Merge branch 'main' into refactor/vulnerability-fix-version

renovatebot · Sep 18, 2024 · d0452c3 · d0452c3
2 parents 9ee228e + 1056d1a
commit d0452c3
Show file tree

Hide file tree

Showing 18 changed files with 436 additions and 133 deletions.
diff --git a/docs/usage/assets/images/mend-renovate-cli-banner.jpg b/docs/usage/assets/images/mend-renovate-cli-banner.jpg
diff --git a/lib/data/monorepo.json b/lib/data/monorepo.json
@@ -32,6 +32,7 @@
     "aspnet-api-versioning": "https://github.com/Microsoft/aspnet-api-versioning",
     "aspnet-health-checks": "https://github.com/xabaril/AspNetCore.Diagnostics.HealthChecks",
     "astro": "https://github.com/withastro/astro",
+    "autofixture": "https://github.com/AutoFixture/AutoFixture",
     "automapper-dotnet": [
       "https://github.com/AutoMapper/AutoMapper",
       "https://github.com/AutoMapper/AutoMapper.Extensions.Microsoft.DependencyInjection"
@@ -516,6 +517,7 @@
     "typefaces": "https://github.com/KyleAMathews/typefaces",
     "typescript-eslint": "https://github.com/typescript-eslint/typescript-eslint",
     "typography-js": "https://github.com/KyleAMathews/typography.js",
+    "unhead": "https://github.com/unjs/unhead",
     "unocss": "https://github.com/unocss/unocss",
     "uppy": "https://github.com/transloadit/uppy",
     "vaadinWebComponents": "https://github.com/vaadin/web-components",
@@ -525,6 +527,7 @@
     "vue": ["https://github.com/vuejs/vue", "https://github.com/vuejs/core"],
     "vue-cli": "https://github.com/vuejs/vue-cli",
     "vuepress": "https://github.com/vuejs/vuepress",
+    "vueuse": "https://github.com/vueuse/vueuse",
     "weasel": "https://github.com/JasperFx/weasel",
     "web3-react": "https://github.com/Uniswap/web3-react",
     "webdriverio": "https://github.com/webdriverio/webdriverio",

diff --git a/lib/modules/datasource/deb/readme.md b/lib/modules/datasource/deb/readme.md
@@ -1,14 +1,27 @@
-The Debian datasource enables Renovate to update packages from Debian repositories. It is ideal for projects that depend on Debian-based systems or distributions. You will need to combine Debian datasource with [regex managers](../../manager/regex/index.md) to update dependencies.
+Renovate uses the Debian datasource to update packages from Debian repositories.
+The `debian` datasource is meant for projects that:
 
-**Registry URL**
-To use a Debian repository with the datasource, you need a properly formatted URL with specific query parameters:
+- depend on Debian-based systems, or
+- depend on Debian-based distributions, like Ubuntu
+
+By default, Renovate does not detect Debian dependencies.
+For Renovate to update dependencies, you must combine the Debian datasource with [regex managers](../../manager/regex/index.md).
+
+## Set URL when using a Debian repository
+
+To use a Debian repository with the datasource, you must set a properly formatted URL with specific query parameters as `registryUrl`:
 
 - `components`: Comma-separated list of repository components (e.g., `main,contrib,non-free`).
 - `binaryArch`: Architecture of the binary packages (e.g., `amd64`,`all`).
 - Either `suite` or `release`:
   - `suite`: A rolling release alias like `stable`.
   - `release`: A fixed release name such as `bullseye` or `buster`.
 
+<!-- prettier-ignore -->
+!!! note
+  These parameters are used to give Renovate context and are not directly used to call the repository.
+  Therefore, the `registryUrl` has not to be a valid URL for a repository.
+
 **Example**:
 
 ```
@@ -17,7 +30,7 @@ https://deb.debian.org/debian?suite=stable&components=main,contrib,non-free&bina
 
 This URL points to the `stable` suite of the Debian repository for `amd64` architecture, including `main`, `contrib`, and `non-free` components.
 
-**Usage Example**
+## Usage Example
 
 Say you're using apt packages in a Dockerfile and want to update them.
 With the debian datasource you can "pin" each dependency, and get automatic updates.
@@ -32,8 +45,9 @@ First you would set a custom manager in your `renovate.json` file for `Dockerfil
       "customType": "regex",
       "fileMatch": ["^Dockerfile$"],
       "matchStrings": [
-        "#\\s*renovate:\\s*?depName=(?<depName>.*?)?\\sENV .*?_VERSION=\"(?<currentValue>.*)\"\\s"
+        "#\\s*renovate:\\s*?(release=(?<release>.*?))?\\s*depName=(?<depName>.*?)?\\sENV .*?_VERSION=\"(?<currentValue>.*)\""
       ],
+      "registryUrlTemplate": "https://deb.debian.org/debian?{{#if release }}release={{release}}{{else}}suite=stable{{/if}}&components=main,contrib,non-free&binaryArch=amd64",
       "datasourceTemplate": "deb"
     }
   ]
@@ -45,7 +59,7 @@ Then you would put comments in your Dockerfile, to tell Renovate where to find t
 ```dockerfile
 FROM debian:bullseye
 
