Merge af232357ba into 8683eeb7ad

feat(datasource/azure-pipelines-tasks): Azure DevOps API based datasource (#32966 )
feat(bazel-module): Support git_repository (#33415 )
2025-01-09 21:46:26 +00:00 · 2025-01-08 16:15:26 +01:00 · 2025-01-08 16:04:34 +01:00 · 2025-01-08 12:34:19 +00:00 · 2025-01-08 12:30:31 +00:00 · 2025-01-08 12:28:11 +00:00
36 changed files with 1720 additions and 679 deletions
--- a/docs/usage/bazel.md
+++ b/docs/usage/bazel.md
@ -145,6 +145,19 @@ archive_override(
 Renovate ignores [`multiple_version_override`](https://bazel.build/rules/lib/globals/module#multiple_version_override).
 `multiple_version_override` does not affect the processing of version updates for a module.
 ### `git_repository`
 If Renovate finds a [`git_repository`](https://bazel.build/rules/lib/repo/git#git_repository), it evaluates the `commit` value at the specified `remote`.
 `remote` is limited to github repos: `https://github.com/<owner>/<repo>.git`
 ```python
 git_repository(
    name = "rules_foo",
    remote = "https://github.com/fooexample/rules_foo.git",
    commit = "8c94e11c2b05b6f25ced5f23cd07d0cfd36edc1a",
 )
 ```
 ## Legacy `WORKSPACE` files
 Renovate extracts dependencies from the following repository rules:
@ -160,7 +173,7 @@ Renovate extracts dependencies from the following repository rules:
 It also recognizes when these repository rule names are prefixed with an underscore.
 For example, `_http_archive` is treated the same as `http_archive`.
-### `git_repository`
+### `git_repository` (legacy)
 Renovate updates any `git_repository` declaration that has the following:
--- a/docs/usage/docker.md
+++ b/docs/usage/docker.md
@ -351,6 +351,7 @@ If all your dependencies are on the Google Artifact Registry, you can base64 enc
            "matchHost": "europe-docker.pkg.dev",
            "username": "_json_key_base64",
            "password": "<base64 service account>"
            "authType": "Basic",
          }
        ]
      }
@ -367,6 +368,7 @@ If all your dependencies are on the Google Artifact Registry, you can base64 enc
            "encrypted": {
              "password": "<encrypted base64 service account>"
            }
            "authType": "Basic",
          }
        ]
      }
--- a/lib/modules/datasource/azure-pipelines-tasks/fixtures/tasks.json
+++ b/lib/modules/datasource/azure-pipelines-tasks/fixtures/tasks.json
@ -0,0 +1,575 @@
 {
  "count": 3,
  "value": [
    {
      "visibility": [
        "Build",
        "Release"
      ],
      "runsOn": [
        "Agent",
        "DeploymentGroup"
      ],
      "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
      "name": "PowerShell",
      "version": {
        "major": 2,
        "minor": 247,
        "patch": 1,
        "isTest": false
      },
      "serverOwned": true,
      "contentsUploaded": true,
      "iconUrl": "https://dev.azure.com/test_organization/_apis/distributedtask/tasks/e213ff0f-5d5c-4791-802d-52ea3e7be1f1/2.247.1/icon",
      "minimumAgentVersion": "2.115.0",
      "friendlyName": "PowerShell",
      "description": "Run a PowerShell script on Linux, macOS, or Windows",
      "category": "Utility",
      "helpMarkDown": "[Learn more about this task](https://go.microsoft.com/fwlink/?LinkID=613736)",
      "helpUrl": "https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell",
      "releaseNotes": "Script task consistency. Added support for macOS and Linux.",
      "definitionType": "task",
      "showEnvironmentVariables": true,
      "author": "Microsoft Corporation",
      "demands": [],
      "groups": [
        {
          "name": "preferenceVariables",
          "displayName": "Preference Variables",
          "isExpanded": false
        },
        {
          "name": "advanced",
          "displayName": "Advanced",
          "isExpanded": false
        }
      ],
      "inputs": [
        {
          "options": {
            "filePath": "File Path",
            "inline": "Inline"
          },
          "name": "targetType",
          "label": "Type",
          "defaultValue": "filePath",
          "type": "radio",
          "helpMarkDown": "Target script type: File Path or Inline"
        },
        {
          "name": "filePath",
          "label": "Script Path",
          "defaultValue": "",
          "required": true,
          "type": "filePath",
          "helpMarkDown": "Path of the script to execute. Must be a fully qualified path or relative to $(System.DefaultWorkingDirectory).",
          "visibleRule": "targetType = filePath"
        },
        {
          "name": "arguments",
          "label": "Arguments",
          "defaultValue": "",
          "type": "string",
          "helpMarkDown": "Arguments passed to the PowerShell script. Either ordinal parameters or named parameters.",
          "visibleRule": "targetType = filePath"
        },
        {
          "properties": {
            "resizable": "true",
            "rows": "10",
            "maxLength": "20000"
          },
          "name": "script",
          "label": "Script",
          "defaultValue": "# Write your PowerShell commands here.\n\nWrite-Host \"Hello World\"\n",
          "required": true,
          "type": "multiLine",
          "helpMarkDown": "",
          "visibleRule": "targetType = inline"
        },
        {
          "options": {
            "default": "Default",
            "stop": "Stop",
            "continue": "Continue",
            "silentlyContinue": "SilentlyContinue"
          },
          "name": "errorActionPreference",
          "label": "ErrorActionPreference",
          "defaultValue": "stop",
          "type": "pickList",
          "helpMarkDown": "When not `Default`, prepends the line `$ErrorActionPreference = 'VALUE'` at the top of your script.",
          "groupName": "preferenceVariables"
        },
        {
          "options": {
            "default": "Default",
            "stop": "Stop",
            "continue": "Continue",
            "silentlyContinue": "SilentlyContinue"
          },
          "name": "warningPreference",
          "label": "WarningPreference",
          "defaultValue": "default",
          "type": "pickList",
          "helpMarkDown": "When not `Default`, prepends the line `$WarningPreference = 'VALUE'` at the top of your script.",
          "groupName": "preferenceVariables"
        },
        {
          "options": {
            "default": "Default",
            "stop": "Stop",
            "continue": "Continue",
            "silentlyContinue": "SilentlyContinue"
          },
          "name": "informationPreference",
          "label": "InformationPreference",
          "defaultValue": "default",
          "type": "pickList",
          "helpMarkDown": "When not `Default`, prepends the line `$InformationPreference = 'VALUE'` at the top of your script.",
          "groupName": "preferenceVariables"
        },
        {
          "options": {
            "default": "Default",
            "stop": "Stop",
            "continue": "Continue",
            "silentlyContinue": "SilentlyContinue"
          },
          "name": "verbosePreference",
          "label": "VerbosePreference",
          "defaultValue": "default",
          "type": "pickList",
          "helpMarkDown": "When not `Default`, prepends the line `$VerbosePreference = 'VALUE'` at the top of your script.",
          "groupName": "preferenceVariables"
        },
        {
          "options": {
            "default": "Default",
            "stop": "Stop",
            "continue": "Continue",
            "silentlyContinue": "SilentlyContinue"
          },
          "name": "debugPreference",
          "label": "DebugPreference",
          "defaultValue": "default",
          "type": "pickList",
          "helpMarkDown": "When not `Default`, prepends the line `$DebugPreference = 'VALUE'` at the top of your script.",
          "groupName": "preferenceVariables"
        },
        {
          "options": {
            "default": "Default",
            "stop": "Stop",
            "continue": "Continue",
            "silentlyContinue": "SilentlyContinue"
          },
          "name": "progressPreference",
          "label": "ProgressPreference",
          "defaultValue": "silentlyContinue",
          "type": "pickList",
          "helpMarkDown": "When not `Default`, prepends the line `$ProgressPreference = 'VALUE'` at the top of your script.",
          "groupName": "preferenceVariables"
        },
        {
          "name": "failOnStderr",
          "label": "Fail on Standard Error",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "If this is true, this task will fail if any errors are written to the error pipeline, or if any data is written to the Standard Error stream. Otherwise the task will rely on the exit code to determine failure.",
          "groupName": "advanced"
        },
        {
          "name": "showWarnings",
          "label": "Show warnings as Azure DevOps warnings",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "If this is true, and your script writes a warnings - they are shown as warnings also in pipeline logs",
          "groupName": "advanced"
        },
        {
          "name": "ignoreLASTEXITCODE",
          "label": "Ignore $LASTEXITCODE",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "If this is false, the line `if ((Test-Path -LiteralPath variable:\\LASTEXITCODE)) { exit $LASTEXITCODE }` is appended to the end of your script. This will cause the last exit code from an external command to be propagated as the exit code of powershell. Otherwise the line is not appended to the end of your script.",
          "groupName": "advanced"
        },
        {
          "name": "pwsh",
          "label": "Use PowerShell Core",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "If this is true, then on Windows the task will use pwsh.exe from your PATH instead of powershell.exe.",
          "groupName": "advanced"
        },
        {
          "name": "workingDirectory",
          "label": "Working Directory",
          "defaultValue": "",
          "type": "filePath",
          "helpMarkDown": "Working directory where the script is run.",
          "groupName": "advanced"
        },
        {
          "name": "runScriptInSeparateScope",
          "label": "Run script in the separate scope",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "This input allows executing PowerShell scripts using '&' operator instead of the default '.'. If this input set to the true script will be executed in separate scope and globally scoped PowerShell variables won't be updated",
          "groupName": "advanced"
        }
      ],
      "satisfies": [],
      "sourceDefinitions": [],
      "dataSourceBindings": [],
      "instanceNameFormat": "PowerShell Script",
      "preJobExecution": {},
      "execution": {
        "PowerShell3": {
          "target": "powershell.ps1",
          "platforms": [
            "windows"
          ]
        },
        "Node10": {
          "target": "powershell.js",
          "argumentFormat": ""
        },
        "Node16": {
          "target": "powershell.js",
          "argumentFormat": ""
        },
        "Node20_1": {
          "target": "powershell.js",
          "argumentFormat": ""
        }
      },
      "postJobExecution": {},
      "_buildConfigMapping": {
        "Default": "2.247.0",
        "Node20-225": "2.247.1"
      }
    },
    {
      "visibility": [
        "Build",
        "Release"
      ],
      "runsOn": [
        "Agent",
        "DeploymentGroup"
      ],
      "id": "e213ff0f-5d5c-4791-802d-52ea3e7be1f1",
      "name": "PowerShell",
      "deprecated": true,
      "version": {
        "major": 1,
        "minor": 2,
        "patch": 3,
        "isTest": false
      },
      "serverOwned": true,
      "contentsUploaded": true,
      "iconUrl": "https://dev.azure.com/test_organization/_apis/distributedtask/tasks/e213ff0f-5d5c-4791-802d-52ea3e7be1f1/1.2.3/icon",
      "minimumAgentVersion": "1.102",
      "friendlyName": "PowerShell",
      "description": "Run a PowerShell script",
      "category": "Utility",
      "helpMarkDown": "[More Information](https://go.microsoft.com/fwlink/?LinkID=613736)",
      "definitionType": "task",
      "author": "Microsoft Corporation",
      "demands": [
        "DotNetFramework"
      ],
      "groups": [
        {
          "name": "advanced",
          "displayName": "Advanced",
          "isExpanded": false
        }
      ],
      "inputs": [
        {
          "options": {
            "inlineScript": "Inline Script",
            "filePath": "File Path"
          },
          "name": "scriptType",
          "label": "Type",
          "defaultValue": "filePath",
          "required": true,
          "type": "pickList",
          "helpMarkDown": "Type of the script: File Path or Inline Script"
        },
        {
          "name": "scriptName",
          "label": "Script Path",
          "defaultValue": "",
          "required": true,
          "type": "filePath",
          "helpMarkDown": "Path of the script to execute. Should be fully qualified path or relative to the default working directory.",
          "visibleRule": "scriptType = filePath"
        },
        {
          "name": "arguments",
          "label": "Arguments",
          "defaultValue": "",
          "type": "string",
          "helpMarkDown": "Arguments passed to the PowerShell script.  Either ordinal parameters or named parameters"
        },
        {
          "name": "workingFolder",
          "label": "Working folder",
          "defaultValue": "",
          "type": "filePath",
          "helpMarkDown": "Current working directory when script is run.  Defaults to the folder where the script is located.",
          "groupName": "advanced"
        },
        {
          "properties": {
            "resizable": "true",
            "rows": "10",
            "maxLength": "500"
