Merge branch 'main' into refactor/nuget-skip-version

feat(presets): Add redirect URL for SkiaSharp NuGet packages (#33452 )
fix(manager/github-actions): preserve full depName (#33450 )
2025-01-09 05:26:25 +00:00 · 2025-01-07 19:46:22 -03:00 · 2025-01-07 16:13:55 +00:00 · 2025-01-07 15:17:38 +00:00 · 2025-01-07 14:23:56 +00:00 · 2025-01-07 06:56:48 +00:00
13 changed files with 139 additions and 47 deletions
--- a/docs/usage/self-hosted-experimental.md
+++ b/docs/usage/self-hosted-experimental.md
@ -23,6 +23,13 @@ For more information see [the OpenTelemetry docs](opentelemetry.md).

 If set to any value, Renovate will always paginate requests to GitHub fully, instead of stopping after 10 pages.

+## `RENOVATE_STATIC_REPO_CONFIG`
+
+If set to a _valid_ `JSON` string containing a _valid_ Renovate configuration, it will be applied to the repository config before resolving the actual configuration file within the repository.
+
+> [!warning]
+> An invalid value will result in the scan being aborted.
+
 ## `RENOVATE_X_DOCKER_HUB_DISABLE_LABEL_LOOKUP`

 If set to any value, Renovate will skip attempting to get release labels (e.g. gitRef, sourceUrl) from manifest annotations for `https://index.docker.io`.
--- a/lib/data/monorepo.json
+++ b/lib/data/monorepo.json
@ -505,7 +505,10 @@
    "shiki": "https://github.com/shikijs/shiki",
    "shopify-app-bridge": "https://github.com/Shopify/app-bridge",
    "sitecore-jss": "https://github.com/Sitecore/jss",
-    "skiasharp": "https://github.com/mono/SkiaSharp",
+    "skiasharp": [
+      "https://github.com/mono/SkiaSharp",
+      "https://go.microsoft.com/fwlink/?linkid=868515"
+    ],
    "slack-net": "https://github.com/soxtoby/SlackNet",
    "slf4j": "https://github.com/qos-ch/slf4j",
    "slim-message-bus": "https://github.com/zarusz/SlimMessageBus",
--- a/lib/modules/datasource/docker/index.spec.ts
+++ b/lib/modules/datasource/docker/index.spec.ts
@ -98,10 +98,13 @@ describe('modules/datasource/docker/index', () => {
        .reply(200, { token: 'some-token' });

      hostRules.find.mockReturnValue({});
-      const res = await getDigest({
-        datasource: 'docker',
-        packageName: 'some-dep',
-      });
+      const res = await getDigest(
+        {
+          datasource: 'docker',
+          packageName: 'some-dep',
+        },
+        '',
+      );
      expect(res).toBe('some-digest');
    });

--- a/lib/modules/datasource/docker/index.ts
+++ b/lib/modules/datasource/docker/index.ts
@ -831,7 +831,7 @@ export class DockerDatasource extends Datasource {
      // TODO: types (#22198)
      `getDigest(${registryHost}, ${dockerRepository}, ${newValue})`,
    );
-    const newTag = newValue ?? 'latest';
+    const newTag = is.nonEmptyString(newValue) ? newValue : 'latest';
    let digest: string | null = null;
    try {
      let architecture: string | null | undefined = null;
--- a/lib/modules/manager/github-actions/extract.spec.ts
+++ b/lib/modules/manager/github-actions/extract.spec.ts
@ -467,7 +467,7 @@ describe('modules/manager/github-actions/extract', () => {
          build:
            steps:
              - name: "test1"
-                uses: https://github.com/actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # tag=v3.1.1
+                uses: https://github.com/actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # tag=v4.2.0
              - name: "test2"
                uses: https://code.forgejo.org/actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # v3.1.1
              - name: "test3"
@ -479,14 +479,18 @@ describe('modules/manager/github-actions/extract', () => {
      expect(res).toMatchObject({
        deps: [
          {
-            currentDigest: '56337c425554a6be30cdef71bf441f15be286854',
-            currentValue: 'v3.1.1',
+            depName: 'https://github.com/actions/cache',
+            packageName: 'actions/cache',
+            currentDigest: '1bd1e32a3bdc45362d1e726936510720a7c30a57',
+            currentValue: 'v4.2.0',
            replaceString:
-              'https://github.com/actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # tag=v3.1.1',
+              'https://github.com/actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # tag=v4.2.0',
            datasource: 'github-tags',
            registryUrls: ['https://github.com/'],
          },
          {
+            depName: 'https://code.forgejo.org/actions/setup-node',
+            packageName: 'actions/setup-node',
            currentDigest: '56337c425554a6be30cdef71bf441f15be286854',
            currentValue: 'v3.1.1',
            replaceString:
--- a/lib/modules/manager/github-actions/extract.ts
+++ b/lib/modules/manager/github-actions/extract.ts
@ -19,7 +19,7 @@ import type { Workflow } from './types';