-# renovate: depName=gcc-11
+# renovate: release=bullseye depName=gcc-11
 ENV GCC_VERSION="11.2.0-19"
 
 RUN apt-get update && \
@@ -55,3 +69,57 @@ RUN apt-get update && \
 ```
 
 When the apt package for `gcc` is updated, Renovate updates the environment variable.
+
+```json title="Override deb registryUrl with a packageRules entry"
+{
+  "packageRules": [
+    {
+      "matchDatasources": ["deb"],
+      "matchPackageNames": ["gcc-11"],
+      "registryUrls": [
+        "https://deb.debian.org/debian?suite=stable&components=main,contrib,non-free&binaryArch=amd64"
+      ]
+    }
+  ]
+}
+```
+
+## Artifactory
+
+The Debian datasource can be used with Artifactory.
+
+### Supported repository types
+
+The `debian` datasource supports these repository types:
+
+- virtual
+- local
+- remote
+
+### Set a `registryUrl`
+
+To use Artifactory, first configure the `deb` datasource by setting the `registryUrl`.
+
+```title="Example of valid registryUrl format"
+https://<host>:<port>/artifactory/<repository-slug>?release=<release>&components=<components>&binaryArch=<binaryArch>
+https://artifactory.example.com:443/artifactory/debian?release=bookworm&components=main,contrib,non-free&binaryArch=amd64
+```
+
+### Authenticating to Artifactory
+
+If Artifactory asks for authentication, you must set up a host rule.
+First, generate a password for Renovate with Artifactory's "Set Me Up" feature.
+Then, add the following configuration:
+
+```json title="Example Artifactory host rule configuration, with username and password"
+{
+  "hostRules": [
+    {
+      "hostType": "deb",
+      "matchHost": "https://artifactory.example.com:443/artifactory/debian",
+      "username": "myuser",
+      "password": "< the generated password >"
+    }
+  ]
+}
+```
diff --git a/lib/modules/datasource/index.ts b/lib/modules/datasource/index.ts
@@ -8,6 +8,7 @@ import { coerceArray } from '../../util/array';
 import * as memCache from '../../util/cache/memory';
 import * as packageCache from '../../util/cache/package';
 import { clone } from '../../util/clone';
+import { filterMap } from '../../util/filter-map';
 import { AsyncResult, Result } from '../../util/result';
 import { DatasourceCacheStats } from '../../util/stats';
 import { trimTrailingSlash } from '../../util/url';
@@ -161,53 +162,63 @@ async function mergeRegistries(
   registryUrls: string[],
 ): Promise<ReleaseResult | null> {
   let combinedRes: ReleaseResult | undefined;
-  let caughtError: Error | undefined;
+  let lastErr: Error | undefined;
+  let commonRegistryUrl = true;
   for (const registryUrl of registryUrls) {
     try {
       const res = await getRegistryReleases(datasource, config, registryUrl);
       if (!res) {
         continue;
       }
-      if (combinedRes) {
-        for (const existingRelease of coerceArray(combinedRes.releases)) {
-          existingRelease.registryUrl ??= combinedRes.registryUrl;
-        }
-        for (const additionalRelease of coerceArray(res.releases)) {
-          additionalRelease.registryUrl = res.registryUrl;
-        }
-        combinedRes = { ...res, ...combinedRes };
-        delete combinedRes.registryUrl;
-        combinedRes.releases = [...combinedRes.releases, ...res.releases];
-      } else {
+
+      if (!combinedRes) {
         combinedRes = res;
+        continue;
+      }
+
+      if (commonRegistryUrl) {
+        for (const release of coerceArray(combinedRes.releases)) {
+          release.registryUrl ??= combinedRes.registryUrl;
+        }
+        commonRegistryUrl = false;
+      }
+
+      const releases = coerceArray(res.releases);
+      for (const release of releases) {
+        release.registryUrl ??= res.registryUrl;
       }
+
+      combinedRes.releases.push(...releases);
+      combinedRes = { ...res, ...combinedRes };
+      delete combinedRes.registryUrl;
     } catch (err) {
       if (err instanceof ExternalHostError) {
         throw err;
       }
-      // We'll always save the last-thrown error
-      caughtError = err;
+
+      lastErr = err;
       logger.trace({ err }, 'datasource merge failure');
     }
   }
-  // De-duplicate releases
-  if (combinedRes?.releases?.length) {
-    const seenVersions = new Set<string>();
-    combinedRes.releases = combinedRes.releases.filter((release) => {
-      if (seenVersions.has(release.version)) {
-        return false;
