search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.57k stars 2.31k forks source link

checkGithubToken incorrectly flagging issues #17588

Open HenrikPoulsen opened 2 years ago

HenrikPoulsen commented 2 years ago

How are you running Renovate?

Self-hosted

If you're self-hosting Renovate, tell us what version of Renovate you run.

32.187.0

If you're self-hosting Renovate, select which platform you are using.

GitHub Enterprise Server

If you're self-hosting Renovate, tell us what version of the platform you run.

3.5.4

Was this something which used to work for you, and then stopped?

It used to work, and then stopped

Describe the bug

Since updating renovate we are now seeing this warning incorrectly. In our config.js we have the following:

{
      // When updating github action tags we need to use github.org since that's where the actions live
      matchManagers: ['github-actions'],
      matchDatasources: ['github-tags'],
      registryUrls: ['https://github.org.internal.company.com/'],
    },

And as you can see in the logs, almost everything it complains about are things affected by the above package rule (node being the exception). But we do have repos where it 100% reports on stuff that is not an issue. So it should really try and verify that something was actually affected by the missing token, which in this case it wasn't.

I see there is a way to disable the token check, but we don't want to set that for all repos. Since there will be valid cases where it will be an issue if the token is missing, but github actions is not one of them.

Relevant debug logs

Logs ``` WARN: GitHub token is required for some dependencies (repository=org/repo) "githubDeps": [ "actions/checkout", "actions/checkout", "actions/checkout", "org/renovate-workflows", "org/renovate-workflows", "actions/checkout", "actions/sonarcloud-github-action", "node" ] ```

Have you created a minimal reproduction repository?

No reproduction, but I have linked to a public repo where it occurs

HenrikPoulsen commented 2 years ago

As an added thing I noticed that node updates is disabled in the repo. So that's also an issue that it's flagging an issue for something that is disabled.

{
  "matchDatasources": ["github-tags"],
  "matchPackageNames": ["node"],
  "enabled": false
}
github-actions[bot] commented 2 years ago

Hi there,

Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.

Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.

To get started, please read our guide on creating a minimal reproduction.

We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.

Good luck,

The Renovate team

rarkins commented 2 years ago

Can you create a reproduction repo which gets up to the part where you think it incorrectly warns about the token?

HenrikPoulsen commented 2 years ago

@rarkins Here's a repro https://github.com/HenrikPoulsen/renovate-17588 You need to run it on github enterprise however for it to work. Since otherwise the api.github.com hostrule it is looking for will be present

I run it with these env variables:

RENOVATE_DRY_RUN=full
RENOVATE_ENDPOINT=https://github.internal.myCompany.com/api/v3
RENOVATE_REPOSITORIES=HenrikPoulsen/renovate-17588
RENOVATE_TOKEN=mytoken

This produces:

WARN: GitHub token is required for some dependencies (repository=HenrikPoulsen/renovate-17588)
       "githubDeps": ["actions/checkout"]

and the with updates section:

{
     "depName": "actions/checkout",
     "commitMessageTopic": "{{{depName}}} action",
     "datasource": "github-tags",
     "versioning": "docker",
     "depType": "action",
     "replaceString": "actions/checkout@v2",
     "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}",
     "currentValue": "v2",
     "depIndex": 0,
     "skipReason": "github-token-required",
     "updates": []
}

if I comment out this line then the with updates instead becomes the following, which is correct:

{
   "depName": "actions/checkout",
   "commitMessageTopic": "{{{depName}}} action",
   "datasource": "github-tags",
   "versioning": "docker",
   "depType": "action",
   "replaceString": "actions/checkout@v2",
   "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}",
   "currentValue": "v2",
   "depIndex": 0,
   "updates": [
     {
       "bucket": "major",
       "newVersion": "v3",
       "newValue": "v3",
       "releaseTimestamp": "2022-04-21T18:15:50.000Z",
       "newMajor": 3,
       "newMinor": null,
       "updateType": "major",
       "branchName": "renovate/actions-checkout-3.x"
     }
   ],
   "warnings": [],
   "sourceUrl": "https://github.internal.myCompany.com/actions/checkout",
   "currentVersion": "v2",
   "isSingleVersion": true,
   "fixedVersion": "v2"
 }

Let me know if you need more stuff

ston1th commented 1 year ago

Hi renovate team (@rarkins @PhilipAbed),

I would like to ask for an update on this issue, since it is still present to this day using the latest versions available.

github action: v39.0.1
renovate container: 36.52.2