Renovate broken with error "validationError": "Cannot find preset's package (github>sourcegraph/renovate-config)"

felixfbecker commented 4 years ago

Renovate has stopped working for us a while ago without us making any changes afaik. It seems it can no longer find our GitHub config repository that hosts our shared renovate.json and is referenced here:

https://github.com/sourcegraph/sourcegraph/blob/9d142c61a1eec6570f08e016546865bde8774414/renovate.json#L3

Our config is in a private repository: https://github.com/sourcegraph/renovate-config (which used to work before)

Here are the full logs of the most recent run (they all fail):

INFO: Repository started
{
  "renovateVersion": "22.21.2"
}
DEBUG: Using localDir: /mnt/renovate/gh/sourcegraph/sourcegraph
DEBUG: Repository cache is valid
DEBUG: initRepo("sourcegraph/sourcegraph")
DEBUG: No dangling containers to remove
DEBUG: sourcegraph/sourcegraph default branch = main
DEBUG: Using personal access token for git init
DEBUG: resetMemCache()
DEBUG: Initializing git repository into /mnt/renovate/gh/sourcegraph/sourcegraph
DEBUG: git clone completed
{
  "durationMs": 5222
}
DEBUG: latest commit
{
  "latestCommitDate": "2020-08-24T11:30:25+02:00"
}
DEBUG: Setting git author name
{
  "gitAuthorName": "Renovate Bot"
}
DEBUG: Setting git author email
{
  "gitAuthorEmail": "bot@renovateapp.com"
}
DEBUG: Setting current branch to main
DEBUG: latest commit
{
  "branchName": "main",
  "latestCommitDate": "2020-08-24T11:30:25+02:00"
}
DEBUG: detectSemanticCommits()
DEBUG: getCommitMessages
DEBUG: Semantic commits detection: angular
DEBUG: angular semantic commits detected
DEBUG: checkOnboarding()
DEBUG: isOnboarded()
DEBUG: findFile(renovate.json)
DEBUG: config file exists
DEBUG: ensureIssueClosing(Action required: Add a Renovate config)
DEBUG: Retrieving issueList
DEBUG: Retrieved 5 issues
DEBUG: Repo is onboarded
DEBUG: Found renovate.json config file
DEBUG: Repository config
{
  "configFile": "renovate.json",
  "config": {
    "$schema": "http://json.schemastore.org/renovate",
    "extends": [
      "github>sourcegraph/renovate-config"
    ],
    "semanticCommits": false,
    "engines": {
      "node": {
        "rangeStrategy": "bump"
      }
    },
    "packageRules": [
      {
        "packageNames": [
          "typescript"
        ],
        "ignoreUnstable": false,
        "followTag": "next",
        "schedule": null,
        "reviewers": [],
        "automerge": false,
        "labels": [
          "bot",
          "npm",
          "nightly"
        ]
      },
      {
        "packageNames": [
          "@octokit/rest",
          "@slack/web-api",
          "googleapis"
        ],
        "reviewers": [
          "beyang"
        ]
      }
    ]
  }
}
DEBUG: migrateAndValidate()
DEBUG: Config migration necessary
{
  "oldConfig": {
    "$schema": "http://json.schemastore.org/renovate",
    "extends": [
      "github>sourcegraph/renovate-config"
    ],
    "semanticCommits": false,
    "engines": {
      "node": {
        "rangeStrategy": "bump"
      }
    },
    "packageRules": [
      {
        "packageNames": [
          "typescript"
        ],
        "ignoreUnstable": false,
        "followTag": "next",
        "schedule": null,
        "reviewers": [],
        "automerge": false,
        "labels": [
          "bot",
          "npm",
          "nightly"
        ]
      },
      {
        "packageNames": [
          "@octokit/rest",
          "@slack/web-api",
          "googleapis"
        ],
        "reviewers": [
          "beyang"
        ]
      }
    ]
  },
  "newConfig": {
    "$schema": "http://json.schemastore.org/renovate",
    "extends": [
      "github>sourcegraph/renovate-config"
    ],
    "semanticCommits": false,
    "packageRules": [
      {
        "packageNames": [
          "typescript"
        ],
        "ignoreUnstable": false,
        "followTag": "next",
        "schedule": null,
        "reviewers": [],
        "automerge": false,
        "labels": [
          "bot",
          "npm",
          "nightly"
        ]
      },
      {
        "packageNames": [
          "@octokit/rest",
          "@slack/web-api",
          "googleapis"
        ],
        "reviewers": [
          "beyang"
        ]
      },
      {
        "node": {
          "rangeStrategy": "bump"
        },
        "depTypeList": [
          "engines"
        ]
      }
    ]
  }
}
DEBUG: massaged config
{
  "config": {
    "$schema": "http://json.schemastore.org/renovate",
