Skip to content

Commit

Permalink
Merge branch 'main' into feat/gomodvendor
Browse files Browse the repository at this point in the history
  • Loading branch information
omercnet authored Dec 14, 2024
2 parents f63558f + 5b8942f commit 160e6ff
Show file tree
Hide file tree
Showing 44 changed files with 543 additions and 152 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
@@ -1 +1 @@
FROM ghcr.io/containerbase/devcontainer:13.4.0
FROM ghcr.io/containerbase/devcontainer:13.4.3
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7
uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
with:
languages: javascript

Expand All @@ -51,7 +51,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7
uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -65,4 +65,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7
uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: 'Upload to code-scanning'
uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
format: 'sarif'
output: 'trivy-results.sarif'

- uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7
- uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
with:
sarif_file: trivy-results.sarif
category: 'docker-image-${{ matrix.tag }}'
13 changes: 13 additions & 0 deletions docs/usage/config-overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,19 @@ Inherited config may use all Repository config settings, and any Global config o

For information on how the Mend Renovate App supports Inherited config, see the dedicated "Mend Renovate App Config" section toward the end of this page.

#### Presets handling

If the inherited config contains `extends` presets, then Renovate will:

1. Resolve the presets
1. Add the resolved preset config to the beginning of the inherited config
1. Merge the presets on top of the global config

##### You can not ignore presets from inherited config

You can _not_ use `ignorePresets` in your repository config to ignore presets _within_ inherited config.
This is because inherited config is resolved _before_ the repository config.

### Repository config

Repository config is the config loaded from a config file in the repository.
Expand Down
1 change: 1 addition & 0 deletions docs/usage/configuration-options.md
Original file line number Diff line number Diff line change
Expand Up @@ -769,6 +769,7 @@ Example:
"customManagers": [
{
"customType": "regex",
"fileMatch": ["values.yaml$"],
"matchStrings": [
"ENV .*?_VERSION=(?<currentValue>.*) # (?<datasource>.*?)/(?<depName>.*?)\\s"
]
Expand Down
4 changes: 4 additions & 0 deletions docs/usage/self-hosted-experimental.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ This includes the following:

If set to any value, Renovate will stop using the Docker Hub API (`https://hub.docker.com`) to fetch tags and instead use the normal Docker API for images pulled from `https://index.docker.io`.

## `RENOVATE_X_ENCRYPTED_STRICT`

If set to `"true"`, a config error Issue will be raised in case repository config contains `encrypted` objects without any `privateKey` defined.

## `RENOVATE_X_EXEC_GPID_HANDLE`

If set, Renovate will terminate the whole process group of a terminated child process spawned by Renovate.
Expand Down
53 changes: 0 additions & 53 deletions lib/config/__snapshots__/massage.spec.ts.snap

This file was deleted.

10 changes: 10 additions & 0 deletions lib/config/decrypt.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ describe('config/decrypt', () => {
beforeEach(() => {
config = {};
GlobalConfig.reset();
delete process.env.RENOVATE_X_ENCRYPTED_STRICT;
});

it('returns empty with no privateKey', async () => {
Expand All @@ -30,5 +31,14 @@ describe('config/decrypt', () => {
expect(res.encrypted).toBeUndefined();
expect(res.a).toBeUndefined();
});

it('throws exception if encrypted found but no privateKey', async () => {
config.encrypted = { a: '1' };
process.env.RENOVATE_X_ENCRYPTED_STRICT = 'true';

