Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support non-FQDN hosts in for global host rule env #33607

Open
rarkins opened this issue Jan 14, 2025 Discussed in #33204 · 0 comments
Open

Support non-FQDN hosts in for global host rule env #33607

rarkins opened this issue Jan 14, 2025 Discussed in #33204 · 0 comments
Labels
core:config Related to config capabilities and presets priority-4-low Low priority, unlikely to be done unless it becomes important to more people type:feature Feature (new functionality)

Comments

@rarkins
Copy link
Collaborator

rarkins commented Jan 14, 2025

Discussed in #33204

Originally posted by emwl December 19, 2024

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

GitLab-CE with Renovate 39.31.4

Please tell us more about your question or problem

I recently had to regenerate access tokens for our on-premise Azure DevOps Server NuGet feed, and because it was a good reason to try it, I wanted to remove it from the host rules in favor of a GitLab CI variable (that ends up as environment variable). I thought I tried the same thing before and failed, which is why I had the token hardcoded/plaintext (which is never a good idea, but I just wanted to get things to work back in the day).

The (relevant part of the) config looks like this:

 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "packageRules": [...],
   "nuget": {
     "registryUrls": [
       "https://api.nuget.org/v3/index.json",
       "https://tfs/MainCollection/_packaging/NUGET_PACKAGES/nuget/v3/index.json"
     ]
   },
   "hostRules": [
     {
       "hostType": "nuget",
       "matchHost": "https://tfs/MainCollection/",
-      "password": "old token"
     }
   ],
   "configMigration": true,
   "platformAutomerge": true,
   "extends": [...]
 }

After removing the password member, I added a CI variable named NUGET_TFS_PASSWORD instead with the new token and used the various masking/protection features of GitLab to prevent them from showing up in a log accidentally.

However, the following run failed to access the NuGet feed with this:

 WARN: Cannot parse env
       "env": "NUGET_TFS_PASSWORD"

I did find #10211 and apparently, single-word hostnames always trigger this warning (then skip the rule). We don't use the FQDN to access the NuGet feed, and changing this configuration across many projects (and even more developer machines) isn't really something we want to do if we can avoid it. "tfs" is just a DNS alias, in case we ever migrate to a different server.

The way I understand

renovate/lib/config/env.ts

Line 114 in 854d0a8

logger.warn(`Cannot parse ${envName} env`);

...it seems that those hostnames are not supported at all. Is there anything I can do about it, other than changing the hostname everywhere else to a FQDN?
Putting it back into the json config does the trick, but isn't really optimal.

Logs (if relevant)

Logs 
$ npx renovate $RENOVATE_EXTRA_FLAGS
DEBUG: Using RE2 regex engine
DEBUG: Parsing configs
DEBUG: Checking for config file in config.js
DEBUG: Converting GITHUB_COM_TOKEN into a global host rule
DEBUG: File config
       "config": {
         "endpoint": "https://gitlab/api/v4/",
         "platform": "gitlab",
         "onboardingConfig": {"extends": ["renovate/config"]},
         "autodiscover": true,
         "autodiscoverFilter": ["!/infra/.*/"],
         "optimizeForDisabled": true,
         "persistRepoData": true,
         "detectGlobalManagerConfig": true,
         "detectHostRulesFromEnv": true
       }
DEBUG: CLI config
       "config": {}
DEBUG: Env config
       "config": {
         "hostRules": [
           {"hostType": "github", "matchHost": "github.com", "token": "***********"}
         ],
         "dryRun": "full",
         "baseDir": "E:\\GitLab\\builds\\gqSWmGzn\\1\\renovate\\runner/renovate",
         "endpoint": "https://gitlab/api/v4",
         "token": "***********"
       }
DEBUG: Combined config
       "config": {
         "endpoint": "https://gitlab/api/v4",
         "platform": "gitlab",
         "onboardingConfig": {"extends": ["renovate/config"]},
         "autodiscover": true,
         "autodiscoverFilter": ["!/infra/.*/"],
         "optimizeForDisabled": true,
         "persistRepoData": true,
         "detectGlobalManagerConfig": true,
         "detectHostRulesFromEnv": true,
         "hostRules": [
           {"hostType": "github", "matchHost": "github.com", "token": "***********"}
         ],
         "dryRun": "full",
         "baseDir": "E:\\GitLab\\builds\\gqSWmGzn\\1\\renovate\\runner/renovate",
         "token": "***********"
       }
DEBUG: Detecting global manager config
DEBUG: Detected C:/Users/tfssrv/.npmrc and adding it to global config
DEBUG: Global manager config
       "config": {"npmrc": "***********", "npmrcMerge": true}
 WARN: Cannot parse env
       "env": "NUGET_TFS_PASSWORD"
DEBUG: Adding trailing slash to endpoint
@rarkins rarkins added type:feature Feature (new functionality) priority-4-low Low priority, unlikely to be done unless it becomes important to more people core:config Related to config capabilities and presets labels Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core:config Related to config capabilities and presets priority-4-low Low priority, unlikely to be done unless it becomes important to more people type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rarkins