          },
          "name": "inlineScript",
          "label": "Inline Script",
          "defaultValue": "# You can write your powershell scripts inline here. \n# You can also pass predefined and custom variables to this scripts using arguments\n\n Write-Host \"Hello World\"",
          "required": true,
          "type": "multiLine",
          "helpMarkDown": "",
          "visibleRule": "scriptType = inlineScript"
        },
        {
          "name": "failOnStandardError",
          "label": "Fail on Standard Error",
          "defaultValue": "true",
          "type": "boolean",
          "helpMarkDown": "If this is true, this task will fail if any errors are written to the error pipeline, or if any data is written to the Standard Error stream. Otherwise the task will rely solely on $LASTEXITCODE and the exit code to determine failure.",
          "groupName": "advanced"
        }
      ],
      "satisfies": [],
      "sourceDefinitions": [],
      "dataSourceBindings": [],
      "instanceNameFormat": "PowerShell Script",
      "preJobExecution": {},
      "execution": {
        "PowerShellExe": {
          "target": "$(scriptName)",
          "argumentFormat": "$(arguments)",
          "workingDirectory": "$(workingFolder)",
          "inlineScript": "$(inlineScript)",
          "scriptType": "$(scriptType)",
          "failOnStandardError": "$(failOnStandardError)"
        }
      },
      "postJobExecution": {},
      "_buildConfigMapping": {}
    },
    {
      "visibility": [
        "Build",
        "Release"
      ],
      "runsOn": [
        "Agent",
        "DeploymentGroup"
      ],
      "id": "72a1931b-effb-4d2e-8fd8-f8472a07cb62",
      "name": "AzurePowerShell",
      "version": {
        "major": 5,
        "minor": 248,
        "patch": 3,
        "isTest": false
      },
      "serverOwned": true,
      "contentsUploaded": true,
      "iconUrl": "https://dev.azure.com/test_organization/_apis/distributedtask/tasks/72a1931b-effb-4d2e-8fd8-f8472a07cb62/5.248.3/icon",
      "minimumAgentVersion": "2.115.0",
      "friendlyName": "Azure PowerShell",
      "description": "Run a PowerShell script within an Azure environment",
      "category": "Deploy",
      "helpMarkDown": "[Learn more about this task](https://go.microsoft.com/fwlink/?LinkID=613749)",
      "helpUrl": "https://aka.ms/azurepowershelltroubleshooting",
      "releaseNotes": "Added support for Az Module and cross platform agents.",
      "definitionType": "task",
      "author": "Microsoft Corporation",
      "demands": [],
      "groups": [
        {
          "name": "AzurePowerShellVersionOptions",
          "displayName": "Azure PowerShell version options",
          "isExpanded": true
        },
        {
          "name": "advanced",
          "displayName": "Advanced",
          "isExpanded": false
        }
      ],
      "inputs": [
        {
          "aliases": [
            "azureSubscription"
          ],
          "properties": {
            "EndpointFilterRule": "ScopeLevel != AzureMLWorkspace"
          },
          "name": "ConnectedServiceNameARM",
          "label": "Azure Subscription",
          "defaultValue": "",
          "required": true,
          "type": "connectedService:AzureRM",
          "helpMarkDown": "Azure Resource Manager subscription to configure before running PowerShell"
        },
        {
          "options": {
            "FilePath": "Script File Path",
            "InlineScript": "Inline Script"
          },
          "name": "ScriptType",
          "label": "Script Type",
          "defaultValue": "FilePath",
          "type": "radio",
          "helpMarkDown": "Type of the script: File Path or Inline Script"
        },
        {
          "name": "ScriptPath",
          "label": "Script Path",
          "defaultValue": "",
          "type": "filePath",
          "helpMarkDown": "Path of the script. Should be fully qualified path or relative to the default working directory.",
          "visibleRule": "ScriptType = FilePath"
        },
        {
          "properties": {
            "resizable": "true",
            "rows": "10",
            "maxLength": "5000"
          },
          "name": "Inline",
          "label": "Inline Script",
          "defaultValue": "# You can write your azure powershell scripts inline here. \n# You can also pass predefined and custom variables to this script using arguments",
          "type": "multiLine",
          "helpMarkDown": "Enter the script to execute.",
          "visibleRule": "ScriptType = InlineScript"
        },
        {
          "properties": {
            "editorExtension": "ms.vss-services-azure.parameters-grid"
          },
          "name": "ScriptArguments",
          "label": "Script Arguments",
          "defaultValue": "",
          "type": "string",
          "helpMarkDown": "Additional parameters to pass to PowerShell.  Can be either ordinal or named parameters.",
          "visibleRule": "ScriptType = FilePath"
        },
        {
          "options": {
            "stop": "Stop",
            "continue": "Continue",
            "silentlyContinue": "SilentlyContinue"
          },
          "name": "errorActionPreference",
          "label": "ErrorActionPreference",
          "defaultValue": "stop",
          "type": "pickList",
          "helpMarkDown": "Select the value of the ErrorActionPreference variable for executing the script."
        },
        {
          "name": "FailOnStandardError",
          "label": "Fail on Standard Error",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "If this is true, this task will fail if any errors are written to the error pipeline, or if any data is written to the Standard Error stream."
        },
        {
          "aliases": [
            "azurePowerShellVersion"
          ],
          "options": {
            "LatestVersion": "Latest installed version",
            "OtherVersion": "Specify other version"
          },
          "name": "TargetAzurePs",
          "label": "Azure PowerShell Version",
          "defaultValue": "OtherVersion",
          "type": "radio",
          "helpMarkDown": "In case of hosted agents, the supported Azure PowerShell Version is: 1.0.0, 1.6.0, 2.3.2, 2.6.0, 3.1.0 (Hosted VS2017 Queue).\nTo pick the latest version available on the agent, select \"Latest installed version\".\n\nFor private agents you can specify preferred version of Azure PowerShell using \"Specify version\"",
          "groupName": "AzurePowerShellVersionOptions"
        },
        {
          "aliases": [
            "preferredAzurePowerShellVersion"
          ],
          "name": "CustomTargetAzurePs",
          "label": "Preferred Azure PowerShell Version",
          "defaultValue": "",
          "required": true,
          "type": "string",
          "helpMarkDown": "Preferred Azure PowerShell Version needs to be a proper semantic version eg. 1.2.3. Regex like 2.\\*,2.3.\\* is not supported. The Hosted VS2017 Pool currently supports Az module version: 1.0.0, 1.6.0, 2.3.2, 2.6.0, 3.1.0",
          "visibleRule": "TargetAzurePs = OtherVersion",
          "groupName": "AzurePowerShellVersionOptions"
        },
        {
          "name": "pwsh",
          "label": "Use PowerShell Core",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "If this is true, then on Windows the task will use pwsh.exe from your PATH instead of powershell.exe.",
          "groupName": "advanced"
        },
        {
          "name": "validateScriptSignature",
          "label": "Validate script signature",
          "defaultValue": "false",
          "type": "boolean",
          "helpMarkDown": "If this is true, then the task will first check to make sure specified script is signed and valid before executing it.",
          "visibleRule": "ScriptType = FilePath",
          "groupName": "advanced"
        },
        {
          "name": "workingDirectory",
          "label": "Working Directory",
          "defaultValue": "",
          "type": "filePath",
          "helpMarkDown": "Working directory where the script is run.",
          "groupName": "advanced"
        }
      ],
      "satisfies": [],
      "sourceDefinitions": [],
      "dataSourceBindings": [],
      "instanceNameFormat": "Azure PowerShell script: $(ScriptType)",
      "preJobExecution": {},
      "execution": {
        "PowerShell3": {
          "target": "azurepowershell.ps1",
          "platforms": [
            "windows"
          ]
        },
        "Node16": {
          "target": "azurepowershell.js",
          "argumentFormat": ""
        },
        "Node10": {
          "target": "azurepowershell.js",
          "argumentFormat": ""
        },
        "Node20_1": {
          "target": "azurepowershell.js",
          "argumentFormat": ""
        }
      },
      "postJobExecution": {},
      "_buildConfigMapping": {
        "Default": "5.248.2",
        "Node20_229_2": "5.248.3"
      }
    }
  ]
 }
--- a/lib/modules/datasource/azure-pipelines-tasks/index.spec.ts
+++ b/lib/modules/datasource/azure-pipelines-tasks/index.spec.ts
@ -1,5 +1,9 @@
 import { getPkgReleases } from '..';
 import { Fixtures } from '../../../../test/fixtures';
 import * as httpMock from '../../../../test/http-mock';
 import { GlobalConfig } from '../../../config/global';
 import * as hostRules from '../../../util/host-rules';
 import { AzurePipelinesTask } from './schema';
 import { AzurePipelinesTasksDatasource } from '.';
 const gitHubHost = 'https://raw.githubusercontent.com';
@ -9,6 +13,11 @@ const marketplaceTasksPath =
  '/renovatebot/azure-devops-marketplace/main/azure-pipelines-marketplace-tasks.json';
 describe('modules/datasource/azure-pipelines-tasks/index', () => {
  beforeEach(() => {
    GlobalConfig.reset();
    hostRules.clear();
  });
  it('returns null for unknown task', async () => {
    httpMock
      .scope(gitHubHost)
@ -64,4 +73,103 @@ describe('modules/datasource/azure-pipelines-tasks/index', () => {
      }),
    ).toEqual({ releases: [{ version: '0.171.0' }, { version: '0.198.0' }] });
  });
  it('returns organization task with single version', async () => {
    GlobalConfig.set({
      platform: 'azure',
      endpoint: 'https://my.custom.domain',
    });
    hostRules.add({
      hostType: AzurePipelinesTasksDatasource.id,
      matchHost: 'my.custom.domain',
      token: '123test',
    });
    httpMock
      .scope('https://my.custom.domain')
      .get('/_apis/distributedtask/tasks/')
      .reply(200, Fixtures.get('tasks.json'));
    expect(
      await getPkgReleases({
        datasource: AzurePipelinesTasksDatasource.id,
        packageName: 'AzurePowerShell',
      }),
    ).toEqual({ releases: [{ version: '5.248.3' }] });
  });
  it('returns organization task with multiple versions', async () => {
    GlobalConfig.set({
      platform: 'azure',
      endpoint: 'https://my.custom.domain',
    });
    hostRules.add({
      hostType: AzurePipelinesTasksDatasource.id,
      matchHost: 'my.custom.domain',
      token: '123test',
    });
    httpMock
      .scope('https://my.custom.domain')
      .get('/_apis/distributedtask/tasks/')
      .reply(200, Fixtures.get('tasks.json'));
    expect(
      await getPkgReleases({
        datasource: AzurePipelinesTasksDatasource.id,
        packageName: 'PowerShell',
      }),
    ).toEqual({
      releases: [
        { isDeprecated: true, version: '1.2.3' },
        { isDeprecated: undefined, version: '2.247.1' },
      ],
    });
  });
  describe('compare semver', () => {
    it.each`
      a                              | exp
      ${[]}                          | ${[]}
      ${['']}                        | ${['']}
      ${['', '']}                    | ${['', '']}
      ${['1.0.0']}                   | ${['1.0.0']}
      ${['1.0.1', '1.1.0', '1.0.0']} | ${['1.0.0', '1.0.1', '1.1.0']}
    `('when versions is $a', ({ a, exp }) => {
      const azureVersions = a.map((x: string) => {
        const splitted = x.split('.');
        const version =
          splitted.length === 3
            ? {
                major: Number(splitted[0]),
                minor: Number(splitted[1]),
                patch: Number(splitted[2]),
              }
            : null;
        return AzurePipelinesTask.parse({
          name: '',
          deprecated: false,
          version,
        });
      });
      const azureSortedVersions = azureVersions.sort(
        AzurePipelinesTasksDatasource.compareSemanticVersions('version'),
      );
      expect(
        azureSortedVersions.map((x: any) => {
          const data = AzurePipelinesTask.parse(x);
          return data.version === null
            ? ''
            : `${data.version.major}.${data.version.minor}.${data.version.patch}`;
        }),
      ).toStrictEqual(exp);
    });
  });
 });
--- a/lib/modules/datasource/azure-pipelines-tasks/index.ts
+++ b/lib/modules/datasource/azure-pipelines-tasks/index.ts
@ -1,7 +1,16 @@
 import type { TypeOf, ZodType } from 'zod';
 import { GlobalConfig } from '../../../config/global';
 import { cache } from '../../../util/cache/package/decorator';
 import * as hostRules from '../../../util/host-rules';
 import type { HttpOptions } from '../../../util/http/types';
 import { id as versioning } from '../../versioning/loose';
 import { Datasource } from '../datasource';
 import type { GetReleasesConfig, ReleaseResult } from '../types';
 import {
  AzurePipelinesFallbackTasks,
  AzurePipelinesJSON,
  AzurePipelinesTaskVersion,
 } from './schema';
 const TASKS_URL_BASE =
  'https://raw.githubusercontent.com/renovatebot/azure-devops-marketplace/main';
@ -22,13 +31,58 @@ export class AzurePipelinesTasksDatasource extends Datasource {
  async getReleases({
    packageName,
  }: GetReleasesConfig): Promise<ReleaseResult | null> {
-    const versions =
+    const platform = GlobalConfig.get('platform');
-      (await this.getTasks(BUILT_IN_TASKS_URL))[packageName.toLowerCase()] ??