 const dockerActionRe = regEx(/^\s+uses\s*: ['"]?docker:\/\/([^'"]+)\s*$/);
 const actionRe = regEx(
-  /^\s+-?\s+?uses\s*: (?<replaceString>['"]?(?<registryUrl>https:\/\/[.\w-]+\/)?(?<depName>[\w-]+\/[.\w-]+)(?<path>\/.*)?@(?<currentValue>[^\s'"]+)['"]?(?:(?<commentWhiteSpaces>\s+)#\s*(((?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?|(?:ratchet:[\w-]+\/[.\w-]+)?)@?(?<tag>([\w-]*-)?v?\d+(?:\.\d+(?:\.\d+)?)?)|(?:ratchet:exclude)))?)/,
+  /^\s+-?\s+?uses\s*: (?<replaceString>['"]?(?<depName>(?<registryUrl>https:\/\/[.\w-]+\/)?(?<packageName>[\w-]+\/[.\w-]+))(?<path>\/.*)?@(?<currentValue>[^\s'"]+)['"]?(?:(?<commentWhiteSpaces>\s+)#\s*(((?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?|(?:ratchet:[\w-]+\/[.\w-]+)?)@?(?<tag>([\w-]*-)?v?\d+(?:\.\d+(?:\.\d+)?)?)|(?:ratchet:exclude)))?)/,
 );

 // SHA1 or SHA256, see https://github.blog/2020-10-19-git-2-29-released/
@ -74,6 +74,7 @@ function extractWithRegex(
    if (tagMatch?.groups) {
      const {
        depName,
+        packageName,
        currentValue,
        path = '',
        tag,
@ -90,12 +91,13 @@ function extractWithRegex(
      }
      const dep: PackageDependency = {
        depName,
+        ...(packageName !== depName && { packageName }),
        commitMessageTopic: '{{{depName}}} action',
        datasource: GithubTagsDatasource.id,
        versioning: dockerVersioning.id,
        depType: 'action',
        replaceString,
-        autoReplaceStringTemplate: `${quotes}${registryUrl}{{depName}}${path}@{{#if newDigest}}{{newDigest}}${quotes}{{#if newValue}}${commentWhiteSpaces}# {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}${quotes}{{/unless}}`,
+        autoReplaceStringTemplate: `${quotes}{{depName}}${path}@{{#if newDigest}}{{newDigest}}${quotes}{{#if newValue}}${commentWhiteSpaces}# {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}${quotes}{{/unless}}`,
        ...(registryUrl
          ? detectDatasource(registryUrl)
          : customRegistryUrlsPackageDependency),
--- a/lib/modules/manager/gradle/parser.spec.ts
+++ b/lib/modules/manager/gradle/parser.spec.ts
@ -759,12 +759,13 @@ describe('modules/manager/gradle/parser', () => {

