additionally, if you configure `LOG_FORMAT=json` in env then logging will be done in JSON format instead of "pretty" format, which is usually better if you're doing any ingestion or parsing of the logs. - -Warning: Configuring `logLevel` config option or `--log-level` cli option is deprecated and will be removed in a major version. - ## onboarding Set this to `false` only if all three statements are true: diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index ecf25ed6724fac..418e8f0625767d 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -275,13 +275,6 @@ const options: RenovateOptions[] = [ admin: true, }, // Log options - { - name: 'logLevel', - description: 'Logging level. Deprecated, use `LOG_LEVEL` environment.', - stage: 'global', - type: 'string', - allowedValues: ['fatal', 'error', 'warn', 'info', 'debug', 'trace'], - }, { name: 'logFile', description: 'Log file path.', diff --git a/lib/config/index.ts b/lib/config/index.ts index df118c916d050c..ec3aa0ef6cbf71 100644 --- a/lib/config/index.ts +++ b/lib/config/index.ts @@ -1,4 +1,4 @@ -import { addStream, levels, logger, setContext } from '../logger'; +import { addStream, logger, setContext } from '../logger'; import { get, getLanguageList, getManagerList } from '../manager'; import { ensureDir, getSubDirectory, readFile } from '../util/fs'; import { ensureTrailingSlash } from '../util/url'; @@ -84,15 +84,6 @@ export async function parseConfigs( delete config.privateKeyPath; } - // Deprecated set log level: https://github.com/renovatebot/renovate/issues/8291 - // istanbul ignore if - if (config.logLevel) { - logger.warn( - 'Configuring logLevel in CLI or file is deprecated. Use LOG_LEVEL environment variable instead' - ); - levels('stdout', config.logLevel); - } - if (config.logContext) { // This only has an effect if logContext was defined via file or CLI, otherwise it would already have been detected in env setContext(config.logContext); diff --git a/lib/config/types.ts b/lib/config/types.ts index f98003293e1d49..d426d845071713 100644 --- a/lib/config/types.ts +++ b/lib/config/types.ts @@ -74,7 +74,6 @@ export interface GlobalOnlyConfig { gitPrivateKey?: string; logFile?: string; logFileLevel?: LogLevel; - logLevel?: LogLevel; prCommitsPerRunLimit?: number; privateKeyPath?: string; redisUrl?: string; From f9b9614638a05e470a7385aa15a18df98b525187 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:02:07 +0200 Subject: [PATCH 15/27] feat: split trustLevel into separate options (#9388) Removes trustLevel and replaces it with 3 other options instead. No longer necessary to set anything additional is configuring `allowedPostUpgradeCommands` BREAKING CHANGE: `trustLevel` is no longer supported and instead broken into `allowCustomCrateRegistries` , `allowScripts` , and `exposeAllEnv`. --- docs/usage/self-hosted-configuration.md | 20 +++++++------- .../__snapshots__/migration.spec.ts.snap | 6 +++-- lib/config/admin.ts | 4 ++- lib/config/definitions.ts | 26 +++++++++++++++---- lib/config/migration.spec.ts | 1 + lib/config/migration.ts | 11 +++++--- lib/config/types.ts | 4 ++- .../crate/__snapshots__/index.spec.ts.snap | 2 +- lib/datasource/crate/index.spec.ts | 12 ++++----- lib/datasource/crate/index.ts | 4 +-- lib/datasource/npm/index.spec.ts | 4 +-- lib/datasource/npm/npmrc.spec.ts | 2 +- lib/datasource/npm/npmrc.ts | 8 +++--- lib/manager/composer/artifacts.spec.ts | 5 ++-- lib/manager/composer/artifacts.ts | 2 +- lib/manager/npm/extract/index.ts | 2 +- lib/manager/npm/post-update/lerna.spec.ts | 2 +- lib/manager/npm/post-update/lerna.ts | 7 ++--- lib/manager/npm/post-update/npm.ts | 2 +- lib/manager/npm/post-update/pnpm.ts | 4 +-- lib/manager/npm/post-update/yarn.ts | 4 +-- lib/manager/pip_requirements/extract.spec.ts | 2 +- lib/manager/pip_requirements/extract.ts | 2 +- lib/util/exec/env.spec.ts | 2 +- lib/util/exec/env.ts | 2 +- lib/util/exec/exec.spec.ts | 2 +- lib/workers/branch/index.spec.ts | 8 +++--- lib/workers/branch/index.ts | 1 - 28 files changed, 88 insertions(+), 63 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index f6a10fbe5b3edf..bf2299cd5ec709 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -9,6 +9,8 @@ The configuration options listed in this document are applicable to self-hosted Please also see [Self-Hosted Experimental Options](./self-hosted-experimental.md). +## allowCustomCrateRegistries + ## allowPostUpgradeCommandTemplating Set to true to allow templating of post-upgrade commands. @@ -52,6 +54,8 @@ npm ci --ignore-scripts npx ng update @angular/core --from=9.0.0 --to=10.0.0 --migrateOnly --allowDirty --force ``` +## allowScripts + ## allowedPostUpgradeCommands A list of regular expressions that determine which commands in `postUpgradeTasks` are allowed to be executed. @@ -178,6 +182,13 @@ e.g. ## endpoint +## exposeAllEnv + +By default, Renovate will only pass a limited set of environment variables to package managers. +Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against. + +Setting this to true will also allow for variable substitution in `.npmrc` files. + ## force This object is used as a "force override" when you need to make sure certain configuration overrides whatever is configured in the repository. @@ -367,13 +378,4 @@ This is currently applicable to `npm` and `lerna`/`npm` only, and only used in c ## token -## trustLevel - -Setting trustLevel to `"high"` can make sense in many self-hosted cases where the bot operator trusts the content in each repository. - -Setting trustLevel=high means: - -- Child processes are run with full access to `env` -- `.npmrc` files can have environment variable substitution performed - ## username diff --git a/lib/config/__snapshots__/migration.spec.ts.snap b/lib/config/__snapshots__/migration.spec.ts.snap index 56fcc4411705de..12e971e3f69fbd 100644 --- a/lib/config/__snapshots__/migration.spec.ts.snap +++ b/lib/config/__snapshots__/migration.spec.ts.snap @@ -78,6 +78,8 @@ Array [ exports[`config/migration migrateConfig(config, parentConfig) migrates config 1`] = ` Object { "additionalBranchPrefix": "{{parentDir}}-", + "allowCustomCrateRegistries": true, + "allowScripts": true, "autodiscover": true, "automerge": false, "automergeType": "branch", @@ -94,6 +96,7 @@ Object { "dependencyDashboard": true, "dependencyDashboardTitle": "foo", "enabled": true, + "exposeAllEnv": true, "extends": Array [ "config:js-app", "config:js-lib", @@ -108,8 +111,8 @@ Object { "includeForks": true, "lockFileMaintenance": Object { "automerge": true, + "exposeAllEnv": false, "schedule": "before 5am", - "trustLevel": "low", }, "major": Object { "automerge": false, @@ -233,7 +236,6 @@ Object { "travis": Object { "enabled": true, }, - "trustLevel": "high", } `; diff --git a/lib/config/admin.ts b/lib/config/admin.ts index f6af54b53fac83..7407e91af58fd9 100644 --- a/lib/config/admin.ts +++ b/lib/config/admin.ts @@ -4,14 +4,16 @@ let adminConfig: RepoAdminConfig = {}; // TODO: once admin config work is complete, add a test to make sure this list includes all options with admin=true export const repoAdminOptions = [ + 'allowCustomCrateRegistries', 'allowPostUpgradeCommandTemplating', + 'allowScripts', 'allowedPostUpgradeCommands', 'customEnvVariables', 'dockerImagePrefix', 'dockerUser', 'dryRun', + 'exposeAllEnv', 'privateKey', - 'trustLevel', ]; export function setAdminConfig(config: RenovateConfig = {}): void { diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index 418e8f0625767d..25d9db12e36ff8 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -454,17 +454,33 @@ const options: RenovateOptions[] = [ default: false, }, { - name: 'trustLevel', + name: 'exposeAllEnv', description: - 'Set this to "high" if the bot should trust the repository owners/contents.', + 'Configure this to true to allow passing of all env variables to package managers.', admin: true, - type: 'string', - default: 'low', + type: 'boolean', + default: false, + }, + { + name: 'allowScripts', + description: + 'Configure this to true if repositories are allowed to run install scripts.', + admin: true, + type: 'boolean', + default: false, + }, + { + name: 'allowCustomCrateRegistries', + description: + 'Configure this to true if custom crate registries are allowed.', + admin: true, + type: 'boolean', + default: false, }, { name: 'ignoreScripts', description: - 'Configure this to true if trustLevel is high but you wish to skip running scripts when updating lock files.', + 'Configure this to true if allowScripts=true but you wish to skip running scripts when updating lock files.', type: 'boolean', default: false, }, diff --git a/lib/config/migration.spec.ts b/lib/config/migration.spec.ts index 176aade6904eeb..66b64df0777562 100644 --- a/lib/config/migration.spec.ts +++ b/lib/config/migration.spec.ts @@ -46,6 +46,7 @@ describe('config/migration', () => { masterIssueTitle: 'foo', gomodTidy: true, upgradeInRange: true, + trustLevel: 'high', automergeType: 'branch-push', branchName: '{{{branchPrefix}}}{{{managerBranchPrefix}}}{{{branchTopic}}}{{{baseDir}}}', diff --git a/lib/config/migration.ts b/lib/config/migration.ts index 69ad69d8eec1d9..e7189ebc211895 100644 --- a/lib/config/migration.ts +++ b/lib/config/migration.ts @@ -189,11 +189,14 @@ export function migrateConfig( migratedConfig.rebaseWhen = 'never'; } } else if (key === 'exposeEnv') { + migratedConfig.exposeAllEnv = val; delete migratedConfig.exposeEnv; - if (val === true) { - migratedConfig.trustLevel = 'high'; - } else if (val === false) { - migratedConfig.trustLevel = 'low'; + } else if (key === 'trustLevel') { + delete migratedConfig.trustLevel; + if (val === 'high') { + migratedConfig.allowCustomCrateRegistries ??= true; + migratedConfig.allowScripts ??= true; + migratedConfig.exposeAllEnv ??= true; } } else if ( key === 'branchName' && diff --git a/lib/config/types.ts b/lib/config/types.ts index d426d845071713..efb079a8f699fd 100644 --- a/lib/config/types.ts +++ b/lib/config/types.ts @@ -83,14 +83,16 @@ export interface GlobalOnlyConfig { // Config options used within the repository worker, but not user configurable // The below should contain config options where admin=true export interface RepoAdminConfig { + allowCustomCrateRegistries?: boolean; allowPostUpgradeCommandTemplating?: boolean; + allowScripts?: boolean; allowedPostUpgradeCommands?: string[]; customEnvVariables?: Record; dockerImagePrefix?: string; dockerUser?: string; dryRun?: boolean; + exposeAllEnv?: boolean; privateKey?: string | Buffer; - trustLevel?: 'low' | 'high'; } export interface LegacyAdminConfig { diff --git a/lib/datasource/crate/__snapshots__/index.spec.ts.snap b/lib/datasource/crate/__snapshots__/index.spec.ts.snap index ab4be51e18052e..fa5d5d45d2e4c0 100644 --- a/lib/datasource/crate/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/crate/__snapshots__/index.spec.ts.snap @@ -331,7 +331,7 @@ Array [ ] `; -exports[`datasource/crate getReleases refuses to clone if trustLevel is not high 1`] = `null`; +exports[`datasource/crate getReleases refuses to clone if allowCustomCrateRegistries is not true 1`] = `null`; exports[`datasource/crate getReleases returns null for 404 1`] = ` Array [ diff --git a/lib/datasource/crate/index.spec.ts b/lib/datasource/crate/index.spec.ts index 5b4c7f29538353..7cfea76071d517 100644 --- a/lib/datasource/crate/index.spec.ts +++ b/lib/datasource/crate/index.spec.ts @@ -224,7 +224,7 @@ describe('datasource/crate', () => { expect(res).toBeDefined(); expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('refuses to clone if trustLevel is not high', async () => { + it('refuses to clone if allowCustomCrateRegistries is not true', async () => { const { mockClone } = setupGitMocks(); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; @@ -239,7 +239,7 @@ describe('datasource/crate', () => { }); it('clones cloudsmith private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; const res = await getPkgReleases({ datasource, @@ -253,7 +253,7 @@ describe('datasource/crate', () => { }); it('clones other private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/testregistry'; const res = await getPkgReleases({ datasource, @@ -267,7 +267,7 @@ describe('datasource/crate', () => { }); it('clones once then reuses the cache', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await getPkgReleases({ datasource, @@ -283,7 +283,7 @@ describe('datasource/crate', () => { }); it('guards against race conditions while cloning', async () => { const { mockClone } = setupGitMocks(250); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await Promise.all([ @@ -309,7 +309,7 @@ describe('datasource/crate', () => { }); it('returns null when git clone fails', async () => { setupErrorGitMock(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; const result = await getPkgReleases({ diff --git a/lib/datasource/crate/index.ts b/lib/datasource/crate/index.ts index cce827f726b39f..44d39cb1852829 100644 --- a/lib/datasource/crate/index.ts +++ b/lib/datasource/crate/index.ts @@ -163,9 +163,9 @@ async function fetchRegistryInfo( }; if (flavor !== RegistryFlavor.CratesIo) { - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().allowCustomCrateRegistries) { logger.warn( - 'crate datasource: trustLevel=high is required for registries other than crates.io, bailing out' + 'crate datasource: allowCustomCrateRegistries=true is required for registries other than crates.io, bailing out' ); return null; } diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index 1b630c14be2635..d5091d722de3ad 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -359,7 +359,7 @@ describe(getName(__filename), () => { .reply(200, npmResponse); process.env.REGISTRY = 'https://registry.from-env.com'; process.env.RENOVATE_CACHE_NPM_MINUTES = '15'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string const npmrc = 'registry=${REGISTRY}'; const res = await getPkgReleases({ datasource, depName: 'foobar', npmrc }); @@ -368,7 +368,7 @@ describe(getName(__filename), () => { }); it('should throw error if necessary env var is not present', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string expect(() => setNpmrc('registry=${REGISTRY_MISSING}')).toThrow( Error('env-replace') diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index 186e4969726351..41fff3d27c3457 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -38,7 +38,7 @@ describe(getName(__filename), () => { }); it('sanitize _authtoken with high trust', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); process.env.TEST_TOKEN = 'test'; setNpmrc( // eslint-disable-next-line no-template-curly-in-string diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index 7fd179fe11dd6e..d5af080d35f91d 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -61,13 +61,13 @@ export function setNpmrc(input?: string): void { npmrcRaw = input; logger.debug('Setting npmrc'); npmrc = ini.parse(input.replace(/\\n/g, '\n')); - const { trustLevel } = getAdminConfig(); + const { exposeAllEnv } = getAdminConfig(); for (const [key, val] of Object.entries(npmrc)) { - if (trustLevel !