Open dperepust opened 5 years ago
Can you try to set type
to maven_repository
?
https://github.com/dependabot/dependabot-core/blob/master/maven/lib/dependabot/maven/update_checker/version_finder.rb#L214
After changed to maven_repository catch error dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker/version_finder.rb:217:in `fetch': key not found: "url"
then
added in JSON "url":"https://xxxxxxx.xx/api" and "url":"https://xxxxx.xxxx" - but steel catch error
/home/gitlab-runner/builds/xxxxx/0/xxxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker/version_finder.rb:62:in `versions': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): https://xxxxxxx.xxx/artifactory/hyperjet-release (Dependabot::PrivateSourceAuthenticationFailure)
after search in souce code I found in
token = cred.fetch("username") + ":" + cred.fetch("password")
encoded_token = Base64.encode64(token).delete("\n")
{ "Authorization" => "Basic #{encoded_token}" }
as i understand for access to maven repo, dependabot try use request header
"Authorization" => "Basic #{encoded_token}"
But in artifactory docs
https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API
for use token should be
curl -H "Authorization: Bearer
Sorry, maybe I wrong
Maybe U have example how can access to private maven repo (artifactory) Thanks
Hello. dependabot can read from private mvn repo (we use artifactory).
We try configure by DEPENDABOT_EXTRA_CREDENTIALS parameter like [{"type":"mvn","username":"xxxx","password":"xxxxxx","registry":"xxxxxxx"}] and [{"type":"mvn","token":"xxxxx","registry":"xxxx"}]
But without results
Error in console
dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker/version_finder.rb:62:in'
Fetching maven dependency files for xxxxt/xxxxx
versions': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): https://xxxx.xxx.xxxx/artifactory/xxxxxxx-release (Dependabot::PrivateSourceAuthenticationFailure) from /home/gitlab-runner/builds/xxxxxx/0/xxxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker/version_finder.rb:27:in
latest_version_details' from /home/gitlab-runner/builds/xxxxxx/0/xxxxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker.rb:105:inlatest_version_details' from /home/gitlab-runner/builds/xxxxx/0/xxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker.rb:15:in
latest_version' from /home/gitlab-runner/builds/xxxxxx/0/xxxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-common-0.108.25/lib/dependabot/update_checkers/base.rb:198:innumeric_version_up_to_date?' from /home/gitlab-runner/builds/xxxx/0/x/dependxxxxencies-bot/vendor/ruby/2.6.0/gems/dependabot-maven-0.108.25/lib/dependabot/maven/update_checker.rb:89:in
numeric_version_up_to_date?' from /home/gitlab-runner/builds/xxxxx/0/x/dependxxxencies-bot/vendor/ruby/2.6.0/gems/dependabot-common-0.108.25/lib/dependabot/update_checkers/base.rb:155:inversion_up_to_date?' from /home/gitlab-runner/builds/xxxx/0/xxxxx/dependencies-bot/vendor/ruby/2.6.0/gems/dependabot-common-0.108.25/lib/dependabot/update_checkers/base.rb:27:in
up_to_date?' from ./update.rb:102:inblock in <main>' from ./update.rb:91:in
each' from ./update.rb:91:in `Token and login/password worked (testing by curl) Can we use kira for resolve dependency with private maven repo (artifactory)?