await expect(decryptConfig(config, repository)).rejects.toThrow(
'config-validation',
);
});
});
});
11 changes: 10 additions & 1 deletion lib/config/decrypt.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import is from '@sindresorhus/is';
import { CONFIG_VALIDATION } from '../constants/error-messages';
import { logger } from '../logger';
import { regEx } from '../util/regex';
import { addSecretForSanitizing } from '../util/sanitize';
Expand Down Expand Up @@ -173,7 +174,15 @@ export async function decryptConfig(
}
}
} else {
logger.error('Found encrypted data but no privateKey');
if (process.env.RENOVATE_X_ENCRYPTED_STRICT === 'true') {
const error = new Error(CONFIG_VALIDATION);
error.validationSource = 'config';
error.validationError = 'Encrypted config unsupported';
error.validationMessage = `This config contains an encrypted object at location \`$.${key}\` but no privateKey is configured. To support encrypted config, the Renovate administrator must configure a \`privateKey\` in Global Configuration.`;
throw error;
} else {
logger.error('Found encrypted data but no privateKey');
}
}
delete decryptedConfig.encrypted;
} else if (is.array(val)) {
Expand Down
27 changes: 21 additions & 6 deletions lib/config/index.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,23 @@ describe('config/index', () => {
it('merges packageRules', () => {
const parentConfig = { ...defaultConfig };
Object.assign(parentConfig, {
packageRules: [{ a: 1 }, { a: 2 }],
packageRules: [
{ matchPackageNames: ['pkg1'] },
{ matchPackageNames: ['pkg2'] },
],
});
const childConfig = {
packageRules: [{ a: 3 }, { a: 4 }],
packageRules: [
{ matchPackageNames: ['pkg3'] },
{ matchPackageNames: ['pkg4'] },
],
};
const config = mergeChildConfig(parentConfig, childConfig);
expect(config.packageRules.map((rule) => rule.a)).toMatchObject([
1, 2, 3, 4,
expect(config.packageRules).toMatchObject([
{ matchPackageNames: ['pkg1'] },
{ matchPackageNames: ['pkg2'] },
{ matchPackageNames: ['pkg3'] },
{ matchPackageNames: ['pkg4'] },
]);
});

Expand Down Expand Up @@ -95,9 +104,15 @@ describe('config/index', () => {

it('handles null child packageRules', () => {
const parentConfig = { ...defaultConfig };
parentConfig.packageRules = [{ a: 3 }, { a: 4 }];
parentConfig.packageRules = [
{ matchPackageNames: ['pkg1'] },
{ matchPackageNames: ['pkg2'] },
];
const config = mergeChildConfig(parentConfig, {});
expect(config.packageRules).toHaveLength(2);
expect(config.packageRules).toMatchObject([
{ matchPackageNames: ['pkg1'] },
{ matchPackageNames: ['pkg2'] },
]);
});

it('handles undefined childConfig', () => {
Expand Down
32 changes: 30 additions & 2 deletions lib/config/massage.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,24 @@ describe('config/massage', () => {
],
};
const res = massage.massageConfig(config);
expect(res).toMatchSnapshot();
expect(res).toEqual({
packageRules: [
{
matchPackageNames: ['foo'],
separateMajorMinor: false,
},
{
matchPackageNames: ['foo'],
matchUpdateTypes: ['minor'],
semanticCommitType: 'feat',
},
{
matchPackageNames: ['foo'],
matchUpdateTypes: ['patch'],
semanticCommitType: 'fix',
},
],
});
expect(res.packageRules).toHaveLength(3);
});

Expand Down Expand Up @@ -64,7 +81,18 @@ describe('config/massage', () => {
],
};
const res = massage.massageConfig(config);
expect(res).toMatchSnapshot();
expect(res).toEqual({
packageRules: [
{
lockFileMaintenance: {
enabled: true,
},
matchBaseBranches: ['release/ft10/1.9.x'],
matchManagers: ['helmv3'],
schedule: ['at any time'],
},
],
});
expect(res.packageRules).toHaveLength(1);
});
});
Expand Down
3 changes: 2 additions & 1 deletion lib/config/options/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ const options: RenovateOptions[] = [
subType: 'string',
globalOnly: true,
patternMatch: true,
mergeable: true,
},
{
name: 'detectGlobalManagerConfig',
Expand Down Expand Up @@ -515,7 +516,7 @@ const options: RenovateOptions[] = [
description:
'Change this value to override the default Renovate sidecar image.',
type: 'string',
default: 'ghcr.io/containerbase/sidecar:13.4.0',
default: 'ghcr.io/containerbase/sidecar:13.4.3',
globalOnly: true,
},
{
Expand Down
11 changes: 11 additions & 0 deletions lib/config/presets/internal/global.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import type { Preset } from '../types';