== 'high') { + if (!exposeAllEnv) { sanitize(key, val); } if ( - trustLevel !== 'high' && + !exposeAllEnv && key.endsWith('registry') && val && val.includes('localhost') @@ -80,7 +80,7 @@ export function setNpmrc(input?: string): void { return; } } - if (trustLevel !== 'high') { + if (!exposeAllEnv) { return; } for (const key of Object.keys(npmrc)) { diff --git a/lib/manager/composer/artifacts.spec.ts b/lib/manager/composer/artifacts.spec.ts index d7798754387c6c..fca585b9583432 100644 --- a/lib/manager/composer/artifacts.spec.ts +++ b/lib/manager/composer/artifacts.spec.ts @@ -30,6 +30,7 @@ const config = { localDir: join('/tmp/github/some/repo'), cacheDir: join('/tmp/renovate/cache'), composerIgnorePlatformReqs: true, + ignoreScripts: false, }; const repoStatus = partial({ @@ -46,7 +47,7 @@ describe('.updateArtifacts()', () => { await setUtilConfig(config); docker.resetPrefetchedImages(); hostRules.clear(); - setAdminConfig(); + setAdminConfig({ allowScripts: false }); }); it('returns if no composer.lock found', async () => { expect( @@ -63,7 +64,7 @@ describe('.updateArtifacts()', () => { const execSnapshots = mockExecAll(exec); fs.readLocalFile.mockReturnValueOnce('Current composer.lock' as any); git.getRepoStatus.mockResolvedValue(repoStatus); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); expect( await composer.updateArtifacts({ packageFileName: 'composer.json', diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts index 9515106780c284..bffbe7510c707e 100644 --- a/lib/manager/composer/artifacts.ts +++ b/lib/manager/composer/artifacts.ts @@ -151,7 +151,7 @@ export async function updateArtifacts({ args += ' --ignore-platform-reqs'; } args += ' --no-ansi --no-interaction'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --no-scripts --no-autoloader'; } logger.debug({ cmd, args }, 'composer command'); diff --git a/lib/manager/npm/extract/index.ts b/lib/manager/npm/extract/index.ts index c8c496fb7aea8e..9207058fd348ff 100644 --- a/lib/manager/npm/extract/index.ts +++ b/lib/manager/npm/extract/index.ts @@ -107,7 +107,7 @@ export async function extractPackageFile( npmrc = npmrc.replace(/(^|\n)package-lock.*?(\n|$)/g, '\n'); } if (is.string(npmrc)) { - if (npmrc.includes('=${') && getAdminConfig().trustLevel !== 'high') { + if (npmrc.includes('=${') && !getAdminConfig().exposeAllEnv) { logger.debug('Discarding .npmrc file with variables'); ignoreNpmrcFile = true; npmrc = undefined; diff --git a/lib/manager/npm/post-update/lerna.spec.ts b/lib/manager/npm/post-update/lerna.spec.ts index 0dddb7c585fe5d..b5a596d671bbc5 100644 --- a/lib/manager/npm/post-update/lerna.spec.ts +++ b/lib/manager/npm/post-update/lerna.spec.ts @@ -109,7 +109,7 @@ describe(getName(__filename), () => { }); it('allows scripts for trust level high', async () => { const execSnapshots = mockExecAll(exec); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); const res = await lernaHelper.generateLockFiles( lernaPkgFile('npm'), 'some-dir', diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts index c2bb0bd3187e41..39b463e9991c92 100644 --- a/lib/manager/npm/post-update/lerna.ts +++ b/lib/manager/npm/post-update/lerna.ts @@ -72,10 +72,7 @@ export async function generateLockFiles( return { error: false }; } let lernaCommand = `lerna bootstrap --no-ci --ignore-scripts -- `; - if ( - getAdminConfig().trustLevel === 'high' && - config.ignoreScripts !== false - ) { + if (getAdminConfig().allowScripts && config.ignoreScripts !== false) { cmdOptions = cmdOptions.replace('--ignore-scripts ', ''); lernaCommand = lernaCommand.replace('--ignore-scripts ', ''); } @@ -96,7 +93,7 @@ export async function generateLockFiles( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts index 0025d620fe4c76..a11bce39231f08 100644 --- a/lib/manager/npm/post-update/npm.ts +++ b/lib/manager/npm/post-update/npm.ts @@ -71,7 +71,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts index 6541a412870a23..b9842631f96f53 100644 --- a/lib/manager/npm/post-update/pnpm.ts +++ b/lib/manager/npm/post-update/pnpm.ts @@ -50,7 +50,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } @@ -62,7 +62,7 @@ export async function generateLockFile( } cmd = 'pnpm'; let args = 'install --recursive --lockfile-only'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --ignore-scripts'; args += ' --ignore-pnpmfile'; } diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts index c7c2d3b1131ac4..4056d2e165544a 100644 --- a/lib/manager/npm/post-update/yarn.ts +++ b/lib/manager/npm/post-update/yarn.ts @@ -101,7 +101,7 @@ export async function generateLockFile( } else { extraEnv.YARN_HTTP_TIMEOUT = '100000'; } - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { if (isYarn1) { cmdOptions += ' --ignore-scripts'; } else { @@ -120,7 +120,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/pip_requirements/extract.spec.ts b/lib/manager/pip_requirements/extract.spec.ts index 43ead688ceb873..73771848b77f1e 100644 --- a/lib/manager/pip_requirements/extract.spec.ts +++ b/lib/manager/pip_requirements/extract.spec.ts @@ -128,7 +128,7 @@ describe('lib/manager/pip_requirements/extract', () => { }); it('should replace env vars in high trust mode', () => { process.env.PIP_TEST_TOKEN = 'its-a-secret'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); const res = extractPackageFile(requirements7, 'unused_file_name', {}); expect(res.registryUrls).toEqual([ 'https://pypi.org/pypi/', diff --git a/lib/manager/pip_requirements/extract.ts b/lib/manager/pip_requirements/extract.ts index 87e2ffaec01963..87fc491b410ce2 100644 --- a/lib/manager/pip_requirements/extract.ts +++ b/lib/manager/pip_requirements/extract.ts @@ -84,7 +84,7 @@ export function extractPackageFile( res.registryUrls = registryUrls.map((url) => { // handle the optional quotes in eg. `--extra-index-url "https://foo.bar"` const cleaned = url.replace(/^"/, '').replace(/"$/, ''); - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().exposeAllEnv) { return cleaned; } // interpolate any environment variables diff --git a/lib/util/exec/env.spec.ts b/lib/util/exec/env.spec.ts index e3a0eabc258ad3..ebc1c16900a513 100644 --- a/lib/util/exec/env.spec.ts +++ b/lib/util/exec/env.spec.ts @@ -58,7 +58,7 @@ describe('getChildProcess environment when trustlevel set to low', () => { describe('getChildProcessEnv when trustlevel set to high', () => { it('returns process.env if trustlevel set to high', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); expect(getChildProcessEnv()).toMatchObject(process.env); }); }); diff --git a/lib/util/exec/env.ts b/lib/util/exec/env.ts index 38950e4e867a95..faffd61bf81526 100644 --- a/lib/util/exec/env.ts +++ b/lib/util/exec/env.ts @@ -17,7 +17,7 @@ export function getChildProcessEnv( customEnvVars: string[] = [] ): NodeJS.ProcessEnv { const env: NodeJS.ProcessEnv = {}; - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { return { ...env, ...process.env }; } const envVars = [...basicEnvVars, ...customEnvVars]; diff --git a/lib/util/exec/exec.spec.ts b/lib/util/exec/exec.spec.ts index 3fb345ca0d1f9a..185c3b31596eb8 100644 --- a/lib/util/exec/exec.spec.ts +++ b/lib/util/exec/exec.spec.ts @@ -194,7 +194,7 @@ describe(getName(__filename), () => { maxBuffer: 10485760, }, ], - adminConfig: { trustLevel: 'high' }, + adminConfig: { exposeAllEnv: true }, }, ], diff --git a/lib/workers/branch/index.spec.ts b/lib/workers/branch/index.spec.ts index 51ff0568bcf091..a51907c79f2b9e 100644 --- a/lib/workers/branch/index.spec.ts +++ b/lib/workers/branch/index.spec.ts @@ -731,7 +731,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -809,7 +809,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^exit 1$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -878,7 +878,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: false, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); const result = await branchWorker.processBranch({ @@ -956,7 +956,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{depName}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); diff --git a/lib/workers/branch/index.ts b/lib/workers/branch/index.ts index ae4eb0ccc9573d..cc556ea418878e 100644 --- a/lib/workers/branch/index.ts +++ b/lib/workers/branch/index.ts @@ -360,7 +360,6 @@ export async function processBranch( (config.updatedPackageFiles?.length > 0 || /* ... or changes to artifacts */ config.updatedArtifacts?.length > 0) && - getAdminConfig().trustLevel === 'high' && is.nonEmptyArray(allowedPostUpgradeCommands) ) { for (const upgrade of config.upgrades) { From 8c19baf3bcff4b3d76f2c47a41194fb6d74cb3ef Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:02:54 +0200 Subject: [PATCH 16/27] feat(config): remove manager additionalBranchPrefix defaults (#9373) Resets any language or manager` additionalBranchPrefix` values to empty string. Add the `compatibility:additionalBranchPrefix` prefix to restore previous behavior. BREAKING CHANGE: Removal of default `additionalBranchPrefix` values will cause branch names to change for docker/helm/buildkite/cargo/homebrew. --- docs/usage/configuration-options.md | 2 +- docs/usage/configuration-templates.md | 3 +-- lib/config/presets/index.ts | 1 + lib/config/presets/internal/compatibility.ts | 24 ++++++++++++++++++++ lib/config/presets/internal/index.ts | 2 ++ lib/datasource/docker/index.ts | 1 - lib/datasource/helm/index.ts | 1 - lib/manager/buildkite/index.ts | 1 - lib/manager/cargo/index.ts | 1 - lib/manager/homebrew/index.ts | 1 - lib/workers/repository/updates/flatten.ts | 9 -------- 11 files changed, 29 insertions(+), 17 deletions(-) create mode 100644 lib/config/presets/internal/compatibility.ts diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md index a8f43c2a7cc12a..c31c26c3784761 100644 --- a/docs/usage/configuration-options.md +++ b/docs/usage/configuration-options.md @@ -69,7 +69,7 @@ With the above config: ## additionalBranchPrefix This value defaults to an empty string, and is typically not necessary. -Some managers populate this field for historical reasons, for example we use `docker-` for Docker branches, so they may look like `renovate/docker-ubuntu-16.x`. +Some managers previously populated this field, but they no longer do so by default. You normally don't need to configure this, but one example where it can be useful is combining with `parentDir` in monorepos to split PRs based on where the package definition is located, e.g. ```json diff --git a/docs/usage/configuration-templates.md b/docs/usage/configuration-templates.md index 10911f76f2857f..c239ac69fe898a 100644 --- a/docs/usage/configuration-templates.md +++ b/docs/usage/configuration-templates.md @@ -21,8 +21,7 @@ Most users will be happy with the default `branchPrefix` of `renovate/`, but you Say you don't want the forward slashes, in that case you would use `renovate-` as your `branchPrefix`. The onboarding PR will always use `renovate/configure`. -`additionalBranchPrefix` is optional and by default is empty for all JavaScript dependencies. -We use `docker-` for all Docker updates, branches will look like this: `renovate/docker-ubuntu-16.x`. +`additionalBranchPrefix` is optional and by default is empty. `branchTopic` depends on the package manager and upgrade type, so you will see a lot of variety. This is probably a setting you want to change yourself. diff --git a/lib/config/presets/index.ts b/lib/config/presets/index.ts index b3453affb237d6..ccfc6f58e6ae63 100644 --- a/lib/config/presets/index.ts +++ b/lib/config/presets/index.ts @@ -93,6 +93,7 @@ export function parsePreset(input: string): ParsedPreset { str = str.slice(0, str.indexOf('(')); } const presetsPackages = [ + 'compatibility', 'config', 'default', 'docker', diff --git a/lib/config/presets/internal/compatibility.ts b/lib/config/presets/internal/compatibility.ts new file mode 100644 index 00000000000000..ce1175f569fb34 --- /dev/null +++ b/lib/config/presets/internal/compatibility.ts @@ -0,0 +1,24 @@ +import { Preset } from '../types'; + +export const presets: Record = { + additionalBranchPrefix: { + buildkite: { + additionalBranchPrefix: 'buildkite-', + }, + cargo: { + additionalBranchPrefix: 'rust-', + }, + docker: { + additionalBranchPrefix: 'docker-', + }, + homebrew: { + additionalBranchPrefix: 'homebrew-', + }, + packageRules: [ + { + matchDatasources: ['helm'], + additionalBranchPrefix: 'helm-', + }, + ], + }, +}; diff --git a/lib/config/presets/internal/index.ts b/lib/config/presets/internal/index.ts index fbbdd6a790ede3..e152b9747e19d7 100644 --- a/lib/config/presets/internal/index.ts +++ b/lib/config/presets/internal/index.ts @@ -1,4 +1,5 @@ import type { Preset, PresetConfig } from '../types'; +import * as compatibilityPreset from './compatibility'; import * as configPreset from './config'; import * as defaultPreset from './default'; import * as dockerPreset from './docker'; @@ -13,6 +14,7 @@ import * as schedulePreset from './schedule'; import * as workaroundsPreset from './workarounds'; export const groups: Record> = { + compatibility: compatibilityPreset.presets, config: configPreset.presets, default: defaultPreset.presets, docker: dockerPreset.presets, diff --git a/lib/datasource/docker/index.ts b/lib/datasource/docker/index.ts index 5a31e90b2bc442..4cc865f62a4aab 100644 --- a/lib/datasource/docker/index.ts +++ b/lib/datasource/docker/index.ts @@ -26,7 +26,6 @@ export const defaultVersioning = dockerVersioning.id; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'docker-', commitMessageTopic: '{{{depName}}} Docker tag', major: { enabled: false }, commitMessageExtra: diff --git a/lib/datasource/helm/index.ts b/lib/datasource/helm/index.ts index ea1105841ac2d0..af28e7caee5fbe 100644 --- a/lib/datasource/helm/index.ts +++ b/lib/datasource/helm/index.ts @@ -17,7 +17,6 @@ export const defaultRegistryUrls = ['https://charts.helm.sh/stable']; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'helm-', commitMessageTopic: 'Helm release {{depName}}', group: { commitMessageTopic: '{{{groupName}}} Helm releases', diff --git a/lib/manager/buildkite/index.ts b/lib/manager/buildkite/index.ts index a97b1018ed28c4..d678d7fd3c206d 100644 --- a/lib/manager/buildkite/index.ts +++ b/lib/manager/buildkite/index.ts @@ -7,5 +7,4 @@ export const defaultConfig = { commitMessageTopic: 'buildkite plugin {{depName}}', commitMessageExtra: 'to {{#if isMajor}}v{{{newMajor}}}{{else}}{{{newValue}}}{{/if}}', - additionalBranchPrefix: 'buildkite-', }; diff --git a/lib/manager/cargo/index.ts b/lib/manager/cargo/index.ts index e18f8527d5244c..e91db57470e3be 100644 --- a/lib/manager/cargo/index.ts +++ b/lib/manager/cargo/index.ts @@ -10,7 +10,6 @@ export { extractPackageFile, updateArtifacts, language }; export const defaultConfig = { commitMessageTopic: 'Rust crate {{depName}}', - additionalBranchPrefix: 'rust-', fileMatch: ['(^|/)Cargo.toml$'], versioning: cargoVersioning.id, rangeStrategy: 'bump', diff --git a/lib/manager/homebrew/index.ts b/lib/manager/homebrew/index.ts index 62bb3b08a55d92..b45e932cf7f9a7 100644 --- a/lib/manager/homebrew/index.ts +++ b/lib/manager/homebrew/index.ts @@ -3,6 +3,5 @@ export { updateDependency } from './update'; export const defaultConfig = { commitMessageTopic: 'Homebrew Formula {{depName}}', - additionalBranchPrefix: 'homebrew-', fileMatch: ['^Formula/[^/]+[.]rb$'], }; diff --git a/lib/workers/repository/updates/flatten.ts b/lib/workers/repository/updates/flatten.ts index 9a195d1d3e331d..4e825084d6327d 100644 --- a/lib/workers/repository/updates/flatten.ts +++ b/lib/workers/repository/updates/flatten.ts @@ -4,7 +4,6 @@ import { getManagerConfig, mergeChildConfig, } from '../../../config'; -import { LANGUAGE_DOCKER } from '../../../constants/languages'; import { getDefaultConfig } from '../../../datasource'; import { get } from '../../../manager'; import { applyPackageRules } from '../../../util/package-rules'; @@ -27,14 +26,6 @@ export function applyUpdateConfig(input: BranchUpgradeConfig): any { .replace(/-+/, '-') .toLowerCase() : undefined; - if ( - updateConfig.language === LANGUAGE_DOCKER && - /(^|\/)node$/.exec(updateConfig.depName) && - updateConfig.depName !