+    const endpoint = GlobalConfig.get('endpoint');
-      (await this.getTasks(MARKETPLACE_TASKS_URL))[packageName.toLowerCase()];
+    const { token } = hostRules.find({
      hostType: AzurePipelinesTasksDatasource.id,
      url: endpoint,
    });
-    if (versions) {
+    if (platform === 'azure' && endpoint && token) {
-      const releases = versions.map((version) => ({ version }));
+      const auth = Buffer.from(`renovate:${token}`).toString('base64');
-      return { releases };
+      const opts: HttpOptions = {
        headers: { authorization: `Basic ${auth}` },
      };
      const results = await this.getTasks(
        `${endpoint}/_apis/distributedtask/tasks/`,
        opts,
        AzurePipelinesJSON,
      );
      const result: ReleaseResult = { releases: [] };
      results.value
        .filter((task) => task.name === packageName)
        .sort(AzurePipelinesTasksDatasource.compareSemanticVersions('version'))
        .forEach((task) => {
          result.releases.push({
            version: `${task.version!.major}.${task.version!.minor}.${task.version!.patch}`,
            isDeprecated: task.deprecated,
          });
        });
      return result;
    } else {
      const versions =
        (
          await this.getTasks(
            BUILT_IN_TASKS_URL,
            {},
            AzurePipelinesFallbackTasks,
          )
        )[packageName.toLowerCase()] ??
        (
          await this.getTasks(
            MARKETPLACE_TASKS_URL,
            {},
            AzurePipelinesFallbackTasks,
          )
        )[packageName.toLowerCase()];
      if (versions) {
        const releases = versions.map((version) => ({ version }));
        return { releases };
      }
    }
    return null;
@ -39,8 +93,39 @@ export class AzurePipelinesTasksDatasource extends Datasource {
    key: (url: string) => url,
    ttlMinutes: 24 * 60,
  })
-  async getTasks(url: string): Promise<Record<string, string[]>> {
+  async getTasks<ResT, Schema extends ZodType<ResT> = ZodType<ResT>>(
-    const { body } = await this.http.getJson<Record<string, string[]>>(url);
+    url: string,
    opts: HttpOptions,
    schema: Schema,
  ): Promise<TypeOf<Schema>> {
    const { body } = await this.http.getJson(url, opts, schema);
    return body;
  }
  static compareSemanticVersions = (key: string) => (a: any, b: any) => {
    const a1Version = AzurePipelinesTaskVersion.safeParse(a[key]).data;
    const b1Version = AzurePipelinesTaskVersion.safeParse(b[key]).data;
    const a1 =
      a1Version === undefined
        ? ''
        : `${a1Version.major}.${a1Version.minor}.${a1Version.patch}`;
    const b1 =
      b1Version === undefined
        ? ''
        : `${b1Version.major}.${b1Version.minor}.${b1Version.patch}`;
    const len = Math.min(a1.length, b1.length);
    for (let i = 0; i < len; i++) {
      const a2 = +a1[i] || 0;
      const b2 = +b1[i] || 0;
      if (a2 !== b2) {
        return a2 > b2 ? 1 : -1;
      }
    }
    return b1.length - a1.length;
  };
 }
--- a/lib/modules/datasource/azure-pipelines-tasks/schema.ts
+++ b/lib/modules/datasource/azure-pipelines-tasks/schema.ts
@ -0,0 +1,19 @@
 import { z } from 'zod';
 export const AzurePipelinesTaskVersion = z.object({
  major: z.number(),
  minor: z.number(),
  patch: z.number(),
 });
 export const AzurePipelinesTask = z.object({
  name: z.string(),
  deprecated: z.boolean().optional(),
  version: AzurePipelinesTaskVersion.nullable(),
 });
 export const AzurePipelinesJSON = z.object({
  value: AzurePipelinesTask.array(),
 });
 export const AzurePipelinesFallbackTasks = z.record(z.string().array());
--- a/lib/modules/manager/bazel-module/extract.spec.ts
+++ b/lib/modules/manager/bazel-module/extract.spec.ts
@ -392,5 +392,31 @@ describe('modules/manager/bazel-module/extract', () => {
        },
      ]);
    });
    it('returns git_repository dependencies', async () => {
      const input = codeBlock`
        git_repository(
            name = "rules_foo",
            commit = "850cb49c8649e463b80ef7984e7c744279746170",
            remote = "https://github.com/example/rules_foo.git",
        )
        `;
      const result = await extractPackageFile(input, 'MODULE.bazel');
      if (!result) {
        throw new Error('Expected a result.');
      }
      expect(result.deps).toHaveLength(1);
      expect(result.deps).toEqual(
        expect.arrayContaining([
          {
            datasource: GithubTagsDatasource.id,
            depType: 'git_repository',
            depName: 'rules_foo',
            currentDigest: '850cb49c8649e463b80ef7984e7c744279746170',
            packageName: 'example/rules_foo',
          },
        ]),
      );
    });
  });
 });
--- a/lib/modules/manager/bazel-module/extract.ts
+++ b/lib/modules/manager/bazel-module/extract.ts
@ -8,7 +8,10 @@ import type { RecordFragment } from './fragments';
 import { parse } from './parser';
 import { RuleToMavenPackageDep, fillRegistryUrls } from './parser/maven';
 import { RuleToDockerPackageDep } from './parser/oci';
-import { RuleToBazelModulePackageDep } from './rules';
+import {
  GitRepositoryToPackageDep,
  RuleToBazelModulePackageDep,
 } from './rules';
 import * as rules from './rules';
 export async function extractPackageFile(
@ -18,9 +21,14 @@ export async function extractPackageFile(
  try {
    const records = parse(content);
    const pfc = await extractBazelPfc(records, packageFile);
    const gitRepositoryDeps = extractGitRepositoryDeps(records);
    const mavenDeps = extractMavenDeps(records);
    const dockerDeps = LooseArray(RuleToDockerPackageDep).parse(records);
    if (gitRepositoryDeps.length) {
      pfc.deps.push(...gitRepositoryDeps);
    }
    if (mavenDeps.length) {
      pfc.deps.push(...mavenDeps);
    }
@ -57,6 +65,12 @@ async function extractBazelPfc(
  return pfc;
 }
 function extractGitRepositoryDeps(
  records: RecordFragment[],
 ): PackageDependency[] {
  return LooseArray(GitRepositoryToPackageDep).parse(records);
 }
 function extractMavenDeps(records: RecordFragment[]): PackageDependency[] {
  return LooseArray(RuleToMavenPackageDep)
    .transform(fillRegistryUrls)
--- a/lib/modules/manager/bazel-module/parser/index.spec.ts
+++ b/lib/modules/manager/bazel-module/parser/index.spec.ts
@ -315,5 +315,37 @@ describe('modules/manager/bazel-module/parser/index', () => {
        ),
      ]);
    });
    it('finds the git_repository', () => {
      const input = codeBlock`
        git_repository(
          name = "rules_foo",
          remote = "https://github.com/example/rules_foo.git",
          commit = "6a2c2e22849b3e6b33d5ea9aa72222d4803a986a",
          patches = ["//:rules_foo.patch"],
          patch_strip = 1,
        )
      `;
      const res = parse(input);
      expect(res).toEqual([
        fragments.record(
          {
            rule: fragments.string('git_repository'),
            name: fragments.string('rules_foo'),
            patches: fragments.array(
              [fragments.string('//:rules_foo.patch')],
              true,
            ),
            commit: fragments.string(
              '6a2c2e22849b3e6b33d5ea9aa72222d4803a986a',
            ),
            remote: fragments.string(
              'https://github.com/example/rules_foo.git',
            ),
          },
          true,
        ),
      ]);
    });
  });
 });
--- a/lib/modules/manager/bazel-module/parser/module.ts
+++ b/lib/modules/manager/bazel-module/parser/module.ts
@ -9,6 +9,7 @@ const supportedRules = [
  'git_override',
  'local_path_override',
  'single_version_override',
  'git_repository',
 ];
 const supportedRulesRegex = regEx(`^${supportedRules.join('|')}$`);
--- a/lib/modules/manager/bazel-module/rules.spec.ts
+++ b/lib/modules/manager/bazel-module/rules.spec.ts
@ -10,6 +10,7 @@ import type {
  OverridePackageDep,
 } from './rules';
 import {
  GitRepositoryToPackageDep,
  RuleToBazelModulePackageDep,
  bazelModulePackageDepToPackageDependency,
  processModulePkgDeps,
@ -72,6 +73,19 @@ const singleVersionOverrideWithoutVersionAndRegistryPkgDep: BasePackageDep = {
  depName: 'rules_foo',
  skipReason: 'ignored',
 };
 const gitRepositoryForGithubPkgDep: BasePackageDep = {
  datasource: GithubTagsDatasource.id,
  depType: 'git_repository',
  depName: 'rules_foo',
  packageName: 'example/rules_foo',
  currentDigest: '850cb49c8649e463b80ef7984e7c744279746170',
 };
 const gitRepositoryForUnsupportedPkgDep: BasePackageDep = {
  depType: 'git_repository',
  depName: 'rules_foo',
  currentDigest: '850cb49c8649e463b80ef7984e7c744279746170',
  skipReason: 'unsupported-datasource',
 };
 describe('modules/manager/bazel-module/rules', () => {
  describe('RuleToBazelModulePackageDep', () => {
@ -129,6 +143,30 @@ describe('modules/manager/bazel-module/rules', () => {
    });
  });
  describe('GitRepositoryToPackageDep', () => {
    const gitRepositoryWithGihubHost = fragments.record({
      rule: fragments.string('git_repository'),
      name: fragments.string('rules_foo'),
      remote: fragments.string('https://github.com/example/rules_foo.git'),
      commit: fragments.string('850cb49c8649e463b80ef7984e7c744279746170'),
    });
    const gitRepositoryWithUnsupportedHost = fragments.record({
      rule: fragments.string('git_repository'),
      name: fragments.string('rules_foo'),
      remote: fragments.string('https://nobuenos.com/example/rules_foo.git'),
      commit: fragments.string('850cb49c8649e463b80ef7984e7c744279746170'),
    });
    it.each`
      msg                                   | a                                   | exp
      ${'git_repository, GitHub host'}      | ${gitRepositoryWithGihubHost}       | ${gitRepositoryForGithubPkgDep}
      ${'git_repository, unsupported host'} | ${gitRepositoryWithUnsupportedHost} | ${gitRepositoryForUnsupportedPkgDep}
    `('.parse() with $msg', ({ a, exp }) => {
      const pkgDep = GitRepositoryToPackageDep.parse(a);
      expect(pkgDep).toEqual(exp);
    });
  });
  describe('.toPackageDependencies()', () => {
    const expectedBazelDepNoOverrides: PackageDependency[] = [bazelDepPkgDep];
    const expectedBazelDepAndGitOverride: PackageDependency[] = [
--- a/lib/modules/manager/bazel-module/rules.ts
+++ b/lib/modules/manager/bazel-module/rules.ts
@ -242,3 +242,28 @@ export function toPackageDependencies(
 ): PackageDependency[] {
  return collectByModule(packageDeps).map(processModulePkgDeps).flat();
 }
 export const GitRepositoryToPackageDep = RecordFragmentSchema.extend({
  children: z.object({
    rule: StringFragmentSchema.extend({
      value: z.literal('git_repository'),
    }),
    name: StringFragmentSchema,
    remote: StringFragmentSchema,
    commit: StringFragmentSchema,
  }),
 }).transform(({ children: { rule, name, remote, commit } }): BasePackageDep => {
  const gitRepo: BasePackageDep = {
    depType: rule.value,