/* eslint sort-keys: ["error", "asc", {caseSensitive: false, natural: true}] */

export const presets: Record<string, Preset> = {
safeEnv: {
allowedEnv: ['GO*'],
description:
'Hopefully safe environment variables to allow users to configure.',
},
};
13 changes: 13 additions & 0 deletions lib/config/presets/internal/group.spec.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import { presets } from './group';

const exceptions = new Set(['monorepos', 'recommended']);

describe('config/presets/internal/group', () => {
const presetNames = Object.keys(presets).filter(
(name) => !exceptions.has(name),
);

it.each(presetNames)('group:%s contains packageRules', (name: string) => {
expect(presets[name]).toHaveProperty('packageRules');
});
});
21 changes: 13 additions & 8 deletions lib/config/presets/internal/group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -111,14 +111,19 @@ const staticGroups = {
},
fusionjs: {
description: 'Group Fusion.js packages together.',
matchPackageNames: [
'fusion-cli',
'fusion-core',
'fusion-test-utils',
'fusion-tokens',
'fusion-plugin-**',
'fusion-react**',
'fusion-apollo**',
packageRules: [
{
groupName: 'Fusion.js packages',
matchPackageNames: [
'fusion-cli',
'fusion-core',
'fusion-test-utils',
'fusion-tokens',
'fusion-plugin-**',
'fusion-react**',
'fusion-apollo**',
],
},
],
},
githubArtifactActions: {
Expand Down
3 changes: 2 additions & 1 deletion lib/config/presets/internal/index.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ describe('config/presets/internal/index', () => {
const config = await resolveConfigPresets(
massageConfig(presetConfig),
);
const res = await validateConfig('repo', config, true);
const configType = groupName === 'global' ? 'global' : 'repo';
const res = await validateConfig(configType, config, true);
expect(res.errors).toHaveLength(0);
expect(res.warnings).toHaveLength(0);
} catch (err) {
Expand Down
2 changes: 2 additions & 0 deletions lib/config/presets/internal/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import * as configPreset from './config';
import * as customManagersPreset from './custom-managers';
import * as defaultPreset from './default';
import * as dockerPreset from './docker';
import * as globalPreset from './global';
import * as groupPreset from './group';
import * as helpersPreset from './helpers';
import * as mergeConfidence from './merge-confidence';
Expand All @@ -22,6 +23,7 @@ export const groups: Record<string, Record<string, Preset>> = {
customManagers: customManagersPreset.presets,
default: defaultPreset.presets,
docker: dockerPreset.presets,
global: globalPreset.presets,
group: groupPreset.presets,
helpers: helpersPreset.presets,
mergeConfidence: mergeConfidence.presets,
Expand Down
1 change: 1 addition & 0 deletions lib/config/presets/parse.ts
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ export function parsePreset(input: string): ParsedPreset {
'customManagers',
'default',
'docker',
'global',
'group',
'helpers',
'mergeConfidence',
Expand Down
2 changes: 2 additions & 0 deletions lib/data/monorepo.json
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@
"grpc-java": "https://github.com/grpc/grpc-java",
"gstreamer-rust": "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
"guava": "https://github.com/google/guava",
"happy-dom": "https://github.com/capricorn86/happy-dom",
"Hangfire": "https://github.com/HangfireIO/Hangfire",
"hickory-dns": "https://github.com/hickory-dns/hickory-dns",
"infrastructure-ui": "https://github.com/instructure/instructure-ui",
Expand Down Expand Up @@ -360,6 +361,7 @@
"lerna-lite": "https://github.com/lerna-lite/lerna-lite",
"lexical": "https://github.com/facebook/lexical",
"linguijs": "https://github.com/lingui/js-lingui",
"linkifyjs": "https://github.com/nfrasser/linkifyjs",
"log4j2": "https://github.com/apache/logging-log4j2",
"logback": "https://github.com/qos-ch/logback",
"loopback": [
Expand Down
Loading

0 comments on commit 160e6ff

Please sign in to comment.