== 'calico/node' - ) { - updateConfig.additionalBranchPrefix = ''; - updateConfig.depNameSanitized = 'node'; - } generateBranchName(updateConfig); return updateConfig; } From d954ea79965f1c4dc82d757dc23e6c86adbf8b69 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:05:55 +0200 Subject: [PATCH 17/27] feat: updateType=patch (#9393) Changes behavior so that patch updateType is not rewritten to minor by default. Closes #2818 BREAKING CHANGE: patch updates are not considered updateType=minor by default. --- docs/usage/configuration-options.md | 1 - docs/usage/faq.md | 5 +- lib/config/definitions.ts | 3 +- lib/config/presets/internal/group.ts | 12 ++ .../lookup/__snapshots__/index.spec.ts.snap | 110 +++++++++--------- .../repository/process/lookup/index.spec.ts | 8 +- .../repository/process/lookup/update-type.ts | 5 +- 7 files changed, 74 insertions(+), 70 deletions(-) diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md index c31c26c3784761..24b29ed98584cf 100644 --- a/docs/usage/configuration-options.md +++ b/docs/usage/configuration-options.md @@ -1517,7 +1517,6 @@ For example to apply a special label for Major updates: ## patch Add to this object if you wish to define rules that apply only to patch updates. -Only applies if `separateMinorPatch` is set to true. ## php diff --git a/docs/usage/faq.md b/docs/usage/faq.md index bcf253b27896bf..5c71756c2c5e31 100644 --- a/docs/usage/faq.md +++ b/docs/usage/faq.md @@ -208,10 +208,7 @@ To learn more read the section below. You can see in the example above that Renovate won't normally open a PR for the `snorgleborf` patch release. -There are 2 ways to tell Renovate to open a separate PR for the patch release: - -- Set `separateMinorPatch` to `true` -- Set `automerge` to the value: `"patch"` +You can tell Renovate to open a separate PR for the patch release by setting `separateMinorPatch` to `true`. In both cases, Renovate will open 3 PRs: diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index 25d9db12e36ff8..049bb00fa2b11b 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -1058,8 +1058,7 @@ const options: RenovateOptions[] = [ }, { name: 'patch', - description: - 'Configuration to apply when an update type is patch. Only applies if `separateMinorPatch` is set to true.', + description: 'Configuration to apply when an update type is patch.', stage: 'package', type: 'object', default: {}, diff --git a/lib/config/presets/internal/group.ts b/lib/config/presets/internal/group.ts index 3f9d21d16bb3fa..e4e75ef8898c6e 100644 --- a/lib/config/presets/internal/group.ts +++ b/lib/config/presets/internal/group.ts @@ -499,6 +499,9 @@ const staticGroups = { minor: { groupName: 'JS unit test packages', }, + patch: { + groupName: 'JS unit test packages', + }, }, ], }, @@ -519,6 +522,9 @@ const staticGroups = { minor: { groupName: 'unit test packages', }, + patch: { + groupName: 'unit test packages', + }, }, ], }, @@ -539,6 +545,9 @@ const staticGroups = { minor: { groupName: 'JS test packages', }, + patch: { + groupName: 'JS test packages', + }, }, ], }, @@ -559,6 +568,9 @@ const staticGroups = { minor: { groupName: 'test packages', }, + patch: { + groupName: 'test packages', + }, }, ], }, diff --git a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap index 4949a7f74b6b64..cbd11fcf390893 100644 --- a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap +++ b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap @@ -112,7 +112,7 @@ Array [ "0.9.5", "0.9.6", ], - "updateType": "minor", + "updateType": "patch", }, Object { "blockedByPin": true, @@ -705,53 +705,7 @@ Array [ "0.9.5", "0.9.6", ], - "updateType": "minor", - }, - Object { - "bucket": "major", - "currentVersion": "0.9.0", - "isSingleVersion": true, - "newMajor": 1, - "newMinor": 4, - "newValue": "1.4.1", - "newVersion": "1.4.1", - "releaseTimestamp": "2015-05-17T04:25:07.299Z", - "skippedOverVersions": Array [ - "1.0.0", - "1.0.1", - "1.1.0", - "1.1.1", - "1.1.2", - "1.2.0", - "1.2.1", - "1.3.0", - "1.4.0", - ], - "updateType": "major", - }, -] -`; - -exports[`workers/repository/process/lookup .lookupUpdates() returns minor update if separate patches not configured 1`] = ` -Array [ - Object { - "bucket": "non-major", - "currentVersion": "0.9.0", - "isSingleVersion": true, - "newMajor": 0, - "newMinor": 9, - "newValue": "0.9.7", - "newVersion": "0.9.7", - "releaseTimestamp": "2013-09-04T17:07:22.948Z", - "skippedOverVersions": Array [ - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - ], - "updateType": "minor", + "updateType": "patch", }, Object { "bucket": "major", @@ -979,6 +933,52 @@ Array [ ] `; +exports[`workers/repository/process/lookup .lookupUpdates() returns patch update even if separate patches not configured 1`] = ` +Array [ + Object { + "bucket": "non-major", + "currentVersion": "0.9.0", + "isSingleVersion": true, + "newMajor": 0, + "newMinor": 9, + "newValue": "0.9.7", + "newVersion": "0.9.7", + "releaseTimestamp": "2013-09-04T17:07:22.948Z", + "skippedOverVersions": Array [ + "0.9.1", + "0.9.2", + "0.9.3", + "0.9.4", + "0.9.5", + "0.9.6", + ], + "updateType": "patch", + }, + Object { + "bucket": "major", + "currentVersion": "0.9.0", + "isSingleVersion": true, + "newMajor": 1, + "newMinor": 4, + "newValue": "1.4.1", + "newVersion": "1.4.1", + "releaseTimestamp": "2015-05-17T04:25:07.299Z", + "skippedOverVersions": Array [ + "1.0.0", + "1.0.1", + "1.1.0", + "1.1.1", + "1.1.2", + "1.2.0", + "1.2.1", + "1.3.0", + "1.4.0", + ], + "updateType": "major", + }, +] +`; + exports[`workers/repository/process/lookup .lookupUpdates() returns patch update if separateMinorPatch 1`] = ` Array [ Object { @@ -1096,7 +1096,7 @@ Array [ "3.1.0-dev.20180809", "3.1.0-dev.20180810", ], - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1112,7 +1112,7 @@ Array [ "newValue": "2.5.17-beta.0", "newVersion": "2.5.17-beta.0", "releaseTimestamp": "2018-03-23T23:29:13.819Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1140,7 +1140,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1171,7 +1171,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1187,7 +1187,7 @@ Array [ "newValue": "3.0.1", "newVersion": "3.0.1", "releaseTimestamp": "2018-07-30T16:21:13.150Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1218,7 +1218,7 @@ Array [ "newValue": "^0.0.35", "newVersion": "0.0.35", "releaseTimestamp": "2017-04-27T16:59:06.479Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -2648,7 +2648,7 @@ Array [ "newValue": "1.0.1", "newVersion": "1.0.1", "releaseTimestamp": "2014-03-11T18:47:17.560Z", - "updateType": "minor", + "updateType": "patch", }, ] `; diff --git a/lib/workers/repository/process/lookup/index.spec.ts b/lib/workers/repository/process/lookup/index.spec.ts index fbee93dd5f69f8..59ad3eb91dd16e 100644 --- a/lib/workers/repository/process/lookup/index.spec.ts +++ b/lib/workers/repository/process/lookup/index.spec.ts @@ -186,7 +186,7 @@ describe('workers/repository/process/lookup', () => { Error(CONFIG_VALIDATION) ); }); - it('returns minor update if separate patches not configured', async () => { + it('returns patch update even if separate patches not configured', async () => { config.currentValue = '0.9.0'; config.rangeStrategy = 'pin'; config.depName = 'q'; @@ -195,8 +195,8 @@ describe('workers/repository/process/lookup', () => { const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); expect(res.updates).toHaveLength(2); - expect(res.updates[0].updateType).not.toEqual('patch'); - expect(res.updates[1].updateType).not.toEqual('patch'); + expect(res.updates[0].updateType).toEqual('patch'); + expect(res.updates[1].updateType).toEqual('major'); }); it('returns minor update if automerging both patch and minor', async () => { config.patch = { @@ -212,7 +212,7 @@ describe('workers/repository/process/lookup', () => { nock('https://registry.npmjs.org').get('/q').reply(200, qJson); const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); - expect(res.updates[0].updateType).toEqual('minor'); + expect(res.updates[0].updateType).toEqual('patch'); }); it('returns patch update if separateMinorPatch', async () => { config.separateMinorPatch = true; diff --git a/lib/workers/repository/process/lookup/update-type.ts b/lib/workers/repository/process/lookup/update-type.ts index 2ec97d4dba5011..028931a23d32ae 100644 --- a/lib/workers/repository/process/lookup/update-type.ts +++ b/lib/workers/repository/process/lookup/update-type.ts @@ -19,8 +19,5 @@ export function getUpdateType( if (versioning.getMinor(newVersion) > versioning.getMinor(currentVersion)) { return 'minor'; } - if (config.separateMinorPatch) { - return 'patch'; - } - return 'minor'; + return 'patch'; } From d723b58ed17731b3bf208db185c72d8e14a6cd77 Mon Sep 17 00:00:00 2001 From: Sebastian Poxhofer Date: Sun, 4 Apr 2021 14:48:52 +0200 Subject: [PATCH 18/27] feat(terraform): rework dep types (#9116) Improves the `depType` values returned by the terraform manager. Closes #8792 BREAKING CHANGE: Values for extracted `depType` in terraform manager have changed, please see the `terraform` manager readme for details. --- .../__snapshots__/extract.spec.ts.snap | 87 ++++++++++--------- lib/manager/terraform/extract.ts | 7 +- lib/manager/terraform/modules.ts | 6 +- lib/manager/terraform/providers.ts | 2 +- lib/manager/terraform/readme.md | 41 ++++++--- lib/manager/terraform/required-providers.ts | 8 ++ lib/manager/terraform/required-version.ts | 1 + lib/manager/terraform/resources.ts | 5 +- 8 files changed, 98 insertions(+), 59 deletions(-) diff --git a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap index 645e3106b84897..c966a632f4767c 100644 --- a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap @@ -7,7 +7,7 @@ Object { "currentValue": "1.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -15,7 +15,7 @@ Object { Object { "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -23,7 +23,7 @@ Object { Object { "datasource": "helm", "depName": "./charts/example", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -33,7 +33,7 @@ Object { "currentValue": "4.0.1", "datasource": "helm", "depName": undefined, - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -43,7 +43,7 @@ Object { "currentValue": "5.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -52,7 +52,7 @@ Object { "currentValue": "6.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -68,86 +68,86 @@ Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "next", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "tfmodule_one-v0.0.9", "datasource": "github-tags", "depName": "github.com/githubuser/myrepo", - "depType": "github", + "depType": "module", "lookupName": "githubuser/myrepo", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "0.1.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v2.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "<= 2.4.0", "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "1.28.3", "datasource": "terraform-module", "depName": "particuleio/addons/kubernetes", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "~> 1.1.0", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -156,7 +156,7 @@ Object { "currentValue": "~> 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -165,7 +165,7 @@ Object { "currentValue": "~~ 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -174,7 +174,7 @@ Object { "currentValue": ">= 1.0.0, <= 2.0.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "skipReason": "local", @@ -186,89 +186,90 @@ Object { "currentValue": "1.36.1", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=2.4", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=1.3", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "V1.9", "datasource": "terraform-provider", "depName": "newrelic", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "next", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.1", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.2", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "http://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.3", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "ssh://git@bitbucket.com/hashicorp/example", }, Object { "currentValue": ">= 2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 2.0.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 0.13", "datasource": "github-tags", "depName": "hashicorp/terraform", + "depType": "required_version", "extractVersion": "v(?.*)$", "lineNumber": 229, }, @@ -276,7 +277,7 @@ Object { "currentValue": "2.7.2", "datasource": "terraform-provider", "depName": "docker", - "depType": "terraform", + "depType": "required_provider", "registryUrls": Array [ "https://releases.hashicorp.com", ], @@ -285,34 +286,34 @@ Object { "currentValue": "2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", "lookupName": "aws", }, Object { "currentValue": "=2.27.