    depName: name.value,
    currentDigest: commit.value,
  };
  const ghPackageName = githubPackageName(remote.value);
  if (is.nonEmptyString(ghPackageName)) {
    gitRepo.datasource = GithubTagsDatasource.id;
    gitRepo.packageName = ghPackageName;
  } else {
    gitRepo.skipReason = 'unsupported-datasource';
  }
  return gitRepo;
 });
--- a/lib/modules/manager/bundler/artifacts.spec.ts
+++ b/lib/modules/manager/bundler/artifacts.spec.ts
@ -438,8 +438,8 @@ describe('modules/manager/bundler/artifacts', () => {
        bundlerHostRules.findAllAuthenticatable.mockReturnValue([
          {
            hostType: 'bundler',
-            matchHost: 'gems.private.com',
+            matchHost: 'gems-private.com',
-            resolvedHost: 'gems.private.com',
+            resolvedHost: 'gems-private.com',
            username: 'some-user',
            password: 'some-password',
          },
@ -470,7 +470,7 @@ describe('modules/manager/bundler/artifacts', () => {
              'docker run --rm --name=renovate_sidecar --label=renovate_child ' +
              '-v "/tmp/github/some/repo":"/tmp/github/some/repo" ' +
              '-v "/tmp/cache":"/tmp/cache" ' +
-              '-e BUNDLE_GEMS__PRIVATE__COM ' +
+              '-e BUNDLE_GEMS___PRIVATE__COM ' +
              '-e GEM_HOME ' +
              '-e CONTAINERBASE_CACHE_DIR ' +
              '-w "/tmp/github/some/repo" ' +
@ -487,218 +487,6 @@ describe('modules/manager/bundler/artifacts', () => {
          },
        ]);
      });
      it('injects bundler host configuration as command with bundler < 2', async () => {
        GlobalConfig.set({ ...adminConfig, binarySource: 'docker' });
        fs.readLocalFile.mockResolvedValueOnce('Current Gemfile.lock');
        fs.readLocalFile.mockResolvedValueOnce('1.2.0');
        // ruby
        datasource.getPkgReleases.mockResolvedValueOnce({
          releases: [
            { version: '1.0.0' },
            { version: '1.2.0' },
            { version: '1.3.0' },
          ],
        });
        bundlerHostRules.findAllAuthenticatable.mockReturnValue([
          {
            hostType: 'bundler',
            matchHost: 'gems-private.com',
            resolvedHost: 'gems-private.com',
            username: 'some-user',
            password: 'some-password',
          },
        ]);
        bundlerHostRules.getAuthenticationHeaderValue.mockReturnValue(
          'some-user:some-password',
        );
        const execSnapshots = mockExecAll();
        git.getRepoStatus.mockResolvedValueOnce(
          partial<StatusResult>({
            modified: ['Gemfile.lock'],
          }),
        );
        fs.readLocalFile.mockResolvedValueOnce('Updated Gemfile.lock');
        expect(
          await updateArtifacts({
            packageFileName: 'Gemfile',
            updatedDeps: [{ depName: 'foo' }, { depName: 'bar' }],
            newPackageFileContent: 'Updated Gemfile content',
            config: {
              ...config,
              constraints: {
                bundler: '1.2',
              },
            },
          }),
        ).toEqual([updatedGemfileLock]);
        expect(execSnapshots).toMatchObject([
          { cmd: 'docker pull ghcr.io/containerbase/sidecar' },
          { cmd: 'docker ps --filter name=renovate_sidecar -aq' },
          {
            cmd:
              'docker run --rm --name=renovate_sidecar --label=renovate_child ' +
              '-v "/tmp/github/some/repo":"/tmp/github/some/repo" ' +
              '-v "/tmp/cache":"/tmp/cache" ' +
              '-e GEM_HOME ' +
              '-e CONTAINERBASE_CACHE_DIR ' +
              '-w "/tmp/github/some/repo" ' +
              'ghcr.io/containerbase/sidecar' +
              ' bash -l -c "' +
              'install-tool ruby 1.2.0' +
              ' && ' +
              'install-tool bundler 1.2' +
              ' && ' +
              'ruby --version' +
              ' && ' +
              'bundler config --local gems-private.com some-user:some-password' +
              ' && ' +
              'bundler lock --update foo bar' +
              '"',
          },
        ]);
      });
      it('injects bundler host configuration as command with bundler >= 2', async () => {
        GlobalConfig.set({ ...adminConfig, binarySource: 'docker' });
        fs.readLocalFile.mockResolvedValueOnce('Current Gemfile.lock');
        fs.readLocalFile.mockResolvedValueOnce('1.2.0');
        // ruby
        datasource.getPkgReleases.mockResolvedValueOnce({
          releases: [
            { version: '1.0.0' },
            { version: '1.2.0' },
            { version: '1.3.0' },
          ],
        });
        bundlerHostRules.findAllAuthenticatable.mockReturnValue([
          {
            hostType: 'bundler',
            matchHost: 'gems-private.com',
            resolvedHost: 'gems-private.com',
            username: 'some-user',
            password: 'some-password',
          },
        ]);
        bundlerHostRules.getAuthenticationHeaderValue.mockReturnValue(
          'some-user:some-password',
        );
        const execSnapshots = mockExecAll();
        git.getRepoStatus.mockResolvedValueOnce(
          partial<StatusResult>({
            modified: ['Gemfile.lock'],
          }),
        );
        fs.readLocalFile.mockResolvedValueOnce('Updated Gemfile.lock');
        expect(
          await updateArtifacts({
            packageFileName: 'Gemfile',
            updatedDeps: [{ depName: 'foo' }, { depName: 'bar' }],
            newPackageFileContent: 'Updated Gemfile content',
            config: {
              ...config,
              constraints: {
                bundler: '2.1',
              },
            },
          }),
        ).toEqual([updatedGemfileLock]);
        expect(execSnapshots).toMatchObject([
          { cmd: 'docker pull ghcr.io/containerbase/sidecar' },
          { cmd: 'docker ps --filter name=renovate_sidecar -aq' },
          {
            cmd:
              'docker run --rm --name=renovate_sidecar --label=renovate_child ' +
              '-v "/tmp/github/some/repo":"/tmp/github/some/repo" ' +
              '-v "/tmp/cache":"/tmp/cache" ' +
              '-e GEM_HOME ' +
              '-e CONTAINERBASE_CACHE_DIR ' +
              '-w "/tmp/github/some/repo" ' +
              'ghcr.io/containerbase/sidecar' +
              ' bash -l -c "' +
              'install-tool ruby 1.2.0' +
              ' && ' +
              'install-tool bundler 2.1' +
              ' && ' +
              'ruby --version' +
              ' && ' +
              'bundler config set --local gems-private.com some-user:some-password' +
              ' && ' +
              'bundler lock --update foo bar' +
              '"',
          },
        ]);
      });
      it('injects bundler host configuration as command with bundler == latest', async () => {
        GlobalConfig.set({ ...adminConfig, binarySource: 'docker' });
        fs.readLocalFile.mockResolvedValueOnce('Current Gemfile.lock');
        fs.readLocalFile.mockResolvedValueOnce('1.2.0');
        // ruby
        datasource.getPkgReleases.mockResolvedValueOnce({
          releases: [
            { version: '1.0.0' },
            { version: '1.2.0' },
            { version: '1.3.0' },
          ],
        });
        // bundler
        datasource.getPkgReleases.mockResolvedValueOnce({
          releases: [{ version: '1.17.2' }, { version: '2.3.5' }],
        });
        bundlerHostRules.findAllAuthenticatable.mockReturnValue([
          {
            hostType: 'bundler',
            matchHost: 'gems-private.com',
            resolvedHost: 'gems-private.com',
            username: 'some-user',
            password: 'some-password',
          },
        ]);
        bundlerHostRules.getAuthenticationHeaderValue.mockReturnValue(
          'some-user:some-password',
        );
        const execSnapshots = mockExecAll();
        git.getRepoStatus.mockResolvedValueOnce(
          partial<StatusResult>({
            modified: ['Gemfile.lock'],
          }),
        );
        fs.readLocalFile.mockResolvedValueOnce('Updated Gemfile.lock');
        expect(
          await updateArtifacts({
            packageFileName: 'Gemfile',
            updatedDeps: [{ depName: 'foo' }, { depName: 'bar' }],
            newPackageFileContent: 'Updated Gemfile content',
            config,
          }),
        ).toEqual([updatedGemfileLock]);
        expect(execSnapshots).toMatchObject([
          { cmd: 'docker pull ghcr.io/containerbase/sidecar' },
          { cmd: 'docker ps --filter name=renovate_sidecar -aq' },
          {
            cmd:
              'docker run --rm --name=renovate_sidecar --label=renovate_child ' +
              '-v "/tmp/github/some/repo":"/tmp/github/some/repo" ' +
              '-v "/tmp/cache":"/tmp/cache" ' +
              '-e GEM_HOME ' +
              '-e CONTAINERBASE_CACHE_DIR ' +
              '-w "/tmp/github/some/repo" ' +
              'ghcr.io/containerbase/sidecar' +
              ' bash -l -c "' +
              'install-tool ruby 1.2.0' +
              ' && ' +
              'install-tool bundler 1.3.0' +
              ' && ' +
              'ruby --version' +
              ' && ' +
              'bundler config set --local gems-private.com some-user:some-password' +
              ' && ' +
              'bundler lock --update foo bar' +
              '"',
          },
        ]);
      });
    });
    it('returns error when failing in lockFileMaintenance true', async () => {
--- a/lib/modules/manager/bundler/artifacts.ts
+++ b/lib/modules/manager/bundler/artifacts.ts
@ -1,4 +1,3 @@
 import { lt } from '@renovatebot/ruby-semver';
 import is from '@sindresorhus/is';
 import { quote } from 'shlex';
 import {
@ -17,7 +16,6 @@ import {
 } from '../../../util/fs';
 import { getRepoStatus } from '../../../util/git';
 import { newlineRegex, regEx } from '../../../util/regex';
 import { isValid } from '../../versioning/ruby';
 import type { UpdateArtifact, UpdateArtifactsResult } from '../types';
 import {
  getBundlerConstraint,
@ -32,14 +30,17 @@ import {
 const hostConfigVariablePrefix = 'BUNDLE_';
 function buildBundleHostVariable(hostRule: HostRule): Record<string, string> {
-  if (!hostRule.resolvedHost || hostRule.resolvedHost.includes('-')) {
+  // istanbul ignore if: doesn't happen in practice
  if (!hostRule.resolvedHost) {
    return {};
  }
  const varName = hostConfigVariablePrefix.concat(
    hostRule.resolvedHost
      .toUpperCase()
      .split('.')
-      .map((term) => term.toUpperCase())
+      .join('__')
-      .join('__'),
+      .split('-')
      .join('___'),
  );
  return {
    [varName]: `${getAuthenticationHeaderValue(hostRule)}`,
@ -149,47 +150,12 @@ export async function updateArtifacts(
      {} as Record<string, string>,
    );
    // Detect hosts with a hyphen '-' in the url.