    "extends": [
      "github>sourcegraph/renovate-config"
    ],
    "semanticCommits": false,
    "packageRules": [
      {
        "packageNames": [
          "typescript"
        ],
        "ignoreUnstable": false,
        "followTag": "next",
        "schedule": null,
        "reviewers": [],
        "automerge": false,
        "labels": [
          "bot",
          "npm",
          "nightly"
        ]
      },
      {
        "packageNames": [
          "@octokit/rest",
          "@slack/web-api",
          "googleapis"
        ],
        "reviewers": [
          "beyang"
        ]
      },
      {
        "node": {
          "rangeStrategy": "bump"
        },
        "depTypeList": [
          "engines"
        ]
      }
    ]
  }
}
DEBUG: migrated config
{
  "config": {
    "$schema": "http://json.schemastore.org/renovate",
    "extends": [
      "github>sourcegraph/renovate-config"
    ],
    "semanticCommits": false,
    "packageRules": [
      {
        "packageNames": [
          "typescript"
        ],
        "ignoreUnstable": false,
        "followTag": "next",
        "schedule": null,
        "reviewers": [],
        "automerge": false,
        "labels": [
          "bot",
          "npm",
          "nightly"
        ]
      },
      {
        "packageNames": [
          "@octokit/rest",
          "@slack/web-api",
          "googleapis"
        ],
        "reviewers": [
          "beyang"
        ]
      },
      {
        "node": {
          "rangeStrategy": "bump"
        },
        "depTypeList": [
          "engines"
        ]
      }
    ]
  }
}
DEBUG: GitHub 404
{
  "url": {}
}
DEBUG: Failed to retrieve default.json from repo
{
  "statusCode": 404
}
DEBUG: default.json preset not found - trying renovate.json
DEBUG: GitHub 404
{
  "url": {}
}
DEBUG: Failed to retrieve renovate.json from repo
{
  "statusCode": 404
}
DEBUG: Preset fetch error
{
  "preset": "github>sourcegraph/renovate-config",
  "err": {
    "message": "dep not found",
    "stack": "Error: dep not found\n    at fetchJSONFile (/home/ubuntu/renovateapp/node_modules/renovate/dist/config/presets/github/index.js:22:15)\n    at runMicrotasks ()\n    at processTicksAndRejections (internal/process/task_queues.js:97:5)"
  }
}
INFO: Throwing preset error
{
  "validationError": "Cannot find preset's package (github>sourcegraph/renovate-config)"
}
INFO: Repository has invalid config
{
  "error": {
    "validationError": "Cannot find preset's package (github>sourcegraph/renovate-config)"
  }
}
DEBUG: raiseConfigWarningIssue()
DEBUG: getBranchPr(renovate/configure)
DEBUG: findPr(renovate/configure, undefined, open)
DEBUG: Retrieving PR list
DEBUG: Retrieved 1000 Pull Requests
DEBUG: ensureIssue(Action Required: Fix Renovate Configuration)
DEBUG: Issue is open and up to date - nothing to do
DEBUG: Repository timing splits (milliseconds)
{
  "splits": {},
  "total": 20066
}
DEBUG: http statistics
{
  "hostStats": [
    "api.github.com, 13 requests, 2156ms average"
  ],
  "totalRequests": 13
}
INFO: Repository finished
{
  "durationMs": 20066
}

rarkins commented 4 years ago

I think I know what caused this. We recently added/enforced a security feature from GitHub that lets us request tokens which are scoped to one repository only, instead of the default full org. For private repos we scope to the full org, because it's necessary in many cases when orgs have dependencies between private repos. But for public repos, we scope it to repo-only because it's not normal to have a public repo depend on a private repo. There is always the possibility that a Renovate token could be leaked into a PR or issue, despite our best efforts at sanitizing them all, so that's why we default to more secure for public repos.

Possibilities for you:

If you wish, I can add some logic to revert the single-repo permissions for @sourcegraph public repos
You can make your preset config entirely public if there's no secrets in it
You could make the majority of your preset public but have a second one for private repos to extend as well

rarkins commented 3 years ago

I'm going to archive this repository so that we have conversations in one place. Therefore please create an "App Support" discussion here if this problem or suggestion is still relevant: https://github.com/renovatebot/renovate/discussions

renovatebot / app-support

Renovate broken with error "validationError": "Cannot find preset's package (github>sourcegraph/renovate-config)" #76