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "invalid", - "depType": "terraform", + "depType": "required_provider", "skipReason": "unsupported-url", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/helm", }, Object { "currentValue": ">= 1.0", "datasource": "terraform-provider", "depName": "kubernetes", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/kubernetes", "registryUrls": Array [ "https://terraform.example.com", @@ -324,6 +325,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_image", "replaceString": "nginx:1.7.8", }, Object { @@ -332,6 +334,7 @@ Object { Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", "datasource": "docker", + "depType": "docker_image", "replaceString": "\${data.docker_registry_image.ubuntu.name}", "skipReason": "contains-variable", }, @@ -341,6 +344,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_container", "replaceString": "nginx:1.7.8", }, Object { @@ -352,6 +356,7 @@ Object { "currentValue": "v1", "datasource": "docker", "depName": "repo.mycompany.com:8080/foo-service", + "depType": "docker_service", "replaceString": "repo.mycompany.com:8080/foo-service:v1", }, Object { diff --git a/lib/manager/terraform/extract.ts b/lib/manager/terraform/extract.ts index 4658a80336cbe7..0048bde408dc4a 100644 --- a/lib/manager/terraform/extract.ts +++ b/lib/manager/terraform/extract.ts @@ -5,7 +5,10 @@ import { analyzeTerraformProvider, extractTerraformProvider, } from './providers'; -import { extractTerraformRequiredProviders } from './required-providers'; +import { + analyzeTerraformRequiredProvider, + extractTerraformRequiredProviders, +} from './required-providers'; import { analyseTerraformVersion, extractTerraformRequiredVersion, @@ -98,6 +101,8 @@ export function extractPackageFile(content: string): PackageFile | null { deps.forEach((dep) => { switch (dep.managerData.terraformDependencyType) { case TerraformDependencyTypes.required_providers: + analyzeTerraformRequiredProvider(dep); + break; case TerraformDependencyTypes.provider: analyzeTerraformProvider(dep); break; diff --git a/lib/manager/terraform/modules.ts b/lib/manager/terraform/modules.ts index f3336a1ab7ff09..692c120328e77f 100644 --- a/lib/manager/terraform/modules.ts +++ b/lib/manager/terraform/modules.ts @@ -30,12 +30,12 @@ export function analyseTerraformModule(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ if (githubRefMatch) { dep.lookupName = githubRefMatch.groups.project.replace(/\.git$/, ''); - dep.depType = 'github'; + dep.depType = 'module'; dep.depName = 'github.com/' + dep.lookupName; dep.currentValue = githubRefMatch.groups.tag; dep.datasource = datasourceGithubTags.id; } else if (gitTagsRefMatch) { - dep.depType = 'gitTags'; + dep.depType = 'module'; if (gitTagsRefMatch.groups.path.includes('//')) { logger.debug('Terraform module contains subdirectory'); dep.depName = gitTagsRefMatch.groups.path.split('//')[0]; @@ -56,7 +56,7 @@ export function analyseTerraformModule(dep: PackageDependency): void { if (hostnameMatch) { dep.registryUrls = [`https://${hostnameMatch.groups.hostname}`]; } - dep.depType = 'terraform'; + dep.depType = 'module'; dep.depName = moduleParts.join('/'); dep.datasource = datasourceTerraformModule.id; } diff --git a/lib/manager/terraform/providers.ts b/lib/manager/terraform/providers.ts index f49240b2e9276f..c4930fab14cfad 100644 --- a/lib/manager/terraform/providers.ts +++ b/lib/manager/terraform/providers.ts @@ -57,7 +57,7 @@ export function extractTerraformProvider( export function analyzeTerraformProvider(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ - dep.depType = 'terraform'; + dep.depType = 'provider'; dep.depName = dep.managerData.moduleName; dep.datasource = datasourceTerraformProvider.id; diff --git a/lib/manager/terraform/readme.md b/lib/manager/terraform/readme.md index 4dd83219332888..9d3138c89cb327 100644 --- a/lib/manager/terraform/readme.md +++ b/lib/manager/terraform/readme.md @@ -1,21 +1,38 @@ -Currently Terraform support is limited to Terraform registry sources and GitHub sources that include SemVer refs, e.g. like `github.com/hashicorp/example?ref=v1.0.0`. +Currently, Terraform supports renovating the following dependencies, where sub points represent hosting options of the dependencies: -Fixed versions like the following will receive a PR whenever there is a newer version available: +- modules + - GitTags + - GithubTags + - TerraformRegistry ( Public and Private ) +- providers ( deprecated in Terraform 0.13.0 ) + - TerraformRegistry ( Public and Private ) +- required_providers block ( Terraform >= 0.13.0) + - TerraformRegistry ( Public and Private ) +- required_version +- helm_release + - chart repository ( Public and Private ) +- docker\_\* + - Docker registry ( Public and Private ) -``` -module "consul" { - source = "hashicorp/consul/aws" - version = "0.0.5" - servers = 3 -} -``` - -The following _range_ constraints are also supported: +Terraform range constraints are supported: - `>= 1.2.0`: version 1.2.0 or newer - `<= 1.2.0`: version 1.2.0 or older - `~> 1.2.0`: any non-beta version >= 1.2.0 and < 1.3.0, e.g. 1.2.X - `~> 1.2`: any non-beta version >= 1.2.0 and < 2.0.0, e.g. 1.X.Y -- `>= 1.0.0`, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive +- `>= 1.0.0, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive + +For fine-grained control, e.g. to turn off only parts of this manager, there are following `depTypes` provided: + +| resource | depType | +| --------------------------- | :---------------: | +| terraform provider | provider | +| required terraform provider | required_provider | +| required terraform version | required_version | +| terraform module | module | +| helm release | helm_release | +| docker container | docker_container | +| docker image | docker_image | +| docker service | docker_service | If you need to change the versioning format, read the [versioning](https://docs.renovatebot.com/modules/versioning/) documentation to learn more. diff --git a/lib/manager/terraform/required-providers.ts b/lib/manager/terraform/required-providers.ts index 9319737a69c94f..44b1186210c23e 100644 --- a/lib/manager/terraform/required-providers.ts +++ b/lib/manager/terraform/required-providers.ts @@ -1,4 +1,5 @@ import type { PackageDependency } from '../types'; +import { analyzeTerraformProvider } from './providers'; import { ExtractionResult, TerraformDependencyTypes, @@ -72,3 +73,10 @@ export function extractTerraformRequiredProviders( } while (line.trim() !== '}'); return { lineNumber, dependencies: deps }; } + +export function analyzeTerraformRequiredProvider(dep: PackageDependency): void { + /* eslint-disable no-param-reassign */ + analyzeTerraformProvider(dep); + dep.depType = `required_provider`; + /* eslint-enable no-param-reassign */ +} diff --git a/lib/manager/terraform/required-version.ts b/lib/manager/terraform/required-version.ts index f5deb89a8b87fd..c8bb1e4dad6f32 100644 --- a/lib/manager/terraform/required-version.ts +++ b/lib/manager/terraform/required-version.ts @@ -48,6 +48,7 @@ export function extractTerraformRequiredVersion( export function analyseTerraformVersion(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ + dep.depType = 'required_version'; dep.datasource = datasourceGithubTags.id; dep.depName = 'hashicorp/terraform'; dep.extractVersion = 'v(?.*)$'; diff --git a/lib/manager/terraform/resources.ts b/lib/manager/terraform/resources.ts index 62c986261c8806..4937a8e98ef4d6 100644 --- a/lib/manager/terraform/resources.ts +++ b/lib/manager/terraform/resources.ts @@ -73,6 +73,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_container: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_container'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -81,6 +82,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_image: if (dep.managerData.name) { applyDockerDependency(dep, dep.managerData.name); + dep.depType = 'docker_image'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -89,6 +91,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_service: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_service'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -100,7 +103,7 @@ export function analyseTerraformResource( } else if (checkIfStringIsPath(dep.managerData.chart)) { dep.skipReason = SkipReason.LocalChart; } - dep.depType = 'helm'; + dep.depType = 'helm_release'; dep.registryUrls = [dep.managerData.repository]; dep.depName = dep.managerData.chart; dep.datasource = datasourceHelm.id; From 971ae10be4cd8615610c6d410a41e618f7e8e4f0 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Sun, 4 Apr 2021 14:50:26 +0200 Subject: [PATCH 19/27] docs: improve sentences (#9395) --- docs/usage/self-hosted-configuration.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index bf2299cd5ec709..ec8117de5ba802 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -184,10 +184,11 @@ e.g. ## exposeAllEnv -By default, Renovate will only pass a limited set of environment variables to package managers. -Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against. +By default, Renovate only passes a limited set of environment variables to package managers. +Confidential data can be leaked if a malicious script enumerates all environment variables. +Set `exposeAllEnv` to `true` only if you have reviewed (and trust) the repositories which Renovate bot runs against. -Setting this to true will also allow for variable substitution in `.npmrc` files. +Setting this to `true` will also allow for variable substitution in `.npmrc` files. ## force From 4cf313c38e257395506326409551c2810c5395b6 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 09:18:56 +0200 Subject: [PATCH 20/27] feat: remove RENOVATE_LEGACY_GIT_AUTHOR_EMAIL (#9389) Removes RENOVATE_LEGACY_GIT_AUTHOR_EMAIL support. Closes #9111 BREAKING CHANGE: RENOVATE_LEGACY_GIT_AUTHOR_EMAIL is no longer supported. Use `ignoredAuthors` in config instead. --- docs/usage/self-hosted-experimental.md | 5 ----- lib/util/git/index.ts | 1 - 2 files changed, 6 deletions(-) diff --git a/docs/usage/self-hosted-experimental.md b/docs/usage/self-hosted-experimental.md index 1151bd65d624ac..2f00716900c3b6 100644 --- a/docs/usage/self-hosted-experimental.md +++ b/docs/usage/self-hosted-experimental.md @@ -27,11 +27,6 @@ If set to any integer, Renovate will use this integer instead of the default npm If set to any value, Renovate will skip its default artifacts filter check in the Maven datasource. Skiping the check will speed things up, but may result in versions being returned which don't properly exist on the server. -## RENOVATE_LEGACY_GIT_AUTHOR_EMAIL - -An additional `gitAuthor` email to ignore. -This variable is deprecated: use `ignoredAuthors` instead. - ## RENOVATE_PAGINATE_ALL If set to any value, Renovate will always paginate requests to GitHub fully, instead of stopping after 10 pages. diff --git a/lib/util/git/index.ts b/lib/util/git/index.ts index 79686b17974561..2def06c69124dc 100644 --- a/lib/util/git/index.ts +++ b/lib/util/git/index.ts @@ -489,7 +489,6 @@ export async function isBranchModified(branchName: string): Promise { ).trim(); const { gitAuthorEmail } = config; if ( - lastAuthor === process.env.RENOVATE_LEGACY_GIT_AUTHOR_EMAIL || // remove in next major release lastAuthor === gitAuthorEmail || config.ignoredAuthors.some((ignoredAuthor) => lastAuthor === ignoredAuthor) ) { From 75aca4086476b138fd2e8a95517f6304c2040320 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 09:36:31 +0200 Subject: [PATCH 21/27] feat: drop NPM_TOKEN support (#9391) Removes support for NPM_TOKEN. BREAKING CHANGE: Do not use NPM_TOKEN in env to configure npm authentication. Configure hostRules instead. --- docs/usage/private-modules.md | 2 +- lib/config/presets/npm/index.spec.ts | 1 - .../npm/__snapshots__/index.spec.ts.snap | 39 ------------------- lib/datasource/npm/index.spec.ts | 16 -------- lib/datasource/npm/npmrc.spec.ts | 1 - lib/datasource/npm/npmrc.ts | 5 --- lib/manager/npm/post-update/lerna.ts | 1 - lib/manager/npm/post-update/npm.ts | 1 - lib/manager/npm/post-update/pnpm.ts | 1 - lib/manager/npm/post-update/yarn.ts | 1 - 10 files changed, 1 insertion(+), 67 deletions(-) diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md index 44d95db472515c..2c8e596f774dc9 100644 --- a/docs/usage/private-modules.md +++ b/docs/usage/private-modules.md @@ -64,7 +64,7 @@ module.exports = { }; ``` -**NOTE:** Do not use `NPM_TOKEN` as an environment variable, it's incompatible with `hostRules` and will be deprecated soon. +**NOTE:** Do not use `NPM_TOKEN` as an environment variable. ### Commit .npmrc file into repository diff --git a/lib/config/presets/npm/index.spec.ts b/lib/config/presets/npm/index.spec.ts index 8cd3601638dd68..11750dde63c657 100644 --- a/lib/config/presets/npm/index.spec.ts +++ b/lib/config/presets/npm/index.spec.ts @@ -6,7 +6,6 @@ jest.mock('registry-auth-token'); jest.mock('delay'); describe('config/presets/npm', () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); setAdminConfig(); diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap index e45039df17686d..9877b9a8d6ef70 100644 --- a/lib/datasource/npm/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/npm/__snapshots__/index.spec.ts.snap @@ -519,45 +519,6 @@ Array [ ] `; -exports[`datasource/npm/index should use NPM_TOKEN if provided 1`] = ` -Object { - "name": "@foobar/core", - "registryUrl": "https://registry.npmjs.org/", - "releases": Array [ - Object { - "releaseTimestamp": "2018-05-06T05:21:53.000Z", - "version": "0.0.1", - }, - Object { - "releaseTimestamp": "2018-05-07T05:21:53.000Z", - "version": "0.0.2", - }, - ], - "sourceDirectory": "src/a", - "sourceUrl": "https://github.com/renovateapp/dummy", - "tags": Object { - "latest": "0.0.1", - }, - "versions": Object {}, -} -`; - -exports[`datasource/npm/index should use NPM_TOKEN if provided 2`] = ` -Array [ - Object { - "headers": Object { - "accept": "application/json", - "accept-encoding": "gzip, deflate", - "authorization": "Bearer some-token", - "host": "registry.npmjs.org", - "user-agent": "https://github.com/renovatebot/renovate", - }, - "method": "GET", - "url": "https://registry.npmjs.org/@foobar%2Fcore", - }, -] -`; - exports[`datasource/npm/index should use default registry if missing from npmrc 1`] = ` Object { "name": "foobar", diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index a4979577cf60cb..1b630c14be2635 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -15,7 +15,6 @@ const registryAuthToken: jest.Mock<_registryAuthToken.NpmCredentials> = _registr let npmResponse: any; describe(getName(__filename), () => { - delete process.env.NPM_TOKEN; beforeEach(() => { jest.resetAllMocks(); httpMock.setup(); @@ -269,21 +268,6 @@ describe(getName(__filename), () => { expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('should use NPM_TOKEN if provided', async () => { - httpMock - .scope('https://registry.npmjs.org', { - reqheaders: { authorization: 'Bearer some-token' }, - }) - .get('/@foobar%2Fcore') - .reply(200, { ...npmResponse, name: '@foobar/core' }); - const oldToken = process.env.NPM_TOKEN; - process.env.NPM_TOKEN = 'some-token'; - const res = await getPkgReleases({ datasource, depName: '@foobar/core' }); - process.env.NPM_TOKEN = oldToken; - expect(res).toMatchSnapshot(); - expect(httpMock.getTrace()).toMatchSnapshot(); - }); - it('should use host rules by hostName if provided', async () => { hostRules.add({ hostType: 'npm', diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index d340093435907f..186e4969726351 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -9,7 +9,6 @@ const sanitize = mocked(_sanitize); describe(getName(__filename), () => { beforeEach(() => { - delete process.env.NPM_TOKEN; setNpmrc(''); setAdminConfig(); jest.resetAllMocks(); diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index c366b8e2a1ead3..7fd179fe11dd6e 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -129,11 +129,6 @@ export function resolvePackage(packageName: string): PackageResolution { { token: maskToken(authInfo.token), npmName: packageName }, 'Using auth (via npmrc) for npm lookup' ); - } else if (process.env.NPM_TOKEN && process.env.NPM_TOKEN !