    // Those cannot be added with environment variables but need to be added
    // with the bundler config
    const bundlerHostRulesAuthCommands: string[] = bundlerHostRules.reduce(
      (authCommands: string[], hostRule) => {
        if (hostRule.resolvedHost?.includes('-')) {
          // TODO: fix me, hostrules can missing all auth
          const creds = getAuthenticationHeaderValue(hostRule);
          authCommands.push(`${quote(hostRule.resolvedHost)} ${quote(creds)}`);
        }
        return authCommands;
      },
      [],
    );
    const bundler = getBundlerConstraint(
      updateArtifact,
      existingLockFileContent,
    );
    const preCommands = ['ruby --version'];
    // Bundler < 2 has a different config option syntax than >= 2
    if (
      bundlerHostRulesAuthCommands &&
      bundler &&
      isValid(bundler) &&
      lt(bundler, '2')
    ) {
      preCommands.push(
        ...bundlerHostRulesAuthCommands.map(
          (authCommand) => `bundler config --local ${authCommand}`,
        ),
      );
    } else if (bundlerHostRulesAuthCommands) {
      preCommands.push(
        ...bundlerHostRulesAuthCommands.map(
          (authCommand) => `bundler config set --local ${authCommand}`,
        ),
      );
    }
    const execOptions: ExecOptions = {
      cwdFile: lockFileName,
      userConfiguredEnv: config.env,
--- a/lib/modules/manager/poetry/fixtures/pyproject.10.toml
+++ b/lib/modules/manager/poetry/fixtures/pyproject.10.toml
@ -16,6 +16,10 @@ url = "last.url"
 [[tool.poetry.source]]
 name = "five"
 [[tool.poetry.source]]
 name = "invalid-url"
 url = "invalid-url"
 [build-system]
 requires = ["poetry_core>=1.0", "wheel"]
 build-backend = "poetry.masonry.api"
--- a/lib/modules/manager/poetry/artifacts.spec.ts
+++ b/lib/modules/manager/poetry/artifacts.spec.ts
@ -1,4 +1,5 @@
 import { codeBlock } from 'common-tags';
 import { GoogleAuth as _googleAuth } from 'google-auth-library';
 import { mockDeep } from 'jest-mock-extended';
 import { join } from 'upath';
 import { envMock, mockExecAll } from '../../../../test/exec-util';
@ -15,16 +16,26 @@ import { updateArtifacts } from '.';
 const pyproject1toml = Fixtures.get('pyproject.1.toml');
 const pyproject10toml = Fixtures.get('pyproject.10.toml');
 const pyproject13toml = `[[tool.poetry.source]]
 name = "some-gar-repo"
 url = "https://someregion-python.pkg.dev/some-project/some-repo/simple/"
 [build-system]
 requires = ["poetry_core>=1.0", "wheel"]
 build-backend = "poetry.masonry.api"
 `;
 jest.mock('../../../util/exec/env');
 jest.mock('../../../util/fs');
 jest.mock('../../datasource', () => mockDeep());
 jest.mock('../../../util/host-rules', () => mockDeep());
 jest.mock('google-auth-library');
 process.env.CONTAINERBASE = 'true';
 const datasource = mocked(_datasource);
 const hostRules = mocked(_hostRules);
 const googleAuth = mocked(_googleAuth);
 const adminConfig: RepoGlobalConfig = {
  localDir: join('/tmp/github/some/repo'),
@ -198,7 +209,99 @@ describe('modules/manager/poetry/artifacts', () => {
          },
        },
      ]);
-      expect(hostRules.find.mock.calls).toHaveLength(5);
+      expect(hostRules.find.mock.calls).toHaveLength(7);
      expect(execSnapshots).toMatchObject([
        {
          cmd: 'poetry update --lock --no-interaction dep1',
          options: {
            env: {
              POETRY_HTTP_BASIC_ONE_PASSWORD: 'passwordOne',
              POETRY_HTTP_BASIC_ONE_USERNAME: 'usernameOne',
              POETRY_HTTP_BASIC_TWO_USERNAME: 'usernameTwo',
              POETRY_HTTP_BASIC_FOUR_OH_FOUR_PASSWORD: 'passwordFour',
            },
          },
        },
      ]);
    });
    it('passes Google Artifact Registry credentials environment vars', async () => {
      // poetry.lock
      fs.getSiblingFileName.mockReturnValueOnce('poetry.lock');
      fs.readLocalFile.mockResolvedValueOnce(null);
      // pyproject.lock
      fs.getSiblingFileName.mockReturnValueOnce('pyproject.lock');
      fs.readLocalFile.mockResolvedValueOnce('[metadata]\n');
      const execSnapshots = mockExecAll();
      fs.readLocalFile.mockResolvedValueOnce('New poetry.lock');
      googleAuth.mockImplementationOnce(
        jest.fn().mockImplementationOnce(() => ({
          getAccessToken: jest.fn().mockResolvedValue('some-token'),
        })),
      );
      const updatedDeps = [{ depName: 'dep1' }];
      expect(
        await updateArtifacts({
          packageFileName: 'pyproject.toml',
          updatedDeps,
          newPackageFileContent: pyproject13toml,
          config,
        }),
      ).toEqual([
        {
          file: {
            type: 'addition',
            path: 'pyproject.lock',
            contents: 'New poetry.lock',
          },
        },
      ]);
      expect(hostRules.find.mock.calls).toHaveLength(3);
      expect(execSnapshots).toMatchObject([
        {
          cmd: 'poetry update --lock --no-interaction dep1',
          options: {
            env: {
              POETRY_HTTP_BASIC_SOME_GAR_REPO_USERNAME: 'oauth2accesstoken',
              POETRY_HTTP_BASIC_SOME_GAR_REPO_PASSWORD: 'some-token',
            },
          },
        },
      ]);
    });
    it('continues if Google auth is not configured', async () => {
      // poetry.lock
      fs.getSiblingFileName.mockReturnValueOnce('poetry.lock');
      fs.readLocalFile.mockResolvedValueOnce(null);
      // pyproject.lock
      fs.getSiblingFileName.mockReturnValueOnce('pyproject.lock');
      fs.readLocalFile.mockResolvedValueOnce('[metadata]\n');
      const execSnapshots = mockExecAll();
      fs.readLocalFile.mockResolvedValueOnce('New poetry.lock');
      googleAuth.mockImplementation(
        jest.fn().mockImplementation(() => ({
          getAccessToken: jest.fn().mockResolvedValue(undefined),
        })),
      );
      const updatedDeps = [{ depName: 'dep1' }];
      expect(
        await updateArtifacts({
          packageFileName: 'pyproject.toml',
          updatedDeps,
          newPackageFileContent: pyproject13toml,
          config,
        }),
      ).toEqual([
        {
          file: {
            type: 'addition',
            path: 'pyproject.lock',
            contents: 'New poetry.lock',
          },
        },
      ]);
      expect(hostRules.find.mock.calls).toHaveLength(3);
      expect(execSnapshots).toMatchObject([
        { cmd: 'poetry update --lock --no-interaction dep1' },
      ]);
--- a/lib/modules/manager/poetry/artifacts.ts
+++ b/lib/modules/manager/poetry/artifacts.ts
@ -17,7 +17,9 @@ import { find } from '../../../util/host-rules';
 import { regEx } from '../../../util/regex';
 import { Result } from '../../../util/result';
 import { parse as parseToml } from '../../../util/toml';
 import { parseUrl } from '../../../util/url';
 import { PypiDatasource } from '../../datasource/pypi';
 import { getGoogleAuthTokenRaw } from '../../datasource/util';
 import type { UpdateArtifact, UpdateArtifactsResult } from '../types';
 import { Lockfile, PoetrySchemaToml } from './schema';
 import type { PoetryFile, PoetrySource } from './types';
@ -101,7 +103,7 @@ function getPoetrySources(content: string, fileName: string): PoetrySource[] {
    return [];
  }
  if (!pyprojectFile.tool?.poetry) {
-    logger.debug(`{$fileName} contains no poetry section`);
+    logger.debug(`${fileName} contains no poetry section`);
    return [];
  }
@ -115,20 +117,42 @@ function getPoetrySources(content: string, fileName: string): PoetrySource[] {
  return sourceArray;
 }
-function getMatchingHostRule(url: string | undefined): HostRule {
+async function getMatchingHostRule(url: string | undefined): Promise<HostRule> {
  const scopedMatch = find({ hostType: PypiDatasource.id, url });
-  return is.nonEmptyObject(scopedMatch) ? scopedMatch : find({ url });
+  const hostRule = is.nonEmptyObject(scopedMatch) ? scopedMatch : find({ url });
  if (hostRule) {
    return hostRule;
  }
  const parsedUrl = parseUrl(url);
  if (!parsedUrl) {
    logger.once.debug(`Failed to parse URL ${url}`);
    return {};
  }
  if (parsedUrl.hostname.endsWith('.pkg.dev')) {
    const accessToken = await getGoogleAuthTokenRaw();
    if (accessToken) {
      return {
        username: 'oauth2accesstoken',
        password: accessToken,
      };
    }
    logger.once.debug(`Could not get Google access token (url=${url})`);
  }
  return {};
 }
-function getSourceCredentialVars(
+async function getSourceCredentialVars(
  pyprojectContent: string,
  packageFileName: string,
-): NodeJS.ProcessEnv {
+): Promise<NodeJS.ProcessEnv> {
  const poetrySources = getPoetrySources(pyprojectContent, packageFileName);
  const envVars: NodeJS.ProcessEnv = {};
  for (const source of poetrySources) {
-    const matchingHostRule = getMatchingHostRule(source.url);
+    const matchingHostRule = await getMatchingHostRule(source.url);
    const formattedSourceName = source.name
      .replace(regEx(/(\.|-)+/g), '_')
      .toUpperCase();
@ -192,7 +216,10 @@ export async function updateArtifacts({
      config.constraints?.poetry ??
      getPoetryRequirement(newPackageFileContent, existingLockFileContent);
    const extraEnv = {
-      ...getSourceCredentialVars(newPackageFileContent, packageFileName),
+      ...(await getSourceCredentialVars(
        newPackageFileContent,
        packageFileName,
      )),
      ...getGitEnvironmentVariables(['poetry']),
      PIP_CACHE_DIR: await ensureCacheDir('pip'),
    };
--- a/lib/modules/manager/pre-commit/fixtures/complex.pre-commit-config.yaml
+++ b/lib/modules/manager/pre-commit/fixtures/complex.pre-commit-config.yaml
@ -13,11 +13,18 @@ repos:
    rev: 19.3b0
    hooks:
      - id: black
        language: python
        additional_dependencies:
          - "request==1.1.1"
          - "" # broken pypi package
  - repo: https://gitlab.com/psf/black
    # should also detect gitlab
    rev: 19.3b0
    hooks:
      - id: black
        # missing language, not extracted
        additional_dependencies:
          - "urllib==24.9.0"
  - repo: http://gitlab.com/psf/black
    # should also detect http
    rev: 19.3b0
@ -48,3 +55,7 @@ repos:
  - repo: some_invalid_url
    # case with invlalid url.
    rev: v1.0.0
  # pre-commit meta hooks
  - repo: meta
    hooks: []
--- a/lib/modules/manager/pre-commit/snapshots/extract.spec.ts.snap
+++ b/lib/modules/manager/pre-commit/snapshots/extract.spec.ts.snap
@ -10,6 +10,14 @@ exports[`modules/manager/pre-commit/extract extractPackageFile() extracts from c
      "depType": "repository",
      "packageName": "pre-commit/pre-commit-hooks",
    },
    {
      "currentValue": "==1.1.1",
      "currentVersion": "1.1.1",
      "datasource": "pypi",
      "depName": "request",
      "depType": "pre-commit-python",
      "packageName": "request",
    },
    {
      "currentValue": "19.3b0",
      "datasource": "github-tags",
--- a/lib/modules/manager/pre-commit/extract.spec.ts
+++ b/lib/modules/manager/pre-commit/extract.spec.ts
@ -2,6 +2,7 @@ import { mockDeep } from 'jest-mock-extended';
 import { Fixtures } from '../../../../test/fixtures';
 import { mocked } from '../../../../test/util';
 import * as _hostRules from '../../../util/host-rules';
 import { PypiDatasource } from '../../datasource/pypi';
 import { extractPackageFile } from '.';
 jest.mock('../../../util/host-rules', () => mockDeep());
@ -81,6 +82,14 @@ describe('modules/manager/pre-commit/extract', () => {
      expect(result).toMatchSnapshot({
        deps: [
          { depName: 'pre-commit/pre-commit-hooks', currentValue: 'v3.3.0' },
          {
            currentValue: '==1.1.1',
            currentVersion: '1.1.1',
            datasource: PypiDatasource.id,
            depName: 'request',
            depType: 'pre-commit-python',
            packageName: 'request',
          },
          { depName: 'psf/black', currentValue: '19.3b0' },
          { depName: 'psf/black', currentValue: '19.3b0' },
          { depName: 'psf/black', currentValue: '19.3b0' },
--- a/lib/modules/manager/pre-commit/extract.ts
+++ b/lib/modules/manager/pre-commit/extract.ts
@ -7,6 +7,7 @@ import { regEx } from '../../../util/regex';
 import { parseSingleYaml } from '../../../util/yaml';
 import { GithubTagsDatasource } from '../../datasource/github-tags';
 import { GitlabTagsDatasource } from '../../datasource/gitlab-tags';
 import { pep508ToPackageDependency } from '../pep621/utils';
 import type { PackageDependency, PackageFileContent } from '../types';
 import {
  matchesPrecommitConfigHeuristic,
@ -137,6 +138,23 @@ function findDependencies(precommitFile: PreCommitConfig): PackageDependency[] {
  }
  const packageDependencies: PackageDependency[] = [];
  precommitFile.repos.forEach((item) => {
    // meta hooks is defined from pre-commit and doesn't support `additional_dependencies`
    if (item.repo !== 'meta') {
      item.hooks?.forEach((hook) => {
        // normally language are not defined in yaml
        // only support it when it's explicitly defined.
        // this avoid to parse hooks from pre-commit-hooks.yaml from git repo
        if (hook.language === 'python') {
          hook.additional_dependencies?.map((req) => {
            const dep = pep508ToPackageDependency('pre-commit-python', req);
            if (dep) {
              packageDependencies.push(dep);
            }
          });
        }
      });
    }
    if (matchesPrecommitDependencyHeuristic(item)) {
      logger.trace(item, 'Matched pre-commit dependency spec');
      const repository = String(item.repo);
--- a/lib/modules/manager/pre-commit/readme.md
+++ b/lib/modules/manager/pre-commit/readme.md
@ -26,3 +26,33 @@ To enable the `pre-commit` manager, add the following config:
 ```
 Alternatively, add `:enablePreCommit` to your `extends` array.
