Open negibokken opened 2 years ago
Thank you for writing a detailed bug report, and creating a minimal reproduction! ❤️
I found an issue that might be related:
I'll let the maintainers decide what to do with both issues.
@HonkingGoose Thank you for replying and showing the related issue!
I'll wait for the decision then. Let me know if I can help with Renovate team.
I think we may want to strip out any sections of the file which use environment variables. IIRC we did this for .npmrc
long ago.
Reproduction forked to https://github.com/renovate-reproductions/14756
Resolution: delete any lines/sections which contain a variable like https://github.com/renovate-reproductions/14756/blob/82428f3c27ddfee20da50894c279c3ef2cdbe745/.yarnrc.yml#L5-L7
After that, any private registry auth would need to be added back, e.g. by hostRules
FYI I just worked around this by setting a default value for NPM_TOKEN
in .yarnrc.yml
. (the other trick was the required trailing slash on the npmRegistries
entry.) Here's my final .yarnrc.yml
for those interested:
nodeLinker: node-modules
npmRegistryServer: "https://npm.example.com/"
npmRegistries:
//npm.example.com/:
npmAlwaysAuth: true
npmAuthToken: "${NPM_TOKEN:-}"
This plus the hostRules
npm
entry got renovate unstuck.
I'm working with yarn v3+ and private Gitea registry. I'll post the right config next days
FYI I just worked around this by setting a default value for
NPM_TOKEN
in.yarnrc.yml
. (the other trick was the required trailing slash on thenpmRegistries
entry.) Here's my final.yarnrc.yml
for those interested:nodeLinker: node-modules npmRegistryServer: "https://npm.example.com/" npmRegistries: //npm.example.com/: npmAlwaysAuth: true npmAuthToken: "${NPM_TOKEN:-}"
This plus the
hostRules
npm
entry got renovate unstuck.
Nice job! Finally we can execute "yarn lint" and other commands without NPM_TOKEN.
@bobzoller's note above worked for us 👏, by only adding the trailing slash:
diff --git .yarnrc.yml .yarnrc.yml
index 088d79d..a33a7d2 100644
--- .yarnrc.yml
+++ .yarnrc.yml
@@ -3,6 +3,6 @@ nodeLinker: node-modules
yarnPath: .yarn/releases/yarn-berry.cjs
npmRegistries:
- //registry.yarnpkg.com:
+ //registry.yarnpkg.com/:
npmAlwaysAuth: true
npmAuthToken: "${NPM_TOKEN}"
How are you running Renovate?
WhiteSource Renovate hosted app on github.com
If you're self-hosting Renovate, tell us what version of Renovate you run.
No response
Please select which platform you are using if self-hosting.
No response
If you're self-hosting Renovate, tell us what version of the platform you run.
No response
Was this something which used to work for you, and then stopped?
I never saw this working
Describe the bug
Hi, thank you for developing such great software!
I met a problem with yarn v3 and private registry (registry.npmjs.org). The problem is that when I specify
npmScopes
in.yarnrc.yml
, I got an error message (Error: Environment variable not found (NPM_TOKEN)
) on the lockfile update step in the Docker process (Please see for the detail logs in Relevant debug logs section).I specified
hostRules
and encrypted token inrenovate.json
so Renovate can fetch the version information but Renovate cannot generate lockfile (In this PR, onlypackage.json
file is updated).The minimum repro repo is below.
https://github.com/negibokken/renovate-private-package-repro1
etc.
When I don't specify
npmScopes
in.yarnrc.yml
then Renovate can update lockfile (The error message goes away). But then we can't install it in the local machine because we don't specify${NPM_TOKEN}
for the private registry.The minimum repro repo for the above case is below. (We can see the lockfile is updated in the PR)
https://github.com/negibokken/renovate-private-package-repro3
So Renovate doesn't require the
npmScopes
becauserenovate.json
has a private registry setting and Renovate generatesnpmRegistries
fromhostRules
while processing lockfile.(*1)Ideas
Currently, I have two ideas to handle this issue.
.yarnrc.yml
and removenpmScopes
that includes environment variables (like${NPM_TOKEN}
).yarnrc.yml
, then removenpmScpes
because if we havehostRules
inrenovate.json
, Renovete generatesnpmRegistries
. So we don't neednpmScopes
for private registry in.yarnrc.yml
while Renovate processes the lockfile.(Related to (*1))${NPM_TOKEN}
for a registry. We can specify${NPM_SCOPE}
per registry, not per scope.(If the task is not too heavy, I can help Renovate team, thanks!)
Relevant debug logs
Logs
``` DEBUG: Fetching Docker image: docker.io/renovate/node(branch="renovate/bokken-npm-test-1.x") DEBUG: Finished fetching Docker image(branch="renovate/bokken-npm-test-1.x") DEBUG: Executing command(branch="renovate/bokken-npm-test-1.x") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/negibokken/renovate-private-package-repro1\":\"/mnt/renovate/gh/negibokken/renovate-private-package-repro1\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -e CI -e YARN_ENABLE_IMMUTABLE_INSTALLS -e YARN_HTTP_TIMEOUT -e YARN_GLOBAL_FOLDER -e YARN_ENABLE_GLOBAL_CACHE -w \"/mnt/renovate/gh/negibokken/renovate-private-package-repro1\" docker.io/renovate/node bash -l -c \"npm i -g yarn && yarn install --mode=update-lockfile\"" } DEBUG: rawExec err(branch="renovate/bokken-npm-test-1.x") { "err": { "killed": false, "code": 1, "signal": null, "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/negibokken/renovate-private-package-repro1\":\"/mnt/renovate/gh/negibokken/renovate-private-package-repro1\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -e CI -e YARN_ENABLE_IMMUTABLE_INSTALLS -e YARN_HTTP_TIMEOUT -e YARN_GLOBAL_FOLDER -e YARN_ENABLE_GLOBAL_CACHE -w \"/mnt/renovate/gh/negibokken/renovate-private-package-repro1\" docker.io/renovate/node bash -l -c \"npm i -g yarn && yarn install --mode=update-lockfile\"", "stdout": "\nadded 1 package, and audited 2 packages in 5s\n\nfound 0 vulnerabilities\nUsage Error: Environment variable not found (NPM_TOKEN) in /mnt/renovate/gh/negibokken/renovate-private-package-repro1/.yarnrc.yml (in /mnt/renovate/gh/negibokken/renovate-private-package-repro1/.yarnrc.yml)\n\nYarn Package Manager - 3.2.0\n\n $ yarnHave you created a minimal reproduction repository?
I have linked to a minimal reproduction repository in the bug description