  describe('heuristic dependency matching', () => {
    it.each`
-      input                                  | output
-      ${'("foo", "bar", "1.2.3")'}           | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
-      ${'("foo", "bar", "1.2.3", "4.5.6")'}  | ${null}
-      ${'(["foo", "bar", "1.2.3"])'}         | ${null}
-      ${'someMethod("foo", "bar", "1.2.3")'} | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
-      ${'listOf("foo", "bar", "baz")'}       | ${null}
+      input                                                                    | output
+      ${'("foo", "bar", "1.2.3")'}                                             | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
+      ${'("foo", "bar", "1.2.3", "4.5.6")'}                                    | ${null}
+      ${'(["foo", "bar", "1.2.3"])'}                                           | ${null}
+      ${'someMethod("foo", "bar", "1.2.3")'}                                   | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
+      ${'listOf("foo", "bar", "baz")'}                                         | ${null}
+      ${'java { registerFeature(foo) { capability("foo", "bar", "1.2.3") } }'} | ${null}
    `('$input', ({ input, output }) => {
      const { deps } = parseGradle(input);
      expect(deps).toMatchObject([output].filter(is.truthy));
--- a/lib/modules/manager/gradle/parser/dependencies.ts
+++ b/lib/modules/manager/gradle/parser/dependencies.ts
@ -4,6 +4,7 @@ import type { Ctx } from '../types';
 import {
  GRADLE_PLUGINS,
  cleanupTempVars,
+  qDotOrBraceExpr,
  qTemplateString,
  qValueMatcher,
  storeInTokenMap,
@ -204,4 +205,6 @@ export const qDependencies = q.alt(
  qKotlinShortNotationDependencies,
  qKotlinMapNotationDependencies,
  qImplicitGradlePlugin,
+  // avoid heuristic matching of gradle feature variant capabilities
+  qDotOrBraceExpr('java', q.sym<Ctx>('registerFeature').tree()),
 );
--- a/lib/workers/global/config/parse/env.ts
+++ b/lib/workers/global/config/parse/env.ts
@ -121,16 +121,10 @@ export async function getConfig(
  inputEnv: NodeJS.ProcessEnv,
  configEnvKey = 'RENOVATE_CONFIG',
 ): Promise<AllConfig> {
-  let env = normalizePrefixes(inputEnv, inputEnv.ENV_PREFIX);
-  env = massageConvertedExperimentalVars(env);
-  env = renameEnvKeys(env);
-  // massage the values of migrated configuration keys
-  env = massageEnvKeyValues(env);
-
-  const options = getOptions();
-
+  const env = prepareEnv(inputEnv);
  const config = await parseAndValidateOrExit(env, configEnvKey);

+  const options = getOptions();
  config.hostRules ??= [];

  for (const option of options) {
@ -235,7 +229,15 @@ export async function getConfig(
  return config;
 }

-async function parseAndValidateOrExit(
+export function prepareEnv(inputEnv: NodeJS.ProcessEnv): NodeJS.ProcessEnv {
+  let env = normalizePrefixes(inputEnv, inputEnv.ENV_PREFIX);
+  env = massageConvertedExperimentalVars(env);
+  env = renameEnvKeys(env);
+  // massage the values of migrated configuration keys
+  return massageEnvKeyValues(env);
+}
+
+export async function parseAndValidateOrExit(
  env: NodeJS.ProcessEnv,
  configEnvKey: string,
 ): Promise<AllConfig> {
--- a/lib/workers/repository/init/config.spec.ts
+++ b/lib/workers/repository/init/config.spec.ts
@ -0,0 +1,46 @@
+import type { AllConfig } from '../../../config/types';
+import { mergeStaticRepoEnvConfig } from './config';
+
+describe('workers/repository/init/config', () => {
+  describe('mergeRepoEnvConfig()', () => {
+    type MergeRepoEnvTestCase = {
+      name: string;
+      env: NodeJS.ProcessEnv;
+      currentConfig: AllConfig;
+      wantConfig: AllConfig;
+    };
+
+    const testCases: MergeRepoEnvTestCase[] = [
+      {
+        name: 'it does nothing',
+        env: {},
+        currentConfig: { repositories: ['some/repo'] },
+        wantConfig: { repositories: ['some/repo'] },
+      },
+      {
+        name: 'it merges env with the current config',
+        env: { RENOVATE_STATIC_REPO_CONFIG: '{"dependencyDashboard":true}' },
+        currentConfig: { repositories: ['some/repo'] },
+        wantConfig: {
+          dependencyDashboard: true,
+          repositories: ['some/repo'],
+        },
+      },
+      {
+        name: 'it ignores env with other renovate specific configuration options',
+        env: { RENOVATE_CONFIG: '{"dependencyDashboard":true}' },
+        currentConfig: { repositories: ['some/repo'] },
+        wantConfig: { repositories: ['some/repo'] },
+      },
+    ];
+
+    it.each(testCases)(
+      '$name',
+      async ({ env, currentConfig, wantConfig }: MergeRepoEnvTestCase) => {
+        const got = await mergeStaticRepoEnvConfig(currentConfig, env);
+
+        expect(got).toEqual(wantConfig);
+      },
+    );
+  });
+});
--- a/lib/workers/repository/init/config.ts
+++ b/lib/workers/repository/init/config.ts
@ -1,4 +1,7 @@
-import type { RenovateConfig } from '../../../config/types';
+import is from '@sindresorhus/is';
+import { mergeChildConfig } from '../../../config';
+import type { AllConfig, RenovateConfig } from '../../../config/types';
+import { parseAndValidateOrExit } from '../../global/config/parse/env';
 import { checkOnboardingBranch } from '../onboarding/branch';
 import { mergeInheritedConfig } from './inherited';
 import { mergeRenovateConfig } from './merge';
@ -10,7 +13,24 @@ export async function getRepoConfig(
  let config = { ...config_ };
  config.baseBranch = config.defaultBranch;
  config = await mergeInheritedConfig(config);
+  config = await mergeStaticRepoEnvConfig(config, process.env);
  config = await checkOnboardingBranch(config);
  config = await mergeRenovateConfig(config);
  return config;
 }
+
+export async function mergeStaticRepoEnvConfig(
+  config: AllConfig,
+  env: NodeJS.ProcessEnv,
+): Promise<AllConfig> {
+  const repoEnvConfig = await parseAndValidateOrExit(
+    env,
+    'RENOVATE_STATIC_REPO_CONFIG',
+  );
+
+  if (!is.nonEmptyObject(repoEnvConfig)) {
+    return config;
+  }
+
+  return mergeChildConfig(config, repoEnvConfig);
+}
--- a/package.json
+++ b/package.json
@ -250,7 +250,7 @@
    "validate-npm-package-name": "6.0.0",
    "vuln-vects": "1.1.0",
    "xmldoc": "1.3.0",
-    "yaml": "2.6.1",
+    "yaml": "2.7.0",
    "zod": "3.24.1"
  },
  "optionalDependencies": {
@ -335,7 +335,7 @@
    "jest-mock": "29.7.0",
    "jest-mock-extended": "3.0.7",
    "jest-snapshot": "29.7.0",
-    "markdownlint-cli2": "0.17.0",
+    "markdownlint-cli2": "0.17.1",
    "memfs": "4.15.2",
    "nock": "13.5.6",
    "npm-run-all2": "7.0.2",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -333,8 +333,8 @@ importers:
        specifier: 1.3.0
        version: 1.3.0
      yaml:
-        specifier: 2.6.1
-        version: 2.6.1
+        specifier: 2.7.0
+        version: 2.7.0
      zod:
        specifier: 3.24.1
        version: 3.24.1
@ -578,8 +578,8 @@ importers:
        specifier: 29.7.0
        version: 29.7.0
      markdownlint-cli2:
-        specifier: 0.17.0
-        version: 0.17.0
+        specifier: 0.17.1
+        version: 0.17.1
      memfs:
        specifier: 4.15.2
        version: 4.15.2
@ -4509,13 +4509,13 @@ packages:
    peerDependencies:
      markdownlint-cli2: '>=0.0.4'