 ### Additional Dependencies
 renovate has partial support for `additional_dependencies`, currently python only.
 for python hooks, you will need to **explicitly add language** to your hooks with `additional_dependencies`
 to let renovatebot know what kind of dependencies they are.
 For example, this work for `request`:
 ```yaml
 - repo: https://github.com/psf/black
  rev: 19.3b0
  hooks:
    - id: black
      language: python
      additional_dependencies:
        - 'request==1.1.1'
 ```
 this won't work:
 ```yaml
 - repo: https://github.com/psf/black
  rev: 19.3b0
  hooks:
    - id: black
      additional_dependencies:
        - 'request==1.1.1'
 ```
--- a/lib/modules/manager/pre-commit/types.ts
+++ b/lib/modules/manager/pre-commit/types.ts
@ -2,7 +2,13 @@ export interface PreCommitConfig {
  repos: PreCommitDependency[];
 }
 export interface PreCommitHook {
  language?: string;
  additional_dependencies?: Array<string>;
 }
 export interface PreCommitDependency {
  repo: string;
  hooks?: Array<PreCommitHook>;
  rev: string;
 }
--- a/lib/modules/platform/github/index.spec.ts
+++ b/lib/modules/platform/github/index.spec.ts
@ -1531,6 +1531,57 @@ describe('modules/platform/github/index', () => {
    });
  });
  describe('getIssue()', () => {
    it('returns null if issues disabled', async () => {
      const scope = httpMock.scope(githubApiHost);
      initRepoMock(scope, 'some/repo', { hasIssuesEnabled: false });
      await github.initRepo({ repository: 'some/repo' });
      const res = await github.getIssue(1);
      expect(res).toBeNull();
    });
    it('returns issue', async () => {
      const scope = httpMock.scope(githubApiHost);
      initRepoMock(scope, 'some/repo');
      const issue = {
        number: 1,
        state: 'open',
        title: 'title-1',
        body: 'body-1',
      };
      scope
        .get('/repos/some/repo/issues/1')
        .reply(200, { ...issue, updated_at: '2022-01-01T00:00:00Z' });
      await github.initRepo({ repository: 'some/repo' });
      const res = await github.getIssue(1);
      expect(res).toMatchObject({
        ...issue,
        lastModified: '2022-01-01T00:00:00Z',
      });
    });
    it('returns null if issue not found', async () => {
      const scope = httpMock.scope(githubApiHost);
      initRepoMock(scope, 'some/repo');
      scope.get('/repos/some/repo/issues/1').reply(404);
      await github.initRepo({ repository: 'some/repo' });
      const res = await github.getIssue(1);
      expect(res).toBeNull();
    });
    it('logs debug message if issue deleted', async () => {
      const scope = httpMock.scope(githubApiHost);
      initRepoMock(scope, 'some/repo');
      scope.get('/repos/some/repo/issues/1').reply(410);
      await github.initRepo({ repository: 'some/repo' });
      const res = await github.getIssue(1);
      expect(res).toBeNull();
      expect(logger.logger.debug).toHaveBeenCalledWith(
        'Issue #1 has been deleted',
      );
    });
  });
  describe('findIssue()', () => {
    it('returns null if no issue', async () => {
      httpMock
--- a/lib/modules/platform/github/index.ts
+++ b/lib/modules/platform/github/index.ts
@ -1231,7 +1231,6 @@ export async function getIssueList(): Promise<Issue[]> {
 }
 export async function getIssue(number: number): Promise<Issue | null> {
  // istanbul ignore if
  if (config.hasIssuesEnabled === false) {
    return null;
  }
@ -1246,8 +1245,12 @@ export async function getIssue(number: number): Promise<Issue | null> {
    );
    GithubIssueCache.updateIssue(issue);
    return issue;
-  } catch (err) /* istanbul ignore next */ {
+  } catch (err) {
    logger.debug({ err, number }, 'Error getting issue');
    if (err.response?.statusCode === 410) {
      logger.debug(`Issue #${number} has been deleted`);
      GithubIssueCache.deleteIssue(number);
    }
    return null;
  }
 }
--- a/lib/modules/platform/github/issue.spec.ts
+++ b/lib/modules/platform/github/issue.spec.ts
@ -159,6 +159,32 @@ describe('modules/platform/github/issue', () => {
      });
    });
    it('removes particular issue from the cache', () => {
      cache.platform = {
        github: {
          issuesCache: {
            '1': {
              number: 1,
              body: 'body-1',
              state: 'open',
              title: 'title-1',
              lastModified: '2020-01-01T00:00:00.000Z',
            },
          },
        },
      };
      GithubIssueCache.deleteIssue(1);
      expect(cache).toEqual({
        platform: {
          github: {
            issuesCache: {},
          },
        },
      });
    });
    it('reconciles cache', () => {
      cache.platform = {
        github: {
--- a/lib/modules/platform/github/issue.ts
+++ b/lib/modules/platform/github/issue.ts
@ -85,6 +85,13 @@ export class GithubIssueCache {
    }
  }
  static deleteIssue(number: number): void {
    const cacheData = this.data;
    if (cacheData) {
      delete cacheData[number];
    }
  }
  /**
   * At the moment of repo initialization, repository cache is not available.
   * What we can do is to store issues for later reconciliation.
--- a/lib/modules/platform/gitlab/index.ts
+++ b/lib/modules/platform/gitlab/index.ts
@ -1361,9 +1361,12 @@ export async function ensureComment({
  if (topic) {
    logger.debug(`Ensuring comment "${massagedTopic!}" in #${number}`);
    body = `### ${topic}\n\n${sanitizedContent}`;
-    body = body
+    body = smartTruncate(
-      .replace(regEx(/Pull Request/g), 'Merge Request')
+      body
-      .replace(regEx(/PR/g), 'MR');
+        .replace(regEx(/Pull Request/g), 'Merge Request')
        .replace(regEx(/PR/g), 'MR'),
      maxBodyLength(),
    );
    comments.forEach((comment: { body: string; id: number }) => {
      if (comment.body.startsWith(`### ${massagedTopic!}\n\n`)) {
        commentId = comment.id;
@ -1372,7 +1375,7 @@ export async function ensureComment({
    });
  } else {
    logger.debug(`Ensuring content-only comment in #${number}`);
-    body = `${sanitizedContent}`;
+    body = smartTruncate(`${sanitizedContent}`, maxBodyLength());
    comments.forEach((comment: { body: string; id: number }) => {
      if (comment.body === body) {
        commentId = comment.id;
--- a/lib/workers/repository/finalize/index.ts
+++ b/lib/workers/repository/finalize/index.ts
@ -4,7 +4,7 @@ import { platform } from '../../../modules/platform';
 import * as repositoryCache from '../../../util/cache/repository';
 import { clearRenovateRefs } from '../../../util/git';
 import { PackageFiles } from '../package-files';
-import { validateReconfigureBranch } from '../reconfigure';
+import { checkReconfigureBranch } from '../reconfigure';
 import { pruneStaleBranches } from './prune';
 import {
  runBranchSummary,
@ -16,7 +16,7 @@ export async function finalizeRepo(
  config: RenovateConfig,
  branchList: string[],
 ): Promise<void> {
-  await validateReconfigureBranch(config);
+  await checkReconfigureBranch(config);
  await repositoryCache.saveCache();
  await pruneStaleBranches(config, branchList);
  await ensureIssuesClosing();
--- a/lib/workers/repository/finalize/prune.ts
+++ b/lib/workers/repository/finalize/prune.ts
@ -9,7 +9,7 @@ import { scm } from '../../../modules/platform/scm';
 import { getBranchList, setUserRepoConfig } from '../../../util/git';
 import { escapeRegExp, regEx } from '../../../util/regex';
 import { uniqueStrings } from '../../../util/string';
-import { getReconfigureBranchName } from '../reconfigure';
+import { getReconfigureBranchName } from '../reconfigure/utils';
 async function cleanUpBranches(
  config: RenovateConfig,
--- a/lib/workers/repository/reconfigure/index.spec.ts
+++ b/lib/workers/repository/reconfigure/index.spec.ts
@ -1,242 +1,42 @@
 import { mock } from 'jest-mock-extended';
 import type { RenovateConfig } from '../../../../test/util';
-import { fs, git, mocked, partial, platform, scm } from '../../../../test/util';
+import { logger, mocked, scm } from '../../../../test/util';
 import { GlobalConfig } from '../../../config/global';
-import { logger } from '../../../logger';
+import * as _validate from './validate';
-import type { Pr } from '../../../modules/platform/types';
+import { checkReconfigureBranch } from '.';
 import * as _cache from '../../../util/cache/repository';
 import type { LongCommitSha } from '../../../util/git/types';
 import * as _merge from '../init/merge';
 import { validateReconfigureBranch } from '.';
-jest.mock('../../../util/cache/repository');
+jest.mock('./validate');
 jest.mock('../../../util/fs');
 jest.mock('../../../util/git');
 jest.mock('../init/merge');
-const cache = mocked(_cache);
+const validate = mocked(_validate);
 const merge = mocked(_merge);
 describe('workers/repository/reconfigure/index', () => {
  const config: RenovateConfig = {
    branchPrefix: 'prefix/',
    baseBranch: 'base',
    statusCheckNames: partial<RenovateConfig['statusCheckNames']>({
      configValidation: 'renovate/config-validation',
    }),
  };
  beforeEach(() => {
    config.repository = 'some/repo';
    merge.detectConfigFile.mockResolvedValue('renovate.json');
    scm.branchExists.mockResolvedValue(true);
    cache.getCache.mockReturnValue({});
    git.getBranchCommit.mockReturnValue('sha' as LongCommitSha);
    fs.readLocalFile.mockResolvedValue(null);
    platform.getBranchStatusCheck.mockResolvedValue(null);
    GlobalConfig.reset();
    scm.branchExists.mockResolvedValue(true);
    validate.validateReconfigureBranch.mockResolvedValue(undefined);
  });
  it('no effect when running with platform=local', async () => {
    GlobalConfig.set({ platform: 'local' });
-    await validateReconfigureBranch(config);
+    await checkReconfigureBranch(config);
-    expect(logger.debug).toHaveBeenCalledWith(
+    expect(logger.logger.debug).toHaveBeenCalledWith(
      'Not attempting to reconfigure when running with local platform',
    );
  });
  it('no effect on repo with no reconfigure branch', async () => {
    scm.branchExists.mockResolvedValueOnce(false);
-    await validateReconfigureBranch(config);
+    await checkReconfigureBranch(config);
-    expect(logger.debug).toHaveBeenCalledWith('No reconfigure branch found');
+    expect(logger.logger.debug).toHaveBeenCalledWith(
-  });
+      'No reconfigure branch found',
  it('logs error if config file search fails', async () => {
    const err = new Error();
    merge.detectConfigFile.mockRejectedValueOnce(err as never);
    await validateReconfigureBranch(config);
    expect(logger.error).toHaveBeenCalledWith(
      { err },
      'Error while searching for config file in reconfigure branch',
    );
  });
-  it('throws error if config file not found in reconfigure branch', async () => {
+  it('validates reconfigure branch', async () => {
-    merge.detectConfigFile.mockResolvedValue(null);
+    await expect(checkReconfigureBranch(config)).toResolve();
    await validateReconfigureBranch(config);
    expect(logger.warn).toHaveBeenCalledWith(
      'No config file found in reconfigure branch',
    );
  });
  it('logs error if config file is unreadable', async () => {
    const err = new Error();
    fs.readLocalFile.mockRejectedValueOnce(err as never);
    await validateReconfigureBranch(config);
    expect(logger.error).toHaveBeenCalledWith(
      { err },
      'Error while reading config file',
    );
  });
  it('throws error if config file is empty', async () => {
    await validateReconfigureBranch(config);
    expect(logger.warn).toHaveBeenCalledWith('Empty or invalid config file');
  });
  it('throws error if config file content is invalid', async () => {
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "name":
        }
        `);
    await validateReconfigureBranch(config);
    expect(logger.error).toHaveBeenCalledWith(
      { err: expect.any(Object) },
      'Error while parsing config file',
    );
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Failed - Unparsable config file',
      state: 'red',
    });
  });
  it('handles failed validation', async () => {
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "enabledManagers": ["docker"]
        }
        `);
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      { errors: expect.any(String) },
      'Validation Errors',
    );
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Failed',
      state: 'red',
    });
  });
  it('adds comment if reconfigure PR exists', async () => {
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "enabledManagers": ["docker"]
        }
        `);
    platform.findPr.mockResolvedValueOnce(mock<Pr>({ number: 1 }));
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      { errors: expect.any(String) },
      'Validation Errors',
    );
    expect(platform.setBranchStatus).toHaveBeenCalled();
    expect(platform.ensureComment).toHaveBeenCalled();
  });
  it('handles successful validation', async () => {
    const pJson = `
    {
       "renovate": {
        "enabledManagers": ["npm"]
       }
    }
    `;
    merge.detectConfigFile.mockResolvedValue('package.json');
    fs.readLocalFile.mockResolvedValueOnce(pJson).mockResolvedValueOnce(pJson);
