Generate builtin tasks lookup file

renovatebot / azure-devops-marketplace

Script to generate the renovate-bot config file for Azure DevOps Marketplace

https://jessehouwing.net/azure-pipelines-enable-renovatebot/

8 stars 4 forks source link

Generate builtin tasks lookup file #13

Closed jessehouwing closed 1 year ago

jessehouwing commented 1 year ago

Needs:

[ ] Access to an Azure DevOps Org. Currently configured against my personal brazil org (gets the tasks the first) used for other similar projects.
[ ] An Azure DevOps PAT with Agent Pools (Read) permissions in the org above.

Fixes: #12

rarkins commented 1 year ago

What is the decision? I mostly forget but didn't I set one up already the last time?

jessehouwing commented 1 year ago

What is the decision? I mostly forget but didn't I set one up already the last time?

Yes you did, but it doesn't have the permissions (Agent Pool (Read)) in an Azure DevOps Org in Brazil.

I have one (jessehouwing-brazil) it's an otherwise empty token organization with no projects in it. It's just that the Azure Pipelines team deploys to Brazil first, so it's the first (after some internal Microsoft organizations) to receive updates.

So the token needs a new permission and the user of that token needs access to an org in brazil and the scope of the token must either be "all accessible orgs" or the new brazil org specifically.

jessehouwing commented 1 year ago

@rarkins I moved the org name to an Actions variable, that way it's under your control :).

jessehouwing commented 1 year ago

The generated file using this approach is much smaller by the way (about 1/4rd of the size). I can explain most of that because by far not all versions in the git repo are actually shipped to clients, but that change might warrant a release note in itself. I haven't fully diffed the 2 files yet to see if I can explain all of the differences.

Explanation here: https://github.com/renovatebot/azure-devops-marketplace/issues/12#issuecomment-1551947783

jessehouwing commented 1 year ago

I could take the existing Json from the current version that ships with renovate, commit it and then add the data from the API call...

viceice commented 1 year ago

I could take the existing Json from the current version that ships with renovate, commit it and then add the data from the API call...

lets do it to get it out of the renovate repo

jessehouwing commented 1 year ago

i can't provide appropriate credentials, so if I merge this, it'll fail?

Probably. I can use mine if needed. The tokens are read-only anyway. I just need a safe way to either set them or to send them your way.

jessehouwing commented 1 year ago

What I did for my own purposes is:

Create a new free Azure DevOps org and I picked the Brazil region.
Created a PAT with Marketplace (Read) and Agent Pool (Read) permissions with that org as scope.

The organization is completely empty otherwise.

The org name is jessehouwing-brazil, if you grant me (temporary) admin permissions, I can set the token and variable.

jessehouwing commented 1 year ago

@viceice can I help you setup the right credentials? Or would it be ok to use mine?

JamieMagee commented 1 year ago

I generated a PAT in my org and added it to this repo. Both are added as secrets, and the PAT will expire on 9th June 2024.

jessehouwing commented 1 year ago

I generated a PAT in my org and added it to this repo. Both are added as secrets, and the PAT will expire on 9th June 2024.

Testing as we speak. Any reason the org is a secret instead of a var?