-  markdownlint-cli2@0.17.0:
-    resolution: {integrity: sha512-8Xz7wkkkV4wJTf+pvryU3J/fT3BZWD3ZykcjYBR0GuH0GHvrCbswaCdurbuUuAPDGFZy4cxBGYCJSAOW8jM4aQ==}
+  markdownlint-cli2@0.17.1:
+    resolution: {integrity: sha512-n1Im9lhKJJE12/u2N0GWBwPqeb0HGdylN8XpSFg9hbj35+QalY9Vi6mxwUQdG6wlSrrIq9ZDQ0Q85AQG9V2WOg==}
    engines: {node: '>=18'}
    hasBin: true

-  markdownlint@0.37.2:
-    resolution: {integrity: sha512-m8QhYnRA1ptbhIjhVVBUkKQcUelVxuyO/yXyLewnc1+xs4eXhST/+hIy29goO+EYVLmWtknH4SmYQ4s0caoKqw==}
+  markdownlint@0.37.3:
+    resolution: {integrity: sha512-eoQqH0291YCCjd+Pe1PUQ9AmWthlVmS0XWgcionkZ8q34ceZyRI+pYvsWksXJJL8OBkWCPwp1h/pnXxrPFC4oA==}
    engines: {node: '>=18'}

  marked-terminal@7.2.1:
@ -6352,8 +6352,8 @@ packages:
    resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==}
    engines: {node: '>=18'}

-  yaml@2.6.1:
-    resolution: {integrity: sha512-7r0XPzioN/Q9kXBro/XPnA6kznR73DHq+GXh5ON7ZozRO6aMjbmiBuKste2wslTFkC5d1dw0GooOCepZXJ2SAg==}
+  yaml@2.7.0:
+    resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==}
    engines: {node: '>= 14'}
    hasBin: true

@ -11690,25 +11690,26 @@ snapshots:
    dependencies:
      repeat-string: 1.6.1

-  markdownlint-cli2-formatter-default@0.0.5(markdownlint-cli2@0.17.0):
+  markdownlint-cli2-formatter-default@0.0.5(markdownlint-cli2@0.17.1):
    dependencies:
-      markdownlint-cli2: 0.17.0
+      markdownlint-cli2: 0.17.1