    await validateReconfigureBranch(config);
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Successful',
      state: 'green',
    });
  });
  it('skips adding status check if statusCheckNames.configValidation is null', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'new-sha',
        isConfigValid: false,
      },
    });
    await validateReconfigureBranch({
      ...config,
      statusCheckNames: partial<RenovateConfig['statusCheckNames']>({
        configValidation: null,
      }),
    });
    expect(logger.debug).toHaveBeenCalledWith(
      'Status check is null or an empty string, skipping status check addition.',
    );
    expect(platform.setBranchStatus).not.toHaveBeenCalled();
  });
  it('skips adding status check if statusCheckNames.configValidation is empty string', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'new-sha',
        isConfigValid: false,
      },
    });
    await validateReconfigureBranch({
      ...config,
      statusCheckNames: partial<RenovateConfig['statusCheckNames']>({
        configValidation: '',
      }),
    });
    expect(logger.debug).toHaveBeenCalledWith(
      'Status check is null or an empty string, skipping status check addition.',
    );
    expect(platform.setBranchStatus).not.toHaveBeenCalled();
  });
  it('skips validation if cache is valid', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'sha',
        isConfigValid: false,
      },
    });
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      'Skipping validation check as branch sha is unchanged',
    );
  });
  it('skips validation if status check present', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'new_sha',
        isConfigValid: false,
      },
    });
    platform.getBranchStatusCheck.mockResolvedValueOnce('green');
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      'Skipping validation check because status check already exists.',
    );
  });
  it('handles non-default config file', async () => {
    merge.detectConfigFile.mockResolvedValue('.renovaterc');
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "enabledManagers": ["npm",]
        }
        `);
    await validateReconfigureBranch(config);
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Successful',
      state: 'green',
    });
  });
 });
--- a/lib/workers/repository/reconfigure/index.ts
+++ b/lib/workers/repository/reconfigure/index.ts
@ -1,49 +1,15 @@
 import is from '@sindresorhus/is';
 import JSON5 from 'json5';
 import { GlobalConfig } from '../../../config/global';
 import type { RenovateConfig } from '../../../config/types';
 import { validateConfig } from '../../../config/validation';
 import { logger } from '../../../logger';
 import { platform } from '../../../modules/platform';
 import { ensureComment } from '../../../modules/platform/comment';
 import { scm } from '../../../modules/platform/scm';
-import type { BranchStatus } from '../../../types';
+import { deleteReconfigureBranchCache } from './reconfigure-cache';
-import { getCache } from '../../../util/cache/repository';
+import { getReconfigureBranchName } from './utils';
-import { readLocalFile } from '../../../util/fs';
+import { validateReconfigureBranch } from './validate';
 import { getBranchCommit } from '../../../util/git';
 import { regEx } from '../../../util/regex';
 import { detectConfigFile } from '../init/merge';
 import {
  deleteReconfigureBranchCache,
  setReconfigureBranchCache,
 } from './reconfigure-cache';
-async function setBranchStatus(
+export async function checkReconfigureBranch(
  branchName: string,
  description: string,
  state: BranchStatus,
  context?: string | null,
 ): Promise<void> {
  if (!is.nonEmptyString(context)) {
    // already logged this case when validating the status check
    return;
  }
  await platform.setBranchStatus({
    branchName,
    context,
    description,
    state,
  });
 }
 export function getReconfigureBranchName(prefix: string): string {
  return `${prefix}reconfigure`;
 }
 export async function validateReconfigureBranch(
  config: RenovateConfig,
 ): Promise<void> {
-  logger.debug('validateReconfigureBranch()');
+  logger.debug('checkReconfigureBranch()');
  if (GlobalConfig.get('platform') === 'local') {
    logger.debug(
      'Not attempting to reconfigure when running with local platform',
@ -51,10 +17,8 @@ export async function validateReconfigureBranch(
    return;
  }
-  const context = config.statusCheckNames?.configValidation;
+  const reconfigureBranch = getReconfigureBranchName(config.branchPrefix!);
-
+  const branchExists = await scm.branchExists(reconfigureBranch);
  const branchName = getReconfigureBranchName(config.branchPrefix!);
  const branchExists = await scm.branchExists(branchName);
  // this is something the user initiates, so skip if no branch exists
  if (!branchExists) {
@ -63,141 +27,5 @@ export async function validateReconfigureBranch(
    return;
  }
-  // look for config file
+  await validateReconfigureBranch(config);
  // 1. check reconfigure branch cache and use the configFileName if it exists
  // 2. checkout reconfigure branch and look for the config file, don't assume default configFileName
  const branchSha = getBranchCommit(branchName)!;
  const cache = getCache();
  let configFileName: string | null = null;
  const reconfigureCache = cache.reconfigureBranchCache;
  // only use valid cached information
  if (reconfigureCache?.reconfigureBranchSha === branchSha) {
    logger.debug('Skipping validation check as branch sha is unchanged');
    return;
  }
  if (context) {
    const validationStatus = await platform.getBranchStatusCheck(
      branchName,
      context,
    );
    // if old status check is present skip validation
    if (is.nonEmptyString(validationStatus)) {
      logger.debug(
        'Skipping validation check because status check already exists.',
      );
      return;
    }
  } else {
    logger.debug(
      'Status check is null or an empty string, skipping status check addition.',
    );
  }
  try {
    await scm.checkoutBranch(branchName);
    configFileName = await detectConfigFile();
  } catch (err) {
    logger.error(
      { err },
      'Error while searching for config file in reconfigure branch',
    );
  }
  if (!is.nonEmptyString(configFileName)) {
    logger.warn('No config file found in reconfigure branch');
    await setBranchStatus(
      branchName,
      'Validation Failed - No config file found',
      'red',
      context,
    );
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.defaultBranch!);
    return;
  }
  let configFileRaw: string | null = null;
  try {
    configFileRaw = await readLocalFile(configFileName, 'utf8');
  } catch (err) {
    logger.error({ err }, 'Error while reading config file');
  }
  if (!is.nonEmptyString(configFileRaw)) {
    logger.warn('Empty or invalid config file');
    await setBranchStatus(
      branchName,
      'Validation Failed - Empty/Invalid config file',
      'red',
      context,
    );
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.baseBranch!);
    return;
  }
  let configFileParsed: any;
  try {
    configFileParsed = JSON5.parse(configFileRaw);
    // no need to confirm renovate field in package.json we already do it in `detectConfigFile()`
    if (configFileName === 'package.json') {
      configFileParsed = configFileParsed.renovate;
    }
  } catch (err) {
    logger.error({ err }, 'Error while parsing config file');
    await setBranchStatus(
      branchName,
      'Validation Failed - Unparsable config file',
      'red',
      context,
    );
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.baseBranch!);
    return;
  }
  // perform validation and provide a passing or failing check run based on result
  const validationResult = await validateConfig('repo', configFileParsed);
  // failing check
  if (validationResult.errors.length > 0) {
    logger.debug(
      { errors: validationResult.errors.map((err) => err.message).join(', ') },
      'Validation Errors',
    );
    // add comment to reconfigure PR if it exists
    const branchPr = await platform.findPr({
      branchName,
      state: 'open',
      includeOtherAuthors: true,
    });
    if (branchPr) {
      let body = `There is an error with this repository's Renovate configuration that needs to be fixed.\n\n`;
      body += `Location: \`${configFileName}\`\n`;
      body += `Message: \`${validationResult.errors
        .map((e) => e.message)
        .join(', ')
        .replace(regEx(/`/g), "'")}\`\n`;
      await ensureComment({
        number: branchPr.number,
        topic: 'Action Required: Fix Renovate Configuration',
        content: body,
      });
    }
    await setBranchStatus(branchName, 'Validation Failed', 'red', context);
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.baseBranch!);
    return;
  }
  // passing check
  await setBranchStatus(branchName, 'Validation Successful', 'green', context);
  setReconfigureBranchCache(branchSha, true);
  await scm.checkoutBranch(config.baseBranch!);
 }
--- a/lib/workers/repository/reconfigure/utils.ts
+++ b/lib/workers/repository/reconfigure/utils.ts
@ -0,0 +1,3 @@
 export function getReconfigureBranchName(prefix: string): string {
  return `${prefix}reconfigure`;
 }
--- a/lib/workers/repository/reconfigure/validate.spec.ts
+++ b/lib/workers/repository/reconfigure/validate.spec.ts
@ -0,0 +1,228 @@
 import { mock } from 'jest-mock-extended';
 import type { RenovateConfig } from '../../../../test/util';
 import { fs, git, mocked, partial, platform, scm } from '../../../../test/util';
 import { GlobalConfig } from '../../../config/global';
 import { logger } from '../../../logger';
 import type { Pr } from '../../../modules/platform/types';
 import * as _cache from '../../../util/cache/repository';
 import type { LongCommitSha } from '../../../util/git/types';
 import * as _merge from '../init/merge';
 import { validateReconfigureBranch } from './validate';
 jest.mock('../../../util/cache/repository');
 jest.mock('../../../util/fs');
 jest.mock('../../../util/git');
 jest.mock('../init/merge');
 const cache = mocked(_cache);
 const merge = mocked(_merge);
 describe('workers/repository/reconfigure/validate', () => {
  const config: RenovateConfig = {
    branchPrefix: 'prefix/',
    baseBranch: 'base',
    statusCheckNames: partial<RenovateConfig['statusCheckNames']>({
      configValidation: 'renovate/config-validation',
    }),
  };
  beforeEach(() => {
    config.repository = 'some/repo';
    merge.detectConfigFile.mockResolvedValue('renovate.json');
    scm.branchExists.mockResolvedValue(true);
    cache.getCache.mockReturnValue({});
    git.getBranchCommit.mockReturnValue('sha' as LongCommitSha);
    fs.readLocalFile.mockResolvedValue(null);
    platform.getBranchStatusCheck.mockResolvedValue(null);
    GlobalConfig.reset();
  });
  it('logs error if config file search fails', async () => {
    const err = new Error();
    merge.detectConfigFile.mockRejectedValueOnce(err as never);
    await validateReconfigureBranch(config);
    expect(logger.error).toHaveBeenCalledWith(
      { err },
      'Error while searching for config file in reconfigure branch',
    );
  });
  it('throws error if config file not found in reconfigure branch', async () => {
    merge.detectConfigFile.mockResolvedValue(null);
    await validateReconfigureBranch(config);
    expect(logger.warn).toHaveBeenCalledWith(
      'No config file found in reconfigure branch',
    );
  });
  it('logs error if config file is unreadable', async () => {
    const err = new Error();
    fs.readLocalFile.mockRejectedValueOnce(err as never);
    await validateReconfigureBranch(config);
    expect(logger.error).toHaveBeenCalledWith(
      { err },
      'Error while reading config file',
    );
  });
  it('throws error if config file is empty', async () => {
    await validateReconfigureBranch(config);
    expect(logger.warn).toHaveBeenCalledWith('Empty or invalid config file');
  });
  it('throws error if config file content is invalid', async () => {
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "name":
        }
        `);
    await validateReconfigureBranch(config);
    expect(logger.error).toHaveBeenCalledWith(
      { err: expect.any(Object) },
      'Error while parsing config file',
    );
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Failed - Unparsable config file',
      state: 'red',
    });
  });
  it('handles failed validation', async () => {
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "enabledManagers": ["docker"]
        }
        `);
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      { errors: expect.any(String) },
      'Validation Errors',
    );
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Failed',
      state: 'red',
    });
  });
  it('adds comment if reconfigure PR exists', async () => {
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "enabledManagers": ["docker"]
        }
        `);
    platform.findPr.mockResolvedValueOnce(mock<Pr>({ number: 1 }));