== 'undefined') { - logger.warn( - 'Support for NPM_TOKEN in env will be dropped in the next major release' - ); - headers.authorization = `Bearer ${process.env.NPM_TOKEN}`; } return { headers, packageUrl, registryUrl }; } diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts index 9799471ae71c6f..c2bb0bd3187e41 100644 --- a/lib/manager/npm/post-update/lerna.ts +++ b/lib/manager/npm/post-update/lerna.ts @@ -99,7 +99,6 @@ export async function generateLockFiles( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts index d3e43876605615..0025d620fe4c76 100644 --- a/lib/manager/npm/post-update/npm.ts +++ b/lib/manager/npm/post-update/npm.ts @@ -74,7 +74,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts index 7816267e786744..6541a412870a23 100644 --- a/lib/manager/npm/post-update/pnpm.ts +++ b/lib/manager/npm/post-update/pnpm.ts @@ -53,7 +53,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts index 30d75fd4efab82..c7c2d3b1131ac4 100644 --- a/lib/manager/npm/post-update/yarn.ts +++ b/lib/manager/npm/post-update/yarn.ts @@ -123,7 +123,6 @@ export async function generateLockFile( if (getAdminConfig().trustLevel === 'high') { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; - execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN; } if (config.dockerMapDotfiles) { const homeDir = From 070136f6fece8b3c7799d06a9ad525d1e98e7c45 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 10:58:32 +0200 Subject: [PATCH 22/27] feat: remove logLevel support in config (#9390) Remove support for logLevel in config. Must be configured using LOG_LEVEL instead. Closes #8291 BREAKING CHANGE: Configure LOG_LEVEL in env and not in config or CLI --- docs/usage/self-hosted-configuration.md | 12 ------------ lib/config/definitions.ts | 7 ------- lib/config/index.ts | 11 +---------- lib/config/types.ts | 1 - 4 files changed, 1 insertion(+), 30 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index 138be9db3ca1be..f6a10fbe5b3edf 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -225,18 +225,6 @@ If left as default (null), a random short ID will be selected. ## logFileLevel -## logLevel - -We recommend that you run the Renovate bot at the debug level if you can. -Use the environment variable `LOG_LEVEL=debug` to run Renovate at the debug level. - -When you use `LOG_LEVEL=debug`, debug logging starts from the beginning of the app. -If you had configured debug logging in a file config, then the debug logging starts _after_ the file config is parsed. - -Additionally, if you configure `LOG_FORMAT=json` in env then logging will be done in JSON format instead of "pretty" format, which is usually better if you're doing any ingestion or parsing of the logs. - -Warning: Configuring `logLevel` config option or `--log-level` cli option is deprecated and will be removed in a major version. - ## onboarding Set this to `false` only if all three statements are true: diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index ecf25ed6724fac..418e8f0625767d 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -275,13 +275,6 @@ const options: RenovateOptions[] = [ admin: true, }, // Log options - { - name: 'logLevel', - description: 'Logging level. Deprecated, use `LOG_LEVEL` environment.', - stage: 'global', - type: 'string', - allowedValues: ['fatal', 'error', 'warn', 'info', 'debug', 'trace'], - }, { name: 'logFile', description: 'Log file path.', diff --git a/lib/config/index.ts b/lib/config/index.ts index df118c916d050c..ec3aa0ef6cbf71 100644 --- a/lib/config/index.ts +++ b/lib/config/index.ts @@ -1,4 +1,4 @@ -import { addStream, levels, logger, setContext } from '../logger'; +import { addStream, logger, setContext } from '../logger'; import { get, getLanguageList, getManagerList } from '../manager'; import { ensureDir, getSubDirectory, readFile } from '../util/fs'; import { ensureTrailingSlash } from '../util/url'; @@ -84,15 +84,6 @@ export async function parseConfigs( delete config.privateKeyPath; } - // Deprecated set log level: https://github.com/renovatebot/renovate/issues/8291 - // istanbul ignore if - if (config.logLevel) { - logger.warn( - 'Configuring logLevel in CLI or file is deprecated. Use LOG_LEVEL environment variable instead' - ); - levels('stdout', config.logLevel); - } - if (config.logContext) { // This only has an effect if logContext was defined via file or CLI, otherwise it would already have been detected in env setContext(config.logContext); diff --git a/lib/config/types.ts b/lib/config/types.ts index f98003293e1d49..d426d845071713 100644 --- a/lib/config/types.ts +++ b/lib/config/types.ts @@ -74,7 +74,6 @@ export interface GlobalOnlyConfig { gitPrivateKey?: string; logFile?: string; logFileLevel?: LogLevel; - logLevel?: LogLevel; prCommitsPerRunLimit?: number; privateKeyPath?: string; redisUrl?: string; From ed3595ea2ad728bf490c1230b9c6469e86addfec Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:02:07 +0200 Subject: [PATCH 23/27] feat: split trustLevel into separate options (#9388) Removes trustLevel and replaces it with 3 other options instead. No longer necessary to set anything additional is configuring `allowedPostUpgradeCommands` BREAKING CHANGE: `trustLevel` is no longer supported and instead broken into `allowCustomCrateRegistries` , `allowScripts` , and `exposeAllEnv`. --- docs/usage/self-hosted-configuration.md | 20 +++++++------- .../__snapshots__/migration.spec.ts.snap | 6 +++-- lib/config/admin.ts | 4 ++- lib/config/definitions.ts | 26 +++++++++++++++---- lib/config/migration.spec.ts | 1 + lib/config/migration.ts | 11 +++++--- lib/config/types.ts | 4 ++- .../crate/__snapshots__/index.spec.ts.snap | 2 +- lib/datasource/crate/index.spec.ts | 12 ++++----- lib/datasource/crate/index.ts | 4 +-- lib/datasource/npm/index.spec.ts | 4 +-- lib/datasource/npm/npmrc.spec.ts | 2 +- lib/datasource/npm/npmrc.ts | 8 +++--- lib/manager/composer/artifacts.spec.ts | 5 ++-- lib/manager/composer/artifacts.ts | 2 +- lib/manager/npm/extract/index.ts | 2 +- lib/manager/npm/post-update/lerna.spec.ts | 2 +- lib/manager/npm/post-update/lerna.ts | 7 ++--- lib/manager/npm/post-update/npm.ts | 2 +- lib/manager/npm/post-update/pnpm.ts | 4 +-- lib/manager/npm/post-update/yarn.ts | 4 +-- lib/manager/pip_requirements/extract.spec.ts | 2 +- lib/manager/pip_requirements/extract.ts | 2 +- lib/util/exec/env.spec.ts | 2 +- lib/util/exec/env.ts | 2 +- lib/util/exec/exec.spec.ts | 2 +- lib/workers/branch/index.spec.ts | 8 +++--- lib/workers/branch/index.ts | 1 - 28 files changed, 88 insertions(+), 63 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index f6a10fbe5b3edf..bf2299cd5ec709 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -9,6 +9,8 @@ The configuration options listed in this document are applicable to self-hosted Please also see [Self-Hosted Experimental Options](./self-hosted-experimental.md). +## allowCustomCrateRegistries + ## allowPostUpgradeCommandTemplating Set to true to allow templating of post-upgrade commands. @@ -52,6 +54,8 @@ npm ci --ignore-scripts npx ng update @angular/core --from=9.0.0 --to=10.0.0 --migrateOnly --allowDirty --force ``` +## allowScripts + ## allowedPostUpgradeCommands A list of regular expressions that determine which commands in `postUpgradeTasks` are allowed to be executed. @@ -178,6 +182,13 @@ e.g. ## endpoint +## exposeAllEnv + +By default, Renovate will only pass a limited set of environment variables to package managers. +Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against. + +Setting this to true will also allow for variable substitution in `.npmrc` files. + ## force This object is used as a "force override" when you need to make sure certain configuration overrides whatever is configured in the repository. @@ -367,13 +378,4 @@ This is currently applicable to `npm` and `lerna`/`npm` only, and only used in c ## token -## trustLevel - -Setting trustLevel to `"high"` can make sense in many self-hosted cases where the bot operator trusts the content in each repository. - -Setting trustLevel=high means: - -- Child processes are run with full access to `env` -- `.npmrc` files can have environment variable substitution performed - ## username diff --git a/lib/config/__snapshots__/migration.spec.ts.snap b/lib/config/__snapshots__/migration.spec.ts.snap index 56fcc4411705de..12e971e3f69fbd 100644 --- a/lib/config/__snapshots__/migration.spec.ts.snap +++ b/lib/config/__snapshots__/migration.spec.ts.snap @@ -78,6 +78,8 @@ Array [ exports[`config/migration migrateConfig(config, parentConfig) migrates config 1`] = ` Object { "additionalBranchPrefix": "{{parentDir}}-", + "allowCustomCrateRegistries": true, + "allowScripts": true, "autodiscover": true, "automerge": false, "automergeType": "branch", @@ -94,6 +96,7 @@ Object { "dependencyDashboard": true, "dependencyDashboardTitle": "foo", "enabled": true, + "exposeAllEnv": true, "extends": Array [ "config:js-app", "config:js-lib", @@ -108,8 +111,8 @@ Object { "includeForks": true, "lockFileMaintenance": Object { "automerge": true, + "exposeAllEnv": false, "schedule": "before 5am", - "trustLevel": "low", }, "major": Object { "automerge": false, @@ -233,7 +236,6 @@ Object { "travis": Object { "enabled": true, }, - "trustLevel": "high", } `; diff --git a/lib/config/admin.ts b/lib/config/admin.ts index f6af54b53fac83..7407e91af58fd9 100644 --- a/lib/config/admin.ts +++ b/lib/config/admin.ts @@ -4,14 +4,16 @@ let adminConfig: RepoAdminConfig = {}; // TODO: once admin config work is complete, add a test to make sure this list includes all options with admin=true export const repoAdminOptions = [ + 'allowCustomCrateRegistries', 'allowPostUpgradeCommandTemplating', + 'allowScripts', 'allowedPostUpgradeCommands', 'customEnvVariables', 'dockerImagePrefix', 'dockerUser', 'dryRun', + 'exposeAllEnv', 'privateKey', - 'trustLevel', ]; export function setAdminConfig(config: RenovateConfig = {}): void { diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index 418e8f0625767d..25d9db12e36ff8 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -454,17 +454,33 @@ const options: RenovateOptions[] = [ default: false, }, { - name: 'trustLevel', + name: 'exposeAllEnv', description: - 'Set this to "high" if the bot should trust the repository owners/contents.', + 'Configure this to true to allow passing of all env variables to package managers.', admin: true, - type: 'string', - default: 'low', + type: 'boolean', + default: false, + }, + { + name: 'allowScripts', + description: + 'Configure this to true if repositories are allowed to run install scripts.', + admin: true, + type: 'boolean', + default: false, + }, + { + name: 'allowCustomCrateRegistries', + description: + 'Configure this to true if custom crate registries are allowed.', + admin: true, + type: 'boolean', + default: false, }, { name: 'ignoreScripts', description: - 'Configure this to true if trustLevel is high but you wish to skip running scripts when updating lock files.', + 'Configure this to true if allowScripts=true but you wish to skip running scripts when updating lock files.', type: 'boolean', default: false, }, diff --git a/lib/config/migration.spec.ts b/lib/config/migration.spec.ts index 176aade6904eeb..66b64df0777562 100644 --- a/lib/config/migration.spec.ts +++ b/lib/config/migration.spec.ts @@ -46,6 +46,7 @@ describe('config/migration', () => { masterIssueTitle: 'foo', gomodTidy: true, upgradeInRange: true, + trustLevel: 'high', automergeType: 'branch-push', branchName: '{{{branchPrefix}}}{{{managerBranchPrefix}}}{{{branchTopic}}}{{{baseDir}}}', diff --git a/lib/config/migration.ts b/lib/config/migration.ts index 69ad69d8eec1d9..e7189ebc211895 100644 --- a/lib/config/migration.ts +++ b/lib/config/migration.ts @@ -189,11 +189,14 @@ export function migrateConfig( migratedConfig.rebaseWhen = 'never'; } } else if (key === 'exposeEnv') { + migratedConfig.exposeAllEnv = val; delete migratedConfig.exposeEnv; - if (val === true) { - migratedConfig.trustLevel = 'high'; - } else if (val === false) { - migratedConfig.trustLevel = 'low'; + } else if (key === 'trustLevel') { + delete migratedConfig.trustLevel; + if (val === 'high') { + migratedConfig.allowCustomCrateRegistries ??= true; + migratedConfig.allowScripts ??= true; + migratedConfig.exposeAllEnv ??= true; } } else if ( key === 'branchName' && diff --git a/lib/config/types.ts b/lib/config/types.ts index d426d845071713..efb079a8f699fd 100644 --- a/lib/config/types.ts +++ b/lib/config/types.ts @@ -83,14 +83,16 @@ export interface GlobalOnlyConfig { // Config options used within the repository worker, but not user configurable // The below should contain config options where admin=true export interface RepoAdminConfig { + allowCustomCrateRegistries?: boolean; allowPostUpgradeCommandTemplating?: boolean; + allowScripts?: boolean; allowedPostUpgradeCommands?: string[]; customEnvVariables?: Record; dockerImagePrefix?: string; dockerUser?: string; dryRun?: boolean; + exposeAllEnv?: boolean; privateKey?: string | Buffer; - trustLevel?: 'low' | 'high'; } export interface LegacyAdminConfig { diff --git a/lib/datasource/crate/__snapshots__/index.spec.ts.snap b/lib/datasource/crate/__snapshots__/index.spec.ts.snap index ab4be51e18052e..fa5d5d45d2e4c0 100644 --- a/lib/datasource/crate/__snapshots__/index.spec.ts.snap +++ b/lib/datasource/crate/__snapshots__/index.spec.ts.snap @@ -331,7 +331,7 @@ Array [ ] `; -exports[`datasource/crate getReleases refuses to clone if trustLevel is not high 1`] = `null`; +exports[`datasource/crate getReleases refuses to clone if allowCustomCrateRegistries is not true 1`] = `null`; exports[`datasource/crate getReleases returns null for 404 1`] = ` Array [ diff --git a/lib/datasource/crate/index.spec.ts b/lib/datasource/crate/index.spec.ts index 5b4c7f29538353..7cfea76071d517 100644 --- a/lib/datasource/crate/index.spec.ts +++ b/lib/datasource/crate/index.spec.ts @@ -224,7 +224,7 @@ describe('datasource/crate', () => { expect(res).toBeDefined(); expect(httpMock.getTrace()).toMatchSnapshot(); }); - it('refuses to clone if trustLevel is not high', async () => { + it('refuses to clone if allowCustomCrateRegistries is not true', async () => { const { mockClone } = setupGitMocks(); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; @@ -239,7 +239,7 @@ describe('datasource/crate', () => { }); it('clones cloudsmith private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git'; const res = await getPkgReleases({ datasource, @@ -253,7 +253,7 @@ describe('datasource/crate', () => { }); it('clones other private registry', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/testregistry'; const res = await getPkgReleases({ datasource, @@ -267,7 +267,7 @@ describe('datasource/crate', () => { }); it('clones once then reuses the cache', async () => { const { mockClone } = setupGitMocks(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await getPkgReleases({ datasource, @@ -283,7 +283,7 @@ describe('datasource/crate', () => { }); it('guards against race conditions while cloning', async () => { const { mockClone } = setupGitMocks(250); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; await Promise.all([ @@ -309,7 +309,7 @@ describe('datasource/crate', () => { }); it('returns null when git clone fails', async () => { setupErrorGitMock(); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowCustomCrateRegistries: true }); const url = 'https://github.com/mcorbin/othertestregistry'; const result = await getPkgReleases({ diff --git a/lib/datasource/crate/index.ts b/lib/datasource/crate/index.ts index cce827f726b39f..44d39cb1852829 100644 --- a/lib/datasource/crate/index.ts +++ b/lib/datasource/crate/index.ts @@ -163,9 +163,9 @@ async function fetchRegistryInfo( }; if (flavor !