Renovate Me - Fetch Release Notes

[ghost]

This is a:

• [x] Bug report
• [ ] Feature request

Description

I attempted to setup Release Notes retrieval by following the instructions to add GitHub's token to the configuration but I get an error where Renovate complains it doesn't have a private key. As they wouldn't expose their key in their npm package (and thus shouldn't be accessible to this Azure DevOps extension), I tried to inject an unencrypted token via command line by adding --host-rules="[{\"domainName\":\"github.com\",\"token\":\"[TOKEN]\"}]" to the arguments list. Unfortunately this also didn't work, as Renovate can't seem to be able to find the given token.

Is this something that's been attempted with the Azure DevOps extension before? Is there a way to make this work?

Thanks!

[jycouet]

Sorry I never tried it. Can you try with renovate directly? It's working on your machine?

[ghost]

Release notes retrieval works fine when the GitHub token is added unencrypted to Renovate's configuration file. This obviously isn't a viable solution for us as we don't want to add unencrypted tokens to our code repository.

We've also tried injecting the token via a pipeline task but Renovate doesn't seem to be able to take theses config changes into consideration. My theory on this is that Renovate works with the branches' configuration files instead of master's, or something like that. That would explain why changing the master configuration file doesn't affect the branches' Pull Requests. From what I could see in the logs, Renovate is able to properly combine its configurations files but somehow gets undefined when it attempts to retrieve GitHub's token.

[jycouet]

Sorry to hear that! I'm not sure how to help you...

Do you have a log on:

Renovate is able to properly combine its configurations files but somehow gets undefined when it attempts to retrieve GitHub's token.

[ghost]

I've attached a log of Renovate's task.

This is Renovate's configuration file in the repository:

{
  "extends": [
    "group:allNonMajor"
  ],
  "hostRules": [
    {
      "domainName": "github.com",
      "token": "#{github.token}#"
    }
  ]
}

We're using Guillaume Rauchon's replace token task to replace the GitHub token within the configuration file before running Renovate.

Lines 90 and 115 in the log seem to confirm that Renovate works on its own cloned version of the repository, meaning that any modifications done in the pipeline's repository will have absolutely no impact on Renovate.

[elwynelwyn]

I ran into the same issue today. I tried to resolve it as the docs suggested, by adding an environment variable GITHUB_COM_TOKEN with my personal access token. However RenovateBot was not seeing this value - perhaps when we spawn the new process for Renovate to run in it does not inherit the full env?

I got this working based on @Bibz87-CG suggestion of passing in a hostRule via CLI (thanks for the tip!)

I started by heading into Edit Pipeline -> Variables -> Pipeline Variables and added a new var: GITHUB_COM_TOKEN | my PAT [tick box that says this is a secret] I then jumped back into Tasks -> Renovate -> Options -> Additional Args, and added this: --host-rules="[{\"domainName\":\"github.com\",\"token\":\"$(GITHUB_COM_TOKEN)\"}]"

I noticed that renovate internally sets a hostType when you use the env var, but it seems to be working for me without it: https://github.com/renovatebot/renovate/blob/master/lib/config/env.ts#L62

[ghost]

Thanks for your input, @elwynelwyn!

I've been able to make it work with CLI argument, too. I did the exact same thing as you did (which is also the same as my original post) and it worked.

My guess is that I made a mistake somewhere while testing how to properly pass a JSON to CLI arguments and didn't notice release notes were fetched from GitHub. ಠ_ಠ

From what I can see, you can also name the variable any way you want; I tried GITHUB_COM_TOKEN and github.token and they both worked fine.