mirror of
https://github.com/renovatebot/renovate.git
synced 2025-01-12 15:06:27 +00:00
feat: log when using fine-grained PATs (#20097)
Co-authored-by: Rhys Arkins <rhys@arkins.net>
This commit is contained in:
parent
e1cbd3f70f
commit
e3b163f07a
6 changed files with 44 additions and 7 deletions
|
@ -2,7 +2,8 @@
|
||||||
|
|
||||||
## Authentication
|
## Authentication
|
||||||
|
|
||||||
First, [create a Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) for the bot account, select `repo` scope.
|
First, [create a classic Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic) for the bot account, select `repo` scope.
|
||||||
|
Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.
|
||||||
|
|
||||||
Let Renovate use your PAT by doing _one_ of the following:
|
Let Renovate use your PAT by doing _one_ of the following:
|
||||||
|
|
||||||
|
|
|
@ -56,6 +56,14 @@ describe('modules/platform/github/index', () => {
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should throw if fine-grained token', async () => {
|
||||||
|
await expect(
|
||||||
|
github.initPlatform({ token: 'github_pat_XXXXXX' })
|
||||||
|
).rejects.toThrow(
|
||||||
|
'Init: Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.'
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
it('should throw if user failure', async () => {
|
it('should throw if user failure', async () => {
|
||||||
httpMock.scope(githubApiHost).get('/user').reply(404);
|
httpMock.scope(githubApiHost).get('/user').reply(404);
|
||||||
await expect(github.initPlatform({ token: '123test' })).rejects.toThrow();
|
await expect(github.initPlatform({ token: '123test' })).rejects.toThrow();
|
||||||
|
|
|
@ -129,6 +129,11 @@ export async function initPlatform({
|
||||||
if (!token) {
|
if (!token) {
|
||||||
throw new Error('Init: You must configure a GitHub token');
|
throw new Error('Init: You must configure a GitHub token');
|
||||||
}
|
}
|
||||||
|
if (token.startsWith('github_pat_')) {
|
||||||
|
throw new Error(
|
||||||
|
'Init: Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.'
|
||||||
|
);
|
||||||
|
}
|
||||||
token = token.replace(/^ghs_/, 'x-access-token:ghs_');
|
token = token.replace(/^ghs_/, 'x-access-token:ghs_');
|
||||||
platformConfig.isGHApp = token.startsWith('x-access-token:');
|
platformConfig.isGHApp = token.startsWith('x-access-token:');
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,12 @@
|
||||||
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
||||||
|
|
||||||
|
exports[`workers/global/config/parse/env .getConfig(env) does not support GitHub fine-grained PATs 1`] = `
|
||||||
|
{
|
||||||
|
"hostRules": [],
|
||||||
|
"token": "a github.com token",
|
||||||
|
}
|
||||||
|
`;
|
||||||
|
|
||||||
exports[`workers/global/config/parse/env .getConfig(env) supports Azure DevOps 1`] = `
|
exports[`workers/global/config/parse/env .getConfig(env) supports Azure DevOps 1`] = `
|
||||||
{
|
{
|
||||||
"endpoint": "an Azure DevOps endpoint",
|
"endpoint": "an Azure DevOps endpoint",
|
||||||
|
|
|
@ -148,6 +148,16 @@ describe('workers/global/config/parse/env', () => {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('does not support GitHub fine-grained PATs', () => {
|
||||||
|
const envParam: NodeJS.ProcessEnv = {
|
||||||
|
GITHUB_COM_TOKEN: 'github_pat_XXXXXX',
|
||||||
|
RENOVATE_TOKEN: 'a github.com token',
|
||||||
|
};
|
||||||
|
expect(env.getConfig(envParam)).toMatchSnapshot({
|
||||||
|
token: 'a github.com token',
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
it('supports GitHub custom endpoint and gitlab.com', () => {
|
it('supports GitHub custom endpoint and gitlab.com', () => {
|
||||||
const envParam: NodeJS.ProcessEnv = {
|
const envParam: NodeJS.ProcessEnv = {
|
||||||
RENOVATE_ENDPOINT: 'a ghe endpoint',
|
RENOVATE_ENDPOINT: 'a ghe endpoint',
|
||||||
|
|
|
@ -133,12 +133,18 @@ export function getConfig(inputEnv: NodeJS.ProcessEnv): AllConfig {
|
||||||
});
|
});
|
||||||
|
|
||||||
if (env.GITHUB_COM_TOKEN) {
|
if (env.GITHUB_COM_TOKEN) {
|
||||||
logger.debug(`Converting GITHUB_COM_TOKEN into a global host rule`);
|
if (env.GITHUB_COM_TOKEN.startsWith('github_pat_')) {
|
||||||
config.hostRules.push({
|
logger.warn(
|
||||||
hostType: 'github',
|
'GITHUB_COM_TOKEN: Fine-grained Personal Access Tokens do not support do not support the GitHub GraphQL API. Use a classic PAT instead.'
|
||||||
matchHost: 'github.com',
|
);
|
||||||
token: env.GITHUB_COM_TOKEN,
|
} else {
|
||||||
});
|
logger.debug(`Converting GITHUB_COM_TOKEN into a global host rule`);
|
||||||
|
config.hostRules.push({
|
||||||
|
hostType: 'github',
|
||||||
|
matchHost: 'github.com',
|
||||||
|
token: env.GITHUB_COM_TOKEN,
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// These env vars are deprecated and deleted to make sure they're not used
|
// These env vars are deprecated and deleted to make sure they're not used
|
||||||
|
|
Loading…
Reference in a new issue