== RegistryFlavor.CratesIo) { - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().allowCustomCrateRegistries) { logger.warn( - 'crate datasource: trustLevel=high is required for registries other than crates.io, bailing out' + 'crate datasource: allowCustomCrateRegistries=true is required for registries other than crates.io, bailing out' ); return null; } diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts index 1b630c14be2635..d5091d722de3ad 100644 --- a/lib/datasource/npm/index.spec.ts +++ b/lib/datasource/npm/index.spec.ts @@ -359,7 +359,7 @@ describe(getName(__filename), () => { .reply(200, npmResponse); process.env.REGISTRY = 'https://registry.from-env.com'; process.env.RENOVATE_CACHE_NPM_MINUTES = '15'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string const npmrc = 'registry=${REGISTRY}'; const res = await getPkgReleases({ datasource, depName: 'foobar', npmrc }); @@ -368,7 +368,7 @@ describe(getName(__filename), () => { }); it('should throw error if necessary env var is not present', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); // eslint-disable-next-line no-template-curly-in-string expect(() => setNpmrc('registry=${REGISTRY_MISSING}')).toThrow( Error('env-replace') diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts index 186e4969726351..41fff3d27c3457 100644 --- a/lib/datasource/npm/npmrc.spec.ts +++ b/lib/datasource/npm/npmrc.spec.ts @@ -38,7 +38,7 @@ describe(getName(__filename), () => { }); it('sanitize _authtoken with high trust', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); process.env.TEST_TOKEN = 'test'; setNpmrc( // eslint-disable-next-line no-template-curly-in-string diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts index 7fd179fe11dd6e..d5af080d35f91d 100644 --- a/lib/datasource/npm/npmrc.ts +++ b/lib/datasource/npm/npmrc.ts @@ -61,13 +61,13 @@ export function setNpmrc(input?: string): void { npmrcRaw = input; logger.debug('Setting npmrc'); npmrc = ini.parse(input.replace(/\\n/g, '\n')); - const { trustLevel } = getAdminConfig(); + const { exposeAllEnv } = getAdminConfig(); for (const [key, val] of Object.entries(npmrc)) { - if (trustLevel !== 'high') { + if (!exposeAllEnv) { sanitize(key, val); } if ( - trustLevel !== 'high' && + !exposeAllEnv && key.endsWith('registry') && val && val.includes('localhost') @@ -80,7 +80,7 @@ export function setNpmrc(input?: string): void { return; } } - if (trustLevel !== 'high') { + if (!exposeAllEnv) { return; } for (const key of Object.keys(npmrc)) { diff --git a/lib/manager/composer/artifacts.spec.ts b/lib/manager/composer/artifacts.spec.ts index d7798754387c6c..fca585b9583432 100644 --- a/lib/manager/composer/artifacts.spec.ts +++ b/lib/manager/composer/artifacts.spec.ts @@ -30,6 +30,7 @@ const config = { localDir: join('/tmp/github/some/repo'), cacheDir: join('/tmp/renovate/cache'), composerIgnorePlatformReqs: true, + ignoreScripts: false, }; const repoStatus = partial({ @@ -46,7 +47,7 @@ describe('.updateArtifacts()', () => { await setUtilConfig(config); docker.resetPrefetchedImages(); hostRules.clear(); - setAdminConfig(); + setAdminConfig({ allowScripts: false }); }); it('returns if no composer.lock found', async () => { expect( @@ -63,7 +64,7 @@ describe('.updateArtifacts()', () => { const execSnapshots = mockExecAll(exec); fs.readLocalFile.mockReturnValueOnce('Current composer.lock' as any); git.getRepoStatus.mockResolvedValue(repoStatus); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); expect( await composer.updateArtifacts({ packageFileName: 'composer.json', diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts index 9515106780c284..bffbe7510c707e 100644 --- a/lib/manager/composer/artifacts.ts +++ b/lib/manager/composer/artifacts.ts @@ -151,7 +151,7 @@ export async function updateArtifacts({ args += ' --ignore-platform-reqs'; } args += ' --no-ansi --no-interaction'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --no-scripts --no-autoloader'; } logger.debug({ cmd, args }, 'composer command'); diff --git a/lib/manager/npm/extract/index.ts b/lib/manager/npm/extract/index.ts index c8c496fb7aea8e..9207058fd348ff 100644 --- a/lib/manager/npm/extract/index.ts +++ b/lib/manager/npm/extract/index.ts @@ -107,7 +107,7 @@ export async function extractPackageFile( npmrc = npmrc.replace(/(^|\n)package-lock.*?(\n|$)/g, '\n'); } if (is.string(npmrc)) { - if (npmrc.includes('=${') && getAdminConfig().trustLevel !== 'high') { + if (npmrc.includes('=${') && !getAdminConfig().exposeAllEnv) { logger.debug('Discarding .npmrc file with variables'); ignoreNpmrcFile = true; npmrc = undefined; diff --git a/lib/manager/npm/post-update/lerna.spec.ts b/lib/manager/npm/post-update/lerna.spec.ts index 0dddb7c585fe5d..b5a596d671bbc5 100644 --- a/lib/manager/npm/post-update/lerna.spec.ts +++ b/lib/manager/npm/post-update/lerna.spec.ts @@ -109,7 +109,7 @@ describe(getName(__filename), () => { }); it('allows scripts for trust level high', async () => { const execSnapshots = mockExecAll(exec); - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ allowScripts: true }); const res = await lernaHelper.generateLockFiles( lernaPkgFile('npm'), 'some-dir', diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts index c2bb0bd3187e41..39b463e9991c92 100644 --- a/lib/manager/npm/post-update/lerna.ts +++ b/lib/manager/npm/post-update/lerna.ts @@ -72,10 +72,7 @@ export async function generateLockFiles( return { error: false }; } let lernaCommand = `lerna bootstrap --no-ci --ignore-scripts -- `; - if ( - getAdminConfig().trustLevel === 'high' && - config.ignoreScripts !== false - ) { + if (getAdminConfig().allowScripts && config.ignoreScripts !== false) { cmdOptions = cmdOptions.replace('--ignore-scripts ', ''); lernaCommand = lernaCommand.replace('--ignore-scripts ', ''); } @@ -96,7 +93,7 @@ export async function generateLockFiles( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts index 0025d620fe4c76..a11bce39231f08 100644 --- a/lib/manager/npm/post-update/npm.ts +++ b/lib/manager/npm/post-update/npm.ts @@ -71,7 +71,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts index 6541a412870a23..b9842631f96f53 100644 --- a/lib/manager/npm/post-update/pnpm.ts +++ b/lib/manager/npm/post-update/pnpm.ts @@ -50,7 +50,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } @@ -62,7 +62,7 @@ export async function generateLockFile( } cmd = 'pnpm'; let args = 'install --recursive --lockfile-only'; - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { args += ' --ignore-scripts'; args += ' --ignore-pnpmfile'; } diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts index c7c2d3b1131ac4..4056d2e165544a 100644 --- a/lib/manager/npm/post-update/yarn.ts +++ b/lib/manager/npm/post-update/yarn.ts @@ -101,7 +101,7 @@ export async function generateLockFile( } else { extraEnv.YARN_HTTP_TIMEOUT = '100000'; } - if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) { + if (!getAdminConfig().allowScripts || config.ignoreScripts) { if (isYarn1) { cmdOptions += ' --ignore-scripts'; } else { @@ -120,7 +120,7 @@ export async function generateLockFile( }, }; // istanbul ignore if - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH; execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL; } diff --git a/lib/manager/pip_requirements/extract.spec.ts b/lib/manager/pip_requirements/extract.spec.ts index 43ead688ceb873..73771848b77f1e 100644 --- a/lib/manager/pip_requirements/extract.spec.ts +++ b/lib/manager/pip_requirements/extract.spec.ts @@ -128,7 +128,7 @@ describe('lib/manager/pip_requirements/extract', () => { }); it('should replace env vars in high trust mode', () => { process.env.PIP_TEST_TOKEN = 'its-a-secret'; - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); const res = extractPackageFile(requirements7, 'unused_file_name', {}); expect(res.registryUrls).toEqual([ 'https://pypi.org/pypi/', diff --git a/lib/manager/pip_requirements/extract.ts b/lib/manager/pip_requirements/extract.ts index 87e2ffaec01963..87fc491b410ce2 100644 --- a/lib/manager/pip_requirements/extract.ts +++ b/lib/manager/pip_requirements/extract.ts @@ -84,7 +84,7 @@ export function extractPackageFile( res.registryUrls = registryUrls.map((url) => { // handle the optional quotes in eg. `--extra-index-url "https://foo.bar"` const cleaned = url.replace(/^"/, '').replace(/"$/, ''); - if (getAdminConfig().trustLevel !== 'high') { + if (!getAdminConfig().exposeAllEnv) { return cleaned; } // interpolate any environment variables diff --git a/lib/util/exec/env.spec.ts b/lib/util/exec/env.spec.ts index e3a0eabc258ad3..ebc1c16900a513 100644 --- a/lib/util/exec/env.spec.ts +++ b/lib/util/exec/env.spec.ts @@ -58,7 +58,7 @@ describe('getChildProcess environment when trustlevel set to low', () => { describe('getChildProcessEnv when trustlevel set to high', () => { it('returns process.env if trustlevel set to high', () => { - setAdminConfig({ trustLevel: 'high' }); + setAdminConfig({ exposeAllEnv: true }); expect(getChildProcessEnv()).toMatchObject(process.env); }); }); diff --git a/lib/util/exec/env.ts b/lib/util/exec/env.ts index 38950e4e867a95..faffd61bf81526 100644 --- a/lib/util/exec/env.ts +++ b/lib/util/exec/env.ts @@ -17,7 +17,7 @@ export function getChildProcessEnv( customEnvVars: string[] = [] ): NodeJS.ProcessEnv { const env: NodeJS.ProcessEnv = {}; - if (getAdminConfig().trustLevel === 'high') { + if (getAdminConfig().exposeAllEnv) { return { ...env, ...process.env }; } const envVars = [...basicEnvVars, ...customEnvVars]; diff --git a/lib/util/exec/exec.spec.ts b/lib/util/exec/exec.spec.ts index 3fb345ca0d1f9a..185c3b31596eb8 100644 --- a/lib/util/exec/exec.spec.ts +++ b/lib/util/exec/exec.spec.ts @@ -194,7 +194,7 @@ describe(getName(__filename), () => { maxBuffer: 10485760, }, ], - adminConfig: { trustLevel: 'high' }, + adminConfig: { exposeAllEnv: true }, }, ], diff --git a/lib/workers/branch/index.spec.ts b/lib/workers/branch/index.spec.ts index 51ff0568bcf091..a51907c79f2b9e 100644 --- a/lib/workers/branch/index.spec.ts +++ b/lib/workers/branch/index.spec.ts @@ -731,7 +731,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -809,7 +809,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^exit 1$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); @@ -878,7 +878,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'], allowPostUpgradeCommandTemplating: false, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); const result = await branchWorker.processBranch({ @@ -956,7 +956,7 @@ describe('workers/branch', () => { const adminConfig = { allowedPostUpgradeCommands: ['^echo {{{depName}}}$'], allowPostUpgradeCommandTemplating: true, - trustLevel: 'high', + exposeAllEnv: true, }; setAdminConfig(adminConfig); diff --git a/lib/workers/branch/index.ts b/lib/workers/branch/index.ts index ae4eb0ccc9573d..cc556ea418878e 100644 --- a/lib/workers/branch/index.ts +++ b/lib/workers/branch/index.ts @@ -360,7 +360,6 @@ export async function processBranch( (config.updatedPackageFiles?.length > 0 || /* ... or changes to artifacts */ config.updatedArtifacts?.length > 0) && - getAdminConfig().trustLevel === 'high' && is.nonEmptyArray(allowedPostUpgradeCommands) ) { for (const upgrade of config.upgrades) { From 91ba14454f0c01a177670da141bb7f2875783eeb Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:02:54 +0200 Subject: [PATCH 24/27] feat(config): remove manager additionalBranchPrefix defaults (#9373) Resets any language or manager` additionalBranchPrefix` values to empty string. Add the `compatibility:additionalBranchPrefix` prefix to restore previous behavior. BREAKING CHANGE: Removal of default `additionalBranchPrefix` values will cause branch names to change for docker/helm/buildkite/cargo/homebrew. --- docs/usage/configuration-options.md | 2 +- docs/usage/configuration-templates.md | 3 +-- lib/config/presets/index.ts | 1 + lib/config/presets/internal/compatibility.ts | 24 ++++++++++++++++++++ lib/config/presets/internal/index.ts | 2 ++ lib/datasource/docker/index.ts | 1 - lib/datasource/helm/index.ts | 1 - lib/manager/buildkite/index.ts | 1 - lib/manager/cargo/index.ts | 1 - lib/manager/homebrew/index.ts | 1 - lib/workers/repository/updates/flatten.ts | 9 -------- 11 files changed, 29 insertions(+), 17 deletions(-) create mode 100644 lib/config/presets/internal/compatibility.ts diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md index a8f43c2a7cc12a..c31c26c3784761 100644 --- a/docs/usage/configuration-options.md +++ b/docs/usage/configuration-options.md @@ -69,7 +69,7 @@ With the above config: ## additionalBranchPrefix This value defaults to an empty string, and is typically not necessary. -Some managers populate this field for historical reasons, for example we use `docker-` for Docker branches, so they may look like `renovate/docker-ubuntu-16.x`. +Some managers previously populated this field, but they no longer do so by default. You normally don't need to configure this, but one example where it can be useful is combining with `parentDir` in monorepos to split PRs based on where the package definition is located, e.g. ```json diff --git a/docs/usage/configuration-templates.md b/docs/usage/configuration-templates.md index 10911f76f2857f..c239ac69fe898a 100644 --- a/docs/usage/configuration-templates.md +++ b/docs/usage/configuration-templates.md @@ -21,8 +21,7 @@ Most users will be happy with the default `branchPrefix` of `renovate/`, but you Say you don't want the forward slashes, in that case you would use `renovate-` as your `branchPrefix`. The onboarding PR will always use `renovate/configure`. -`additionalBranchPrefix` is optional and by default is empty for all JavaScript dependencies. -We use `docker-` for all Docker