-  markdownlint-cli2@0.17.0:
+  markdownlint-cli2@0.17.1:
    dependencies:
      globby: 14.0.2
      js-yaml: 4.1.0
      jsonc-parser: 3.3.1
-      markdownlint: 0.37.2
-      markdownlint-cli2-formatter-default: 0.0.5(markdownlint-cli2@0.17.0)
+      markdownlint: 0.37.3
+      markdownlint-cli2-formatter-default: 0.0.5(markdownlint-cli2@0.17.1)
      micromatch: 4.0.8
    transitivePeerDependencies:
      - supports-color

-  markdownlint@0.37.2:
+  markdownlint@0.37.3:
    dependencies:
      markdown-it: 14.1.0
      micromark: 4.0.1
+      micromark-core-commonmark: 2.0.2
      micromark-extension-directive: 3.0.2
      micromark-extension-gfm-autolink-literal: 2.1.0
      micromark-extension-gfm-footnote: 2.1.0
@ -13787,7 +13788,7 @@ snapshots:

  yallist@5.0.0: {}

-  yaml@2.6.1: {}
+  yaml@2.7.0: {}

  yargs-parser@18.1.3:
    dependencies:
Author	SHA1	Message	Date
Sergei Zharinov	52a732473a	Merge branch 'main' into refactor/nuget-skip-version	2025-01-07 19:46:22 -03:00
Pascal Berger	2c75a8d4f7	feat(presets): Add redirect URL for SkiaSharp NuGet packages (#33452 ) Some checks are pending Build / setup-build (push) Waiting to run Details Build / setup (push) Waiting to run Details Build / prefetch (push) Blocked by required conditions Details Build / lint-eslint (push) Blocked by required conditions Details Build / lint-prettier (push) Blocked by required conditions Details Build / lint-docs (push) Blocked by required conditions Details Build / lint-other (push) Blocked by required conditions Details Build / (push) Blocked by required conditions Details Build / codecov (push) Blocked by required conditions Details Build / coverage-threshold (push) Blocked by required conditions Details Build / test-success (push) Blocked by required conditions Details Build / build (push) Blocked by required conditions Details Build / build-docs (push) Blocked by required conditions Details Build / test-e2e (push) Blocked by required conditions Details Build / release (push) Blocked by required conditions Details Code scanning / CodeQL-Build (push) Waiting to run Details Scorecard supply-chain security / Scorecard analysis (push) Waiting to run Details whitesource-scan / WS_SCAN (push) Waiting to run Details	2025-01-07 16:13:55 +00:00
Michael Kriese	ac9ddf3266	fix(manager/github-actions): preserve full depName (#33450 )	2025-01-07 15:17:38 +00:00
Michael Kriese	37c05dc72f	fix(datasource/docker): handle empty `newValue` in `getDigest` (#33449 )	2025-01-07 14:23:56 +00:00
Gabriel-Ladzaretti	19a99d2ca9	feat(config): add repo phase enviorment config (#33360 ) Some checks are pending Build / setup (push) Waiting to run Details Build / setup-build (push) Waiting to run Details Build / prefetch (push) Blocked by required conditions Details Build / lint-eslint (push) Blocked by required conditions Details Build / lint-prettier (push) Blocked by required conditions Details Build / lint-docs (push) Blocked by required conditions Details Build / lint-other (push) Blocked by required conditions Details Build / (push) Blocked by required conditions Details Build / codecov (push) Blocked by required conditions Details Build / coverage-threshold (push) Blocked by required conditions Details Build / test-success (push) Blocked by required conditions Details Build / build (push) Blocked by required conditions Details Build / build-docs (push) Blocked by required conditions Details Build / test-e2e (push) Blocked by required conditions Details Build / release (push) Blocked by required conditions Details Code scanning / CodeQL-Build (push) Waiting to run Details Scorecard supply-chain security / Scorecard analysis (push) Waiting to run Details whitesource-scan / WS_SCAN (push) Waiting to run Details	2025-01-07 06:56:48 +00:00
Johannes Feichtner	80faed3ffe	fix(gradle): avoid heuristic matching of gradle feature variant capabilities (#33438 )	2025-01-07 06:53:48 +00:00
renovate[bot]	a8766ee50b	chore(deps): update dependency markdownlint-cli2 to v0.17.1 (#33441 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-07 05:17:14 +00:00
renovate[bot]	bbc4fb8bb9	build(deps): update dependency yaml to v2.7.0 (#33440 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-07 05:11:10 +00:00