search

tinglesoftware / dependabot-azure-devops

Tools for updating dependencies in Azure DevOps repositories using https://dependabot.com
MIT License
189 stars 63 forks source link

Private NPM Authentication - Jfrog Artifactory -Behind SSO #1065

Open ChrisDoddGit opened 5 months ago

ChrisDoddGit commented 5 months ago

Describe the bug I am trying to authenticate with a private npm registry hosted on Jfrog artifactory. With all the changes to authentication and various threads / open & closed issues I have spent hours and seemingly spent hours without success.

As of April 2024 this is my config files:

.npmrc

@research:registry=https://artifacts.myorg/artifactory/api/npm/aba7-npm/
@research:always-auth=true

azure-dependabot.yml

pool:
  name: Default
  demands:
  - ubuntuagent
stages:
  - stage: Flow
    jobs:
    - job: DependabotFlow
      steps:
      - task: dependabot@1
        displayName: 'Run Dependabot - flow'
        inputs:
          useConfigFile: true
          setAutoComplete: false
          azureDevOpsAccessToken: $(DEPENDABOT_PAT)
          gitHubAccessToken: $(GITHUB_TOKEN)
          failOnException: false

And now for the configuration: Attempt #1, username and password .github/dependabot.yml

version: 2
registries:
  research:
    type: npm-registry
    url: https://artifacts.developer.myorg/artifactory/api/npm/aba7-npm/
    username: myuser
    password: 'research:${{PASS}}'

updates:
  - package-ecosystem: "npm"
    directory: "/"
    open-pull-requests-limit: 15
    target-branch: 'develop'
    milestone: 3499
    registries:
      - research

Attempt 2: PAT

version: 2
registries:
  research:
    type: npm-registry
    url: https://artifacts.developer.myorg/artifactory/api/npm/aba7-npm/
    token: 'PAT:${{PASS}}'

updates:
  - package-ecosystem: "npm"
    directory: "/"
    open-pull-requests-limit: 15
    target-branch: 'develop'
    milestone: 3499
    registries:
      - research

Output: The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): artifacts.myorg/artifactory/api/npm/aba7-npm/ (Dependabot::PrivateSourceAuthenticationFailure)

Again, I've probably tried a hundred combinations from various issues at this point.

Extension (please complete the following information):

Server (please complete the following information):

SeMuell commented 5 months ago

I don't know if it is related to the authentication issue in #921. We are also using JFrog behind SSO (but with nuget) and with version 1.24 of dependabot it works.

ChrisDoddGit commented 5 months ago

Hello @SeMuell.

Thanks for the input, can I see your config files as well please? I want to make sure nothing else is 'missing / incorrect'.

Thank you so much!

SeMuell commented 4 months ago

@ChrisDoddGit we are not setting any dependabot config since we run it on a separate docker container with pretty much default settings...

ChrisDoddGit commented 4 months ago

@SeMuell Interesting, I'll try on version 1.24

If anyone has a working registries please let me know.

registries: research: type: npm-registry url: https://artifacts.developer.myorg/artifactory/api/npm/aba7-npm/ username: myuser password: 'research:${{PASS}}