updates, branches will look like this: `renovate/docker-ubuntu-16.x`. +`additionalBranchPrefix` is optional and by default is empty. `branchTopic` depends on the package manager and upgrade type, so you will see a lot of variety. This is probably a setting you want to change yourself. diff --git a/lib/config/presets/index.ts b/lib/config/presets/index.ts index b3453affb237d6..ccfc6f58e6ae63 100644 --- a/lib/config/presets/index.ts +++ b/lib/config/presets/index.ts @@ -93,6 +93,7 @@ export function parsePreset(input: string): ParsedPreset { str = str.slice(0, str.indexOf('(')); } const presetsPackages = [ + 'compatibility', 'config', 'default', 'docker', diff --git a/lib/config/presets/internal/compatibility.ts b/lib/config/presets/internal/compatibility.ts new file mode 100644 index 00000000000000..ce1175f569fb34 --- /dev/null +++ b/lib/config/presets/internal/compatibility.ts @@ -0,0 +1,24 @@ +import { Preset } from '../types'; + +export const presets: Record = { + additionalBranchPrefix: { + buildkite: { + additionalBranchPrefix: 'buildkite-', + }, + cargo: { + additionalBranchPrefix: 'rust-', + }, + docker: { + additionalBranchPrefix: 'docker-', + }, + homebrew: { + additionalBranchPrefix: 'homebrew-', + }, + packageRules: [ + { + matchDatasources: ['helm'], + additionalBranchPrefix: 'helm-', + }, + ], + }, +}; diff --git a/lib/config/presets/internal/index.ts b/lib/config/presets/internal/index.ts index fbbdd6a790ede3..e152b9747e19d7 100644 --- a/lib/config/presets/internal/index.ts +++ b/lib/config/presets/internal/index.ts @@ -1,4 +1,5 @@ import type { Preset, PresetConfig } from '../types'; +import * as compatibilityPreset from './compatibility'; import * as configPreset from './config'; import * as defaultPreset from './default'; import * as dockerPreset from './docker'; @@ -13,6 +14,7 @@ import * as schedulePreset from './schedule'; import * as workaroundsPreset from './workarounds'; export const groups: Record> = { + compatibility: compatibilityPreset.presets, config: configPreset.presets, default: defaultPreset.presets, docker: dockerPreset.presets, diff --git a/lib/datasource/docker/index.ts b/lib/datasource/docker/index.ts index 5a31e90b2bc442..4cc865f62a4aab 100644 --- a/lib/datasource/docker/index.ts +++ b/lib/datasource/docker/index.ts @@ -26,7 +26,6 @@ export const defaultVersioning = dockerVersioning.id; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'docker-', commitMessageTopic: '{{{depName}}} Docker tag', major: { enabled: false }, commitMessageExtra: diff --git a/lib/datasource/helm/index.ts b/lib/datasource/helm/index.ts index ea1105841ac2d0..af28e7caee5fbe 100644 --- a/lib/datasource/helm/index.ts +++ b/lib/datasource/helm/index.ts @@ -17,7 +17,6 @@ export const defaultRegistryUrls = ['https://charts.helm.sh/stable']; export const registryStrategy = 'first'; export const defaultConfig = { - additionalBranchPrefix: 'helm-', commitMessageTopic: 'Helm release {{depName}}', group: { commitMessageTopic: '{{{groupName}}} Helm releases', diff --git a/lib/manager/buildkite/index.ts b/lib/manager/buildkite/index.ts index a97b1018ed28c4..d678d7fd3c206d 100644 --- a/lib/manager/buildkite/index.ts +++ b/lib/manager/buildkite/index.ts @@ -7,5 +7,4 @@ export const defaultConfig = { commitMessageTopic: 'buildkite plugin {{depName}}', commitMessageExtra: 'to {{#if isMajor}}v{{{newMajor}}}{{else}}{{{newValue}}}{{/if}}', - additionalBranchPrefix: 'buildkite-', }; diff --git a/lib/manager/cargo/index.ts b/lib/manager/cargo/index.ts index e18f8527d5244c..e91db57470e3be 100644 --- a/lib/manager/cargo/index.ts +++ b/lib/manager/cargo/index.ts @@ -10,7 +10,6 @@ export { extractPackageFile, updateArtifacts, language }; export const defaultConfig = { commitMessageTopic: 'Rust crate {{depName}}', - additionalBranchPrefix: 'rust-', fileMatch: ['(^|/)Cargo.toml$'], versioning: cargoVersioning.id, rangeStrategy: 'bump', diff --git a/lib/manager/homebrew/index.ts b/lib/manager/homebrew/index.ts index 62bb3b08a55d92..b45e932cf7f9a7 100644 --- a/lib/manager/homebrew/index.ts +++ b/lib/manager/homebrew/index.ts @@ -3,6 +3,5 @@ export { updateDependency } from './update'; export const defaultConfig = { commitMessageTopic: 'Homebrew Formula {{depName}}', - additionalBranchPrefix: 'homebrew-', fileMatch: ['^Formula/[^/]+[.]rb$'], }; diff --git a/lib/workers/repository/updates/flatten.ts b/lib/workers/repository/updates/flatten.ts index 9a195d1d3e331d..4e825084d6327d 100644 --- a/lib/workers/repository/updates/flatten.ts +++ b/lib/workers/repository/updates/flatten.ts @@ -4,7 +4,6 @@ import { getManagerConfig, mergeChildConfig, } from '../../../config'; -import { LANGUAGE_DOCKER } from '../../../constants/languages'; import { getDefaultConfig } from '../../../datasource'; import { get } from '../../../manager'; import { applyPackageRules } from '../../../util/package-rules'; @@ -27,14 +26,6 @@ export function applyUpdateConfig(input: BranchUpgradeConfig): any { .replace(/-+/, '-') .toLowerCase() : undefined; - if ( - updateConfig.language === LANGUAGE_DOCKER && - /(^|\/)node$/.exec(updateConfig.depName) && - updateConfig.depName !== 'calico/node' - ) { - updateConfig.additionalBranchPrefix = ''; - updateConfig.depNameSanitized = 'node'; - } generateBranchName(updateConfig); return updateConfig; } From 9a47d1e25f0e5962fc855c46acbf68cfc524d202 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Sun, 4 Apr 2021 11:05:55 +0200 Subject: [PATCH 25/27] feat: updateType=patch (#9393) Changes behavior so that patch updateType is not rewritten to minor by default. Closes #2818 BREAKING CHANGE: patch updates are not considered updateType=minor by default. --- docs/usage/configuration-options.md | 1 - docs/usage/faq.md | 5 +- lib/config/definitions.ts | 3 +- lib/config/presets/internal/group.ts | 12 ++ .../lookup/__snapshots__/index.spec.ts.snap | 110 +++++++++--------- .../repository/process/lookup/index.spec.ts | 8 +- .../repository/process/lookup/update-type.ts | 5 +- 7 files changed, 74 insertions(+), 70 deletions(-) diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md index c31c26c3784761..24b29ed98584cf 100644 --- a/docs/usage/configuration-options.md +++ b/docs/usage/configuration-options.md @@ -1517,7 +1517,6 @@ For example to apply a special label for Major updates: ## patch Add to this object if you wish to define rules that apply only to patch updates. -Only applies if `separateMinorPatch` is set to true. ## php diff --git a/docs/usage/faq.md b/docs/usage/faq.md index bcf253b27896bf..5c71756c2c5e31 100644 --- a/docs/usage/faq.md +++ b/docs/usage/faq.md @@ -208,10 +208,7 @@ To learn more read the section below. You can see in the example above that Renovate won't normally open a PR for the `snorgleborf` patch release. -There are 2 ways to tell Renovate to open a separate PR for the patch release: - -- Set `separateMinorPatch` to `true` -- Set `automerge` to the value: `"patch"` +You can tell Renovate to open a separate PR for the patch release by setting `separateMinorPatch` to `true`. In both cases, Renovate will open 3 PRs: diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts index 25d9db12e36ff8..049bb00fa2b11b 100644 --- a/lib/config/definitions.ts +++ b/lib/config/definitions.ts @@ -1058,8 +1058,7 @@ const options: RenovateOptions[] = [ }, { name: 'patch', - description: - 'Configuration to apply when an update type is patch. Only applies if `separateMinorPatch` is set to true.', + description: 'Configuration to apply when an update type is patch.', stage: 'package', type: 'object', default: {}, diff --git a/lib/config/presets/internal/group.ts b/lib/config/presets/internal/group.ts index 3f9d21d16bb3fa..e4e75ef8898c6e 100644 --- a/lib/config/presets/internal/group.ts +++ b/lib/config/presets/internal/group.ts @@ -499,6 +499,9 @@ const staticGroups = { minor: { groupName: 'JS unit test packages', }, + patch: { + groupName: 'JS unit test packages', + }, }, ], }, @@ -519,6 +522,9 @@ const staticGroups = { minor: { groupName: 'unit test packages', }, + patch: { + groupName: 'unit test packages', + }, }, ], }, @@ -539,6 +545,9 @@ const staticGroups = { minor: { groupName: 'JS test packages', }, + patch: { + groupName: 'JS test packages', + }, }, ], }, @@ -559,6 +568,9 @@ const staticGroups = { minor: { groupName: 'test packages', }, + patch: { + groupName: 'test packages', + }, }, ], }, diff --git a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap index 4949a7f74b6b64..cbd11fcf390893 100644 --- a/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap +++ b/lib/workers/repository/process/lookup/__snapshots__/index.spec.ts.snap @@ -112,7 +112,7 @@ Array [ "0.9.5", "0.9.6", ], - "updateType": "minor", + "updateType": "patch", }, Object { "blockedByPin": true, @@ -705,53 +705,7 @@ Array [ "0.9.5", "0.9.6", ], - "updateType": "minor", - }, - Object { - "bucket": "major", - "currentVersion": "0.9.0", - "isSingleVersion": true, - "newMajor": 1, - "newMinor": 4, - "newValue": "1.4.1", - "newVersion": "1.4.1", - "releaseTimestamp": "2015-05-17T04:25:07.299Z", - "skippedOverVersions": Array [ - "1.0.0", - "1.0.1", - "1.1.0", - "1.1.1", - "1.1.2", - "1.2.0", - "1.2.1", - "1.3.0", - "1.4.0", - ], - "updateType": "major", - }, -] -`; - -exports[`workers/repository/process/lookup .lookupUpdates() returns minor update if separate patches not configured 1`] = ` -Array [ - Object { - "bucket": "non-major", - "currentVersion": "0.9.0", - "isSingleVersion": true, - "newMajor": 0, - "newMinor": 9, - "newValue": "0.9.7", - "newVersion": "0.9.7", - "releaseTimestamp": "2013-09-04T17:07:22.948Z", - "skippedOverVersions": Array [ - "0.9.1", - "0.9.2", - "0.9.3", - "0.9.4", - "0.9.5", - "0.9.6", - ], - "updateType": "minor", + "updateType": "patch", }, Object { "bucket": "major", @@ -979,6 +933,52 @@ Array [ ] `; +exports[`workers/repository/process/lookup .lookupUpdates() returns patch update even if separate patches not configured 1`] = ` +Array [ + Object { + "bucket": "non-major", + "currentVersion": "0.9.0", + "isSingleVersion": true, + "newMajor": 0, + "newMinor": 9, + "newValue": "0.9.7", + "newVersion": "0.9.7", + "releaseTimestamp": "2013-09-04T17:07:22.948Z", + "skippedOverVersions": Array [ + "0.9.1", + "0.9.2", + "0.9.3", + "0.9.4", + "0.9.5", + "0.9.6", + ], + "updateType": "patch", + }, + Object { + "bucket": "major", + "currentVersion": "0.9.0", + "isSingleVersion": true, + "newMajor": 1, + "newMinor": 4, + "newValue": "1.4.1", + "newVersion": "1.4.1", + "releaseTimestamp": "2015-05-17T04:25:07.299Z", + "skippedOverVersions": Array [ + "1.0.0", + "1.0.1", + "1.1.0", + "1.1.1", + "1.1.2", + "1.2.0", + "1.2.1", + "1.3.0", + "1.4.0", + ], + "updateType": "major", + }, +] +`; + exports[`workers/repository/process/lookup .lookupUpdates() returns patch update if separateMinorPatch 1`] = ` Array [ Object { @@ -1096,7 +1096,7 @@ Array [ "3.1.0-dev.20180809", "3.1.0-dev.20180810", ], - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1112,7 +1112,7 @@ Array [ "newValue": "2.5.17-beta.0", "newVersion": "2.5.17-beta.0", "releaseTimestamp": "2018-03-23T23:29:13.819Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1140,7 +1140,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1171,7 +1171,7 @@ Array [ "newValue": "3.0.1-insiders.20180726", "newVersion": "3.0.1-insiders.20180726", "releaseTimestamp": "2018-07-26T18:20:51.679Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1187,7 +1187,7 @@ Array [ "newValue": "3.0.1", "newVersion": "3.0.1", "releaseTimestamp": "2018-07-30T16:21:13.150Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -1218,7 +1218,7 @@ Array [ "newValue": "^0.0.35", "newVersion": "0.0.35", "releaseTimestamp": "2017-04-27T16:59:06.479Z", - "updateType": "minor", + "updateType": "patch", }, ] `; @@ -2648,7 +2648,7 @@ Array [ "newValue": "1.0.1", "newVersion": "1.0.1", "releaseTimestamp": "2014-03-11T18:47:17.560Z", - "updateType": "minor", + "updateType": "patch", }, ] `; diff --git a/lib/workers/repository/process/lookup/index.spec.ts b/lib/workers/repository/process/lookup/index.spec.ts index fbee93dd5f69f8..59ad3eb91dd16e 100644 --- a/lib/workers/repository/process/lookup/index.spec.ts +++ b/lib/workers/repository/process/lookup/index.spec.ts @@ -186,7 +186,7 @@ describe('workers/repository/process/lookup', () => { Error(CONFIG_VALIDATION) ); }); - it('returns minor update if separate patches not configured', async () => { + it('returns patch update even if separate patches not configured', async () => { config.currentValue = '0.9.0'; config.rangeStrategy = 'pin'; config.depName = 'q'; @@ -195,8 +195,8 @@ describe('workers/repository/process/lookup', () => { const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); expect(res.updates).toHaveLength(2); - expect(res.updates[0].updateType).not.toEqual('patch'); - expect(res.updates[1].updateType).not.toEqual('patch'); + expect(res.updates[0].updateType).toEqual('patch'); + expect(res.updates[1].updateType).toEqual('major'); }); it('returns minor update if automerging both patch and minor', async () => { config.patch = { @@ -212,7 +212,7 @@ describe('workers/repository/process/lookup', () => { nock('https://registry.npmjs.org').get('/q').reply(200, qJson); const res = await lookup.lookupUpdates(config); expect(res.updates).toMatchSnapshot(); - expect(res.updates[0].updateType).toEqual('minor'); + expect(res.updates[0].updateType).toEqual('patch'); }); it('returns patch update if separateMinorPatch', async () => { config.separateMinorPatch = true; diff --git a/lib/workers/repository/process/lookup/update-type.ts b/lib/workers/repository/process/lookup/update-type.ts index 2ec97d4dba5011..028931a23d32ae 100644 --- a/lib/workers/repository/process/lookup/update-type.ts +++ b/lib/workers/repository/process/lookup/update-type.ts @@ -19,8 +19,5 @@ export function getUpdateType( if (versioning.getMinor(newVersion) > versioning.getMinor(currentVersion)) { return 'minor'; } - if (config.separateMinorPatch) { - return 'patch'; - } - return 'minor'; + return 'patch'; } From 551cc79be2a9451d7f63d7da0b5052fc262eae8a Mon Sep 17 00:00:00 2001 From: Sebastian Poxhofer Date: Sun, 4 Apr 2021 14:48:52 +0200 Subject: [PATCH 26/27] feat(terraform): rework dep types (#9116) Improves the `depType` values returned by the terraform manager. Closes #8792 BREAKING CHANGE: Values for extracted `depType` in terraform manager have changed, please see the `terraform` manager readme for details. --- .../__snapshots__/extract.spec.ts.snap | 87 ++++++++++--------- lib/manager/terraform/extract.ts | 7 +- lib/manager/terraform/modules.ts | 6 +- lib/manager/terraform/providers.ts | 2 +- lib/manager/terraform/readme.md | 41 ++++++--- lib/manager/terraform/required-providers.ts | 8 ++ lib/manager/terraform/required-version.ts | 1 + lib/manager/terraform/resources.ts | 5 +- 8 files changed, 98 insertions(+), 59 deletions(-) diff --git a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap index 645e3106b84897..c966a632f4767c 100644 --- a/lib/manager/terraform/__snapshots__/extract.spec.ts.snap +++ b/lib/manager/terraform/__snapshots__/extract.spec.ts.snap @@ -7,7 +7,7 @@ Object { "currentValue": "1.