search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.43k stars 2.29k forks source link

How to clone private repository with composer #5616

Closed hongaar closed 2 years ago

hongaar commented 4 years ago

Which Renovate are you using?

WhiteSource Renovate App

Which platform are you using?

GitHub.com

Have you checked the logs? Don't forget to include them if relevant

Yes. They contain more or less the same info as below.

What would you like to do?

We configured Renovate for a PHP/Composer project which contains packages from a private GitHub repository.

Renovate can't run composer to update the lockfile, as composer can't clone the private repository.

This is the full comment on the Renovate PR:

⚠️ Artifact update problem Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻️ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or the branch becomes conflicted, or you check the rebase/retry checkbox if found above, or you rename this PR's title to start with "rebase!" to trigger it manually The artifact failure details are included below:

File name: composer.lock Command failed: docker run --rm -v "/mnt/renovate/gh/[redacted]":"/mnt/renovate/gh/[redacted]" -v "/tmp/renovate-cache":"/tmp/renovate-cache" -e COMPOSER_CACHE_DIR -w "/mnt/renovate/gh/[redacted]" renovate/composer bash -l -c "composer update [list of package names, redacted] --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader" Loading composer repositories with package information ������������������������������������������������������Reading composer.json of [list goes on and on, redacted]

[RuntimeException]
Failed to execute git clone --mirror 'https://**redacted**:***@github.com/[redacted].git' >'/tmp/renovate-cache/others/composer/vcs/git-github.com-[redacted].git/'

Cloning into bare repository '/tmp/renovate-cache/others/composer/vcs/git-github.com-[redacted].git'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://**redacted**:***@github.com/[redacted].git/'

update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom->installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [-->with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap->authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|-->interactive] [--root-reqs] [--] []...

Our composer.json contains this fragment:

    "repositories": [
        {
            "name": "[redacted]",
            "type": "git",
            "url": "git@github.com:[redacted].git"
        }
    ],
    "require": {
        "[redacted]": "^3.0",
        // ...
    }

Note: added the name as suggested by https://github.com/renovatebot/renovate/issues/4924, which didn't seem to change the error.

Note: I tried pinning the dependency in the require object, also without luck.

Renovate has been granted access (through the GitHub app) to the private dependency referenced in the repositories field.

The renovate.json contains:

{
  "extends": [
    "config:base"
  ],
  "ignoreDeps": ["[redacted]"]
}

However, adding the ignoreDeps didn't seem to change the error either.

Is this use-case supported, and if so, how can I configure Renovate so composer can read private repositories?

simonschaufi commented 2 years ago

Could it be that this issue is resolved now? At least it works for me now with the latest release.