-      }
-      seenVersions.add(release.version);
-      return true;
-    });
-  }
-  if (combinedRes) {
-    return combinedRes;
-  }
-  if (caughtError) {
-    throw caughtError;
+
+  if (!combinedRes) {
+    if (lastErr) {
+      throw lastErr;
+    }
+
+    return null;
   }
-  return null;
+
+  const seenVersions = new Set<string>();
+  combinedRes.releases = filterMap(combinedRes.releases, (release) => {
+    if (seenVersions.has(release.version)) {
+      return null;
+    }
+    seenVersions.add(release.version);
+    return release;
+  });
+
+  return combinedRes;
 }
 
 function massageRegistryUrls(registryUrls: string[]): string[] {

diff --git a/lib/modules/manager/gradle-wrapper/util.spec.ts b/lib/modules/manager/gradle-wrapper/util.spec.ts
@@ -2,7 +2,6 @@ import type { Stats } from 'node:fs';
 import os from 'node:os';
 import { codeBlock } from 'common-tags';
 import { fs, partial } from '../../../../test/util';
-import { GlobalConfig } from '../../../config/global';
 import {
   extractGradleVersion,
   getJavaConstraint,
@@ -15,37 +14,27 @@ const platform = jest.spyOn(os, 'platform');
 jest.mock('../../../util/fs');
 
 describe('modules/manager/gradle-wrapper/util', () => {
-  beforeEach(() => GlobalConfig.reset());
-
   describe('getJavaConstraint()', () => {
-    it('return ^8.0.0 for global mode', async () => {
-      expect(await getJavaConstraint('4', '')).toBe('^8.0.0');
-    });
-
-    it('return ^11.0.0 for docker mode and undefined gradle', async () => {
-      GlobalConfig.set({ binarySource: 'docker' });
-      expect(await getJavaConstraint('', '')).toBe('^11.0.0');
-    });
-
-    it('return ^8.0.0 for docker gradle < 5', async () => {
-      GlobalConfig.set({ binarySource: 'docker' });
-      expect(await getJavaConstraint('4.9', '')).toBe('^8.0.0');
-    });
-
-    it('return ^11.0.0 for docker gradle >=5 && <7', async () => {
-      GlobalConfig.set({ binarySource: 'docker' });
-      expect(await getJavaConstraint('6.0', '')).toBe('^11.0.0');
-    });
-
-    it('return ^16.0.0 for docker gradle >= 7', async () => {
-      GlobalConfig.set({ binarySource: 'docker' });
-      expect(await getJavaConstraint('7.0.1', '')).toBe('^16.0.0');
-    });
-
-    it('return ^17.0.0 for docker gradle >= 7.3', async () => {
-      GlobalConfig.set({ binarySource: 'docker' });
-      expect(await getJavaConstraint('7.3.0', '')).toBe('^17.0.0');
-      expect(await getJavaConstraint('8.0.1', '')).toBe('^17.0.0');
+    describe('returns Java constraint based on gradle support', () => {
+      it.each`
+        gradleVersion | javaConstraint
+        ${''}         | ${'^11.0.0'}
+        ${'4'}        | ${'^8.0.0'}
+        ${'4.9'}      | ${'^8.0.0'}
+        ${'6.0'}      | ${'^11.0.0'}
+        ${'7.0.1'}    | ${'^16.0.0'}
+        ${'7.3.0'}    | ${'^17.0.0'}
+        ${'8.0.1'}    | ${'^17.0.0'}
+        ${'8.5.0'}    | ${'^21.0.0'}
+        ${'9.0.1'}    | ${'^21.0.0'}
+      `(
+        '$gradleVersion | $javaConstraint',
+        async ({ gradleVersion, javaConstraint }) => {
+          expect(await getJavaConstraint(gradleVersion, '')).toBe(
+            javaConstraint,
+          );
+        },
+      );
     });
 
     it('returns toolChainVersion constraint if daemon JVM configured', async () => {
@@ -79,9 +68,24 @@ describe('modules/manager/gradle-wrapper/util', () => {
   });
 
   describe('extractGradleVersion()', () => {
-    it('works for undefined', () => {
-      // TODO #22198
-      expect(extractGradleVersion(undefined as never)).toBeNull();
+    it('returns null', () => {
+      const properties = codeBlock`
+        distributionSha256Sum=038794feef1f4745c6347107b6726279d1c824f3fc634b60f86ace1e9fbd1768
+        zipStoreBase=GRADLE_USER_HOME
+      `;
+      expect(extractGradleVersion(properties)).toBeNull();
+    });
+
+    it('returns gradle version', () => {
+      const properties = codeBlock`
+        distributionSha256Sum=038794feef1f4745c6347107b6726279d1c824f3fc634b60f86ace1e9fbd1768
+        distributionUrl=https\\://services.gradle.org/distributions/gradle-6.3-bin.zip
+        zipStoreBase=GRADLE_USER_HOME
+      `;
+      expect(extractGradleVersion(properties)).toStrictEqual({
+        url: 'https\\://services.gradle.org/distributions/gradle-6.3-bin.zip',
+        version: '6.3',
+      });
     });
   });