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -15,7 +15,7 @@ Object { Object { "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -23,7 +23,7 @@ Object { Object { "datasource": "helm", "depName": "./charts/example", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -33,7 +33,7 @@ Object { "currentValue": "4.0.1", "datasource": "helm", "depName": undefined, - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -43,7 +43,7 @@ Object { "currentValue": "5.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ "https://charts.helm.sh/stable", ], @@ -52,7 +52,7 @@ Object { "currentValue": "6.0.1", "datasource": "helm", "depName": "redis", - "depType": "helm", + "depType": "helm_release", "registryUrls": Array [ undefined, ], @@ -68,86 +68,86 @@ Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "next", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "currentValue": "tfmodule_one-v0.0.9", "datasource": "github-tags", "depName": "github.com/githubuser/myrepo", - "depType": "github", + "depType": "module", "lookupName": "githubuser/myrepo", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "v1.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example.2.3", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example.2.3", }, Object { "currentValue": "0.1.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v0.1.0", "datasource": "github-tags", "depName": "github.com/tieto-cem/terraform-aws-ecs-task-definition", - "depType": "github", + "depType": "module", "lookupName": "tieto-cem/terraform-aws-ecs-task-definition", }, Object { "currentValue": "v2.0.0", "datasource": "github-tags", "depName": "github.com/hashicorp/example", - "depType": "github", + "depType": "module", "lookupName": "hashicorp/example", }, Object { "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "<= 2.4.0", "datasource": "terraform-module", "depName": "terraform-aws-modules/security-group/aws", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "1.28.3", "datasource": "terraform-module", "depName": "particuleio/addons/kubernetes", - "depType": "terraform", + "depType": "module", }, Object { "currentValue": "~> 1.1.0", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -156,7 +156,7 @@ Object { "currentValue": "~> 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -165,7 +165,7 @@ Object { "currentValue": "~~ 1.1", "datasource": "terraform-module", "depName": "app.terraform.io/example-corp/k8s-cluster/azurerm", - "depType": "terraform", + "depType": "module", "registryUrls": Array [ "https://app.terraform.io", ], @@ -174,7 +174,7 @@ Object { "currentValue": ">= 1.0.0, <= 2.0.0", "datasource": "terraform-module", "depName": "hashicorp/consul/aws", - "depType": "terraform", + "depType": "module", }, Object { "skipReason": "local", @@ -186,89 +186,90 @@ Object { "currentValue": "1.36.1", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=2.4", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "=1.3", "datasource": "terraform-provider", "depName": "gitlab", - "depType": "terraform", + "depType": "provider", }, Object { "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "V1.9", "datasource": "terraform-provider", "depName": "newrelic", - "depType": "terraform", + "depType": "provider", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.0", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "next", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.1", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "https://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.2", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "http://bitbucket.com/hashicorp/example", }, Object { "currentValue": "v1.0.3", "datasource": "git-tags", "depName": "bitbucket.com/hashicorp/example", - "depType": "gitTags", + "depType": "module", "lookupName": "ssh://git@bitbucket.com/hashicorp/example", }, Object { "currentValue": ">= 2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 2.0.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": ">= 0.13", "datasource": "github-tags", "depName": "hashicorp/terraform", + "depType": "required_version", "extractVersion": "v(?.*)$", "lineNumber": 229, }, @@ -276,7 +277,7 @@ Object { "currentValue": "2.7.2", "datasource": "terraform-provider", "depName": "docker", - "depType": "terraform", + "depType": "required_provider", "registryUrls": Array [ "https://releases.hashicorp.com", ], @@ -285,34 +286,34 @@ Object { "currentValue": "2.7.0", "datasource": "terraform-provider", "depName": "aws", - "depType": "terraform", + "depType": "required_provider", "lookupName": "aws", }, Object { "currentValue": "=2.27.0", "datasource": "terraform-provider", "depName": "azurerm", - "depType": "terraform", + "depType": "required_provider", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "invalid", - "depType": "terraform", + "depType": "required_provider", "skipReason": "unsupported-url", }, Object { "currentValue": "1.2.4", "datasource": "terraform-provider", "depName": "helm", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/helm", }, Object { "currentValue": ">= 1.0", "datasource": "terraform-provider", "depName": "kubernetes", - "depType": "terraform", + "depType": "required_provider", "lookupName": "hashicorp/kubernetes", "registryUrls": Array [ "https://terraform.example.com", @@ -324,6 +325,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_image", "replaceString": "nginx:1.7.8", }, Object { @@ -332,6 +334,7 @@ Object { Object { "autoReplaceStringTemplate": "{{depName}}{{#if newValue}}:{{newValue}}{{/if}}{{#if newDigest}}@{{newDigest}}{{/if}}", "datasource": "docker", + "depType": "docker_image", "replaceString": "\${data.docker_registry_image.ubuntu.name}", "skipReason": "contains-variable", }, @@ -341,6 +344,7 @@ Object { "currentValue": "1.7.8", "datasource": "docker", "depName": "nginx", + "depType": "docker_container", "replaceString": "nginx:1.7.8", }, Object { @@ -352,6 +356,7 @@ Object { "currentValue": "v1", "datasource": "docker", "depName": "repo.mycompany.com:8080/foo-service", + "depType": "docker_service", "replaceString": "repo.mycompany.com:8080/foo-service:v1", }, Object { diff --git a/lib/manager/terraform/extract.ts b/lib/manager/terraform/extract.ts index 4658a80336cbe7..0048bde408dc4a 100644 --- a/lib/manager/terraform/extract.ts +++ b/lib/manager/terraform/extract.ts @@ -5,7 +5,10 @@ import { analyzeTerraformProvider, extractTerraformProvider, } from './providers'; -import { extractTerraformRequiredProviders } from './required-providers'; +import { + analyzeTerraformRequiredProvider, + extractTerraformRequiredProviders, +} from './required-providers'; import { analyseTerraformVersion, extractTerraformRequiredVersion, @@ -98,6 +101,8 @@ export function extractPackageFile(content: string): PackageFile | null { deps.forEach((dep) => { switch (dep.managerData.terraformDependencyType) { case TerraformDependencyTypes.required_providers: + analyzeTerraformRequiredProvider(dep); + break; case TerraformDependencyTypes.provider: analyzeTerraformProvider(dep); break; diff --git a/lib/manager/terraform/modules.ts b/lib/manager/terraform/modules.ts index f3336a1ab7ff09..692c120328e77f 100644 --- a/lib/manager/terraform/modules.ts +++ b/lib/manager/terraform/modules.ts @@ -30,12 +30,12 @@ export function analyseTerraformModule(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ if (githubRefMatch) { dep.lookupName = githubRefMatch.groups.project.replace(/\.git$/, ''); - dep.depType = 'github'; + dep.depType = 'module'; dep.depName = 'github.com/' + dep.lookupName; dep.currentValue = githubRefMatch.groups.tag; dep.datasource = datasourceGithubTags.id; } else if (gitTagsRefMatch) { - dep.depType = 'gitTags'; + dep.depType = 'module'; if (gitTagsRefMatch.groups.path.includes('//')) { logger.debug('Terraform module contains subdirectory'); dep.depName = gitTagsRefMatch.groups.path.split('//')[0]; @@ -56,7 +56,7 @@ export function analyseTerraformModule(dep: PackageDependency): void { if (hostnameMatch) { dep.registryUrls = [`https://${hostnameMatch.groups.hostname}`]; } - dep.depType = 'terraform'; + dep.depType = 'module'; dep.depName = moduleParts.join('/'); dep.datasource = datasourceTerraformModule.id; } diff --git a/lib/manager/terraform/providers.ts b/lib/manager/terraform/providers.ts index f49240b2e9276f..c4930fab14cfad 100644 --- a/lib/manager/terraform/providers.ts +++ b/lib/manager/terraform/providers.ts @@ -57,7 +57,7 @@ export function extractTerraformProvider( export function analyzeTerraformProvider(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ - dep.depType = 'terraform'; + dep.depType = 'provider'; dep.depName = dep.managerData.moduleName; dep.datasource = datasourceTerraformProvider.id; diff --git a/lib/manager/terraform/readme.md b/lib/manager/terraform/readme.md index 4dd83219332888..9d3138c89cb327 100644 --- a/lib/manager/terraform/readme.md +++ b/lib/manager/terraform/readme.md @@ -1,21 +1,38 @@ -Currently Terraform support is limited to Terraform registry sources and GitHub sources that include SemVer refs, e.g. like `github.com/hashicorp/example?ref=v1.0.0`. +Currently, Terraform supports renovating the following dependencies, where sub points represent hosting options of the dependencies: -Fixed versions like the following will receive a PR whenever there is a newer version available: +- modules + - GitTags + - GithubTags + - TerraformRegistry ( Public and Private ) +- providers ( deprecated in Terraform 0.13.0 ) + - TerraformRegistry ( Public and Private ) +- required_providers block ( Terraform >= 0.13.0) + - TerraformRegistry ( Public and Private ) +- required_version +- helm_release + - chart repository ( Public and Private ) +- docker\_\* + - Docker registry ( Public and Private ) -``` -module "consul" { - source = "hashicorp/consul/aws" - version = "0.0.5" - servers = 3 -} -``` - -The following _range_ constraints are also supported: +Terraform range constraints are supported: - `>= 1.2.0`: version 1.2.0 or newer - `<= 1.2.0`: version 1.2.0 or older - `~> 1.2.0`: any non-beta version >= 1.2.0 and < 1.3.0, e.g. 1.2.X - `~> 1.2`: any non-beta version >= 1.2.0 and < 2.0.0, e.g. 1.X.Y -- `>= 1.0.0`, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive +- `>= 1.0.0, <= 2.0.0`: any version between 1.0.0 and 2.0.0 inclusive + +For fine-grained control, e.g. to turn off only parts of this manager, there are following `depTypes` provided: + +| resource | depType | +| --------------------------- | :---------------: | +| terraform provider | provider | +| required terraform provider | required_provider | +| required terraform version | required_version | +| terraform module | module | +| helm release | helm_release | +| docker container | docker_container | +| docker image | docker_image | +| docker service | docker_service | If you need to change the versioning format, read the [versioning](https://docs.renovatebot.com/modules/versioning/) documentation to learn more. diff --git a/lib/manager/terraform/required-providers.ts b/lib/manager/terraform/required-providers.ts index 9319737a69c94f..44b1186210c23e 100644 --- a/lib/manager/terraform/required-providers.ts +++ b/lib/manager/terraform/required-providers.ts @@ -1,4 +1,5 @@ import type { PackageDependency } from '../types'; +import { analyzeTerraformProvider } from './providers'; import { ExtractionResult, TerraformDependencyTypes, @@ -72,3 +73,10 @@ export function extractTerraformRequiredProviders( } while (line.trim() !== '}'); return { lineNumber, dependencies: deps }; } + +export function analyzeTerraformRequiredProvider(dep: PackageDependency): void { + /* eslint-disable no-param-reassign */ + analyzeTerraformProvider(dep); + dep.depType = `required_provider`; + /* eslint-enable no-param-reassign */ +} diff --git a/lib/manager/terraform/required-version.ts b/lib/manager/terraform/required-version.ts index f5deb89a8b87fd..c8bb1e4dad6f32 100644 --- a/lib/manager/terraform/required-version.ts +++ b/lib/manager/terraform/required-version.ts @@ -48,6 +48,7 @@ export function extractTerraformRequiredVersion( export function analyseTerraformVersion(dep: PackageDependency): void { /* eslint-disable no-param-reassign */ + dep.depType = 'required_version'; dep.datasource = datasourceGithubTags.id; dep.depName = 'hashicorp/terraform'; dep.extractVersion = 'v(?.*)$'; diff --git a/lib/manager/terraform/resources.ts b/lib/manager/terraform/resources.ts index 62c986261c8806..4937a8e98ef4d6 100644 --- a/lib/manager/terraform/resources.ts +++ b/lib/manager/terraform/resources.ts @@ -73,6 +73,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_container: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_container'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -81,6 +82,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_image: if (dep.managerData.name) { applyDockerDependency(dep, dep.managerData.name); + dep.depType = 'docker_image'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -89,6 +91,7 @@ export function analyseTerraformResource( case TerraformResourceTypes.docker_service: if (dep.managerData.image) { applyDockerDependency(dep, dep.managerData.image); + dep.depType = 'docker_service'; } else { dep.skipReason = SkipReason.InvalidDependencySpecification; } @@ -100,7 +103,7 @@ export function analyseTerraformResource( } else if (checkIfStringIsPath(dep.managerData.chart)) { dep.skipReason = SkipReason.LocalChart; } - dep.depType = 'helm'; + dep.depType = 'helm_release'; dep.registryUrls = [dep.managerData.repository]; dep.depName = dep.managerData.chart; dep.datasource = datasourceHelm.id; From 05b2ed1b869643dc03d39442e0433d62d7881ff5 Mon Sep 17 00:00:00 2001 From: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> Date: Sun, 4 Apr 2021 14:50:26 +0200 Subject: [PATCH 27/27] docs: improve sentences (#9395) --- docs/usage/self-hosted-configuration.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index bf2299cd5ec709..ec8117de5ba802 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -184,10 +184,11 @@ e.g. ## exposeAllEnv -By default, Renovate will only pass a limited set of environment variables to package managers. -Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against. +By default, Renovate only passes a limited set of environment variables to package managers. +Confidential data can be leaked if a malicious script enumerates all environment variables. +Set `exposeAllEnv` to `true` only if you have reviewed (and trust) the repositories which Renovate bot runs against. -Setting this to true will also allow for variable substitution in `.npmrc` files. +Setting this to `true` will also allow for variable substitution in `.npmrc` files. ## force