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      { errors: expect.any(String) },
      'Validation Errors',
    );
    expect(platform.setBranchStatus).toHaveBeenCalled();
    expect(platform.ensureComment).toHaveBeenCalled();
  });
  it('handles successful validation', async () => {
    const pJson = `
    {
       "renovate": {
        "enabledManagers": ["npm"]
       }
    }
    `;
    merge.detectConfigFile.mockResolvedValue('package.json');
    fs.readLocalFile.mockResolvedValueOnce(pJson).mockResolvedValueOnce(pJson);
    await validateReconfigureBranch(config);
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Successful',
      state: 'green',
    });
  });
  it('skips adding status check if statusCheckNames.configValidation is null', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'new-sha',
        isConfigValid: false,
      },
    });
    await validateReconfigureBranch({
      ...config,
      statusCheckNames: partial<RenovateConfig['statusCheckNames']>({
        configValidation: null,
      }),
    });
    expect(logger.debug).toHaveBeenCalledWith(
      'Status check is null or an empty string, skipping status check addition.',
    );
    expect(platform.setBranchStatus).not.toHaveBeenCalled();
  });
  it('skips adding status check if statusCheckNames.configValidation is empty string', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'new-sha',
        isConfigValid: false,
      },
    });
    await validateReconfigureBranch({
      ...config,
      statusCheckNames: partial<RenovateConfig['statusCheckNames']>({
        configValidation: '',
      }),
    });
    expect(logger.debug).toHaveBeenCalledWith(
      'Status check is null or an empty string, skipping status check addition.',
    );
    expect(platform.setBranchStatus).not.toHaveBeenCalled();
  });
  it('skips validation if cache is valid', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'sha',
        isConfigValid: false,
      },
    });
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      'Skipping validation check as branch sha is unchanged',
    );
  });
  it('skips validation if status check present', async () => {
    cache.getCache.mockReturnValueOnce({
      reconfigureBranchCache: {
        reconfigureBranchSha: 'new_sha',
        isConfigValid: false,
      },
    });
    platform.getBranchStatusCheck.mockResolvedValueOnce('green');
    await validateReconfigureBranch(config);
    expect(logger.debug).toHaveBeenCalledWith(
      'Skipping validation check because status check already exists.',
    );
  });
  it('handles non-default config file', async () => {
    merge.detectConfigFile.mockResolvedValue('.renovaterc');
    fs.readLocalFile.mockResolvedValueOnce(`
        {
            "enabledManagers": ["npm",]
        }
        `);
    await validateReconfigureBranch(config);
    expect(platform.setBranchStatus).toHaveBeenCalledWith({
      branchName: 'prefix/reconfigure',
      context: 'renovate/config-validation',
      description: 'Validation Successful',
      state: 'green',
    });
  });
 });
--- a/lib/workers/repository/reconfigure/validate.ts
+++ b/lib/workers/repository/reconfigure/validate.ts
@ -0,0 +1,184 @@
 import is from '@sindresorhus/is';
 import JSON5 from 'json5';
 import type { RenovateConfig } from '../../../config/types';
 import { validateConfig } from '../../../config/validation';
 import { logger } from '../../../logger';
 import { platform } from '../../../modules/platform';
 import { ensureComment } from '../../../modules/platform/comment';
 import { scm } from '../../../modules/platform/scm';
 import type { BranchStatus } from '../../../types';
 import { getCache } from '../../../util/cache/repository';
 import { readLocalFile } from '../../../util/fs';
 import { getBranchCommit } from '../../../util/git';
 import { regEx } from '../../../util/regex';
 import { detectConfigFile } from '../init/merge';
 import { setReconfigureBranchCache } from './reconfigure-cache';
 import { getReconfigureBranchName } from './utils';
 async function setBranchStatus(
  branchName: string,
  description: string,
  state: BranchStatus,
  context?: string | null,
 ): Promise<void> {
  if (!is.nonEmptyString(context)) {
    // already logged this case when validating the status check
    return;
  }
  await platform.setBranchStatus({
    branchName,
    context,
    description,
    state,
  });
 }
 export async function validateReconfigureBranch(
  config: RenovateConfig,
 ): Promise<void> {
  logger.debug('validateReconfigureBranch()');
  const context = config.statusCheckNames?.configValidation;
  const branchName = getReconfigureBranchName(config.branchPrefix!);
  // look for config file
  // 1. check reconfigure branch cache and use the configFileName if it exists
  // 2. checkout reconfigure branch and look for the config file, don't assume default configFileName
  const branchSha = getBranchCommit(branchName)!;
  const cache = getCache();
  let configFileName: string | null = null;
  const reconfigureCache = cache.reconfigureBranchCache;
  // only use valid cached information
  if (reconfigureCache?.reconfigureBranchSha === branchSha) {
    logger.debug('Skipping validation check as branch sha is unchanged');
    return;
  }
  if (context) {
    const validationStatus = await platform.getBranchStatusCheck(
      branchName,
      context,
    );
    // if old status check is present skip validation
    if (is.nonEmptyString(validationStatus)) {
      logger.debug(
        'Skipping validation check because status check already exists.',
      );
      return;
    }
  } else {
    logger.debug(
      'Status check is null or an empty string, skipping status check addition.',
    );
  }
  try {
    await scm.checkoutBranch(branchName);
    configFileName = await detectConfigFile();
  } catch (err) {
    logger.error(
      { err },
      'Error while searching for config file in reconfigure branch',
    );
  }
  if (!is.nonEmptyString(configFileName)) {
    logger.warn('No config file found in reconfigure branch');
    await setBranchStatus(
      branchName,
      'Validation Failed - No config file found',
      'red',
      context,
    );
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.defaultBranch!);
    return;
  }
  let configFileRaw: string | null = null;
  try {
    configFileRaw = await readLocalFile(configFileName, 'utf8');
  } catch (err) {
    logger.error({ err }, 'Error while reading config file');
  }
  if (!is.nonEmptyString(configFileRaw)) {
    logger.warn('Empty or invalid config file');
    await setBranchStatus(
      branchName,
      'Validation Failed - Empty/Invalid config file',
      'red',
      context,
    );
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.baseBranch!);
    return;
  }
  let configFileParsed: any;
  try {
    configFileParsed = JSON5.parse(configFileRaw);
    // no need to confirm renovate field in package.json we already do it in `detectConfigFile()`
    if (configFileName === 'package.json') {
      configFileParsed = configFileParsed.renovate;
    }
  } catch (err) {
    logger.error({ err }, 'Error while parsing config file');
    await setBranchStatus(
      branchName,
      'Validation Failed - Unparsable config file',
      'red',
      context,
    );
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.baseBranch!);
    return;
  }
  // perform validation and provide a passing or failing check based on result
  const validationResult = await validateConfig('repo', configFileParsed);
  // failing check
  if (validationResult.errors.length > 0) {
    logger.debug(
      { errors: validationResult.errors.map((err) => err.message).join(', ') },
      'Validation Errors',
    );
    const reconfigurePr = await platform.findPr({
      branchName,
      state: 'open',
      includeOtherAuthors: true,
    });
    // add comment to reconfigure PR if it exists
    if (reconfigurePr) {
      let body = `There is an error with this repository's Renovate configuration that needs to be fixed.\n\n`;
      body += `Location: \`${configFileName}\`\n`;
      body += `Message: \`${validationResult.errors
        .map((e) => e.message)
        .join(', ')
        .replace(regEx(/`/g), "'")}\`\n`;
      await ensureComment({
        number: reconfigurePr.number,
        topic: 'Action Required: Fix Renovate Configuration',
        content: body,
      });
    }
    await setBranchStatus(branchName, 'Validation Failed', 'red', context);
    setReconfigureBranchCache(branchSha, false);
    await scm.checkoutBranch(config.baseBranch!);
    return;
  }
  // passing check
  await setBranchStatus(branchName, 'Validation Successful', 'green', context);
  setReconfigureBranchCache(branchSha, true);
  await scm.checkoutBranch(config.baseBranch!);
  return;
 }
--- a/tools/docker/Dockerfile
+++ b/tools/docker/Dockerfile
@ -5,19 +5,19 @@ ARG BASE_IMAGE_TYPE=slim
 # --------------------------------------
 # slim image
 # --------------------------------------
-FROM ghcr.io/renovatebot/base-image:9.28.1@sha256:d012a79a5f3dc6e6067c46016405064b30fbaaac954597318a7a2122ef807444 AS slim-base
+FROM ghcr.io/renovatebot/base-image:9.29.0@sha256:10e27273241a0ba63d3a298a7b1e178dbb75b84da6bc2ea7a71db7c9d1a4971c AS slim-base
 # --------------------------------------
 # full image
 # --------------------------------------
-FROM ghcr.io/renovatebot/base-image:9.28.1-full@sha256:422a843cbf6c1a3730fab9e89877bf04c49d329501a5b998488078cc6153fc03 AS full-base
+FROM ghcr.io/renovatebot/base-image:9.29.0-full@sha256:7b2353855c0f59b9efdb93ce9356aff5dad7d5102f8947c4ebc906855be9177c AS full-base
 ENV RENOVATE_BINARY_SOURCE=global
 # --------------------------------------
 # build image
 # --------------------------------------
-FROM --platform=$BUILDPLATFORM ghcr.io/renovatebot/base-image:9.28.1@sha256:d012a79a5f3dc6e6067c46016405064b30fbaaac954597318a7a2122ef807444 AS build
+FROM --platform=$BUILDPLATFORM ghcr.io/renovatebot/base-image:9.29.0@sha256:10e27273241a0ba63d3a298a7b1e178dbb75b84da6bc2ea7a71db7c9d1a4971c AS build
 # We want a specific node version here
 # renovate: datasource=node-version
Author	SHA1	Message	Date
Max Levine	a89fa17871	Merge `af232357ba` into `8683eeb7ad`	2025-01-08 16:15:26 +01:00
Borja Domínguez	8683eeb7ad	feat(datasource/azure-pipelines-tasks): Azure DevOps API based datasource (#32966 )	2025-01-08 16:04:34 +01:00
Mark Reuter	f97189c600	feat(bazel-module): Support `git_repository` (#33415 ) Some checks are pending Build / setup (push) Waiting to run Details Build / setup-build (push) Waiting to run Details Build / prefetch (push) Blocked by required conditions Details Build / lint-eslint (push) Blocked by required conditions Details Build / lint-prettier (push) Blocked by required conditions Details Build / lint-docs (push) Blocked by required conditions Details Build / lint-other (push) Blocked by required conditions Details Build / (push) Blocked by required conditions Details Build / codecov (push) Blocked by required conditions Details Build / coverage-threshold (push) Blocked by required conditions Details Build / test-success (push) Blocked by required conditions Details Build / build (push) Blocked by required conditions Details Build / build-docs (push) Blocked by required conditions Details Build / test-e2e (push) Blocked by required conditions Details Build / release (push) Blocked by required conditions Details Code scanning / CodeQL-Build (push) Waiting to run Details Scorecard supply-chain security / Scorecard analysis (push) Waiting to run Details whitesource-scan / WS_SCAN (push) Waiting to run Details	2025-01-08 12:34:19 +00:00
Trim21	59455c0512	feat(pre-commit): support python additional_dependencies (#33417 )	2025-01-08 12:30:31 +00:00
Maxime Brunet	147b620187	feat(poetry): support GCloud credentials for Google Artifact Registry when locking (#32586 ) Co-authored-by: Rhys Arkins <rhys@arkins.net>	2025-01-08 12:28:11 +00:00
RahulGautamSingh	39fb207a83	refactor(workers/reconfigure): update code structure (#33340 )	2025-01-08 12:18:30 +00:00
RahulGautamSingh	db31a1634c	fix(gitlab): truncate comment (#33348 )	2025-01-08 12:07:30 +00:00
RahulGautamSingh	5282f7c080	fix(github): remove deleted issue from issues cache (#33349 )	2025-01-08 11:42:12 +00:00
renovate[bot]	974a8a8b51	feat(deps): update ghcr.io/renovatebot/base-image docker tag to v9.29.0 (#33468 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-08 11:09:53 +00:00
renovate[bot]	2bfc754634	fix(deps): update ghcr.io/renovatebot/base-image docker tag to v9.28.2 (#33467 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-08 10:09:59 +00:00
lbarros-asml	0fae10626b	fix(bundler): authentication using only env vars (#33339 ) Co-authored-by: Leandro <grandinetti@gmail.com> Co-authored-by: Rhys Arkins <rhys@arkins.net>	2025-01-08 10:03:03 +00:00
Max Levine	af232357ba	docs(docker): Specify authType in code example While basic auth is mentioned above, the code example doesn't include that. My experimentation has shown that this auth doesn't work without specifying the authType as basic	2024-08-22 20:18:04 +01:00