renovate 40.0.8 → 40.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/decrypt.d.ts +2 -1
- package/dist/config/decrypt.js +13 -8
- package/dist/config/decrypt.js.map +1 -1
- package/dist/config/global.js +0 -2
- package/dist/config/global.js.map +1 -1
- package/dist/config/types.d.ts +2 -2
- package/dist/config/types.js.map +1 -1
- package/dist/workers/global/config/parse/index.js +5 -0
- package/dist/workers/global/config/parse/index.js.map +1 -1
- package/package.json +3 -3
package/dist/config/decrypt.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type { RenovateConfig } from './types';
|
|
2
|
-
export declare function
|
|
2
|
+
export declare function setPrivateKeys(pKey: string | undefined, pKeyOld: string | undefined): void;
|
|
3
|
+
export declare function tryDecrypt(key: string, encryptedStr: string, repository: string, keyName: string): Promise<string | null>;
|
|
3
4
|
export declare function validateDecryptedValue(decryptedObjStr: string, repository: string): string | null;
|
|
4
5
|
export declare function decryptConfig(config: RenovateConfig, repository: string, existingPath?: string): Promise<RenovateConfig>;
|
|
5
6
|
export declare function getAzureCollection(): string | undefined;
|
package/dist/config/decrypt.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.setPrivateKeys = setPrivateKeys;
|
|
3
4
|
exports.tryDecrypt = tryDecrypt;
|
|
4
5
|
exports.validateDecryptedValue = validateDecryptedValue;
|
|
5
6
|
exports.decryptConfig = decryptConfig;
|
|
@@ -16,23 +17,29 @@ const legacy_1 = require("./decrypt/legacy");
|
|
|
16
17
|
const openpgp_1 = require("./decrypt/openpgp");
|
|
17
18
|
const global_1 = require("./global");
|
|
18
19
|
const schema_1 = require("./schema");
|
|
19
|
-
|
|
20
|
+
let privateKey;
|
|
21
|
+
let privateKeyOld;
|
|
22
|
+
function setPrivateKeys(pKey, pKeyOld) {
|
|
23
|
+
privateKey = pKey;
|
|
24
|
+
privateKeyOld = pKeyOld;
|
|
25
|
+
}
|
|
26
|
+
async function tryDecrypt(key, encryptedStr, repository, keyName) {
|
|
20
27
|
let decryptedStr = null;
|
|
21
|
-
if (
|
|
28
|
+
if (key?.startsWith('-----BEGIN PGP PRIVATE KEY BLOCK-----')) {
|
|
22
29
|
const decryptedObjStr = process.env.RENOVATE_X_USE_OPENPGP === 'true'
|
|
23
|
-
? await (0, openpgp_1.tryDecryptOpenPgp)(
|
|
24
|
-
: await (0, kbpgp_1.tryDecryptKbPgp)(
|
|
30
|
+
? await (0, openpgp_1.tryDecryptOpenPgp)(key, encryptedStr)
|
|
31
|
+
: await (0, kbpgp_1.tryDecryptKbPgp)(key, encryptedStr);
|
|
25
32
|
if (decryptedObjStr) {
|
|
26
33
|
decryptedStr = validateDecryptedValue(decryptedObjStr, repository);
|
|
27
34
|
}
|
|
28
35
|
}
|
|
29
36
|
else {
|
|
30
|
-
decryptedStr = (0, legacy_1.tryDecryptPublicKeyDefault)(
|
|
37
|
+
decryptedStr = (0, legacy_1.tryDecryptPublicKeyDefault)(key, encryptedStr);
|
|
31
38
|
if (is_1.default.string(decryptedStr)) {
|
|
32
39
|
logger_1.logger.warn({ keyName }, 'Encrypted value is using deprecated default padding, please change to using PGP encryption.');
|
|
33
40
|
}
|
|
34
41
|
else {
|
|
35
|
-
decryptedStr = (0, legacy_1.tryDecryptPublicKeyPKCS1)(
|
|
42
|
+
decryptedStr = (0, legacy_1.tryDecryptPublicKeyPKCS1)(key, encryptedStr);
|
|
36
43
|
/* v8 ignore start -- not testable */
|
|
37
44
|
if (is_1.default.string(decryptedStr)) {
|
|
38
45
|
logger_1.logger.warn({ keyName }, 'Encrypted value is using deprecated PKCS1 padding, please change to using PGP encryption.');
|
|
@@ -110,8 +117,6 @@ function validateDecryptedValue(decryptedObjStr, repository) {
|
|
|
110
117
|
async function decryptConfig(config, repository, existingPath = '$') {
|
|
111
118
|
logger_1.logger.trace({ config }, 'decryptConfig()');
|
|
112
119
|
const decryptedConfig = { ...config };
|
|
113
|
-
const privateKey = global_1.GlobalConfig.get('privateKey');
|
|
114
|
-
const privateKeyOld = global_1.GlobalConfig.get('privateKeyOld');
|
|
115
120
|
for (const [key, val] of Object.entries(config)) {
|
|
116
121
|
if (key === 'encrypted' && is_1.default.object(val)) {
|
|
117
122
|
const path = `${existingPath}.${key}`;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../lib/config/decrypt.ts"],"names":[],"mappings":";;AAgBA,gCAmCC;AAED,wDAqFC;AAED,sCA8FC;AAED,gDAyBC;;AArQD,kEAAkC;AAClC,gEAAgE;AAChE,sCAAmC;AACnC,yCAAsC;AACtC,+CAA0D;AAC1D,qCAAyE;AACzE,2CAAkD;AAClD,6CAG0B;AAC1B,+CAAsD;AACtD,qCAAwC;AACxC,qCAA2C;AAGpC,KAAK,UAAU,UAAU,CAC9B,UAAkB,EAClB,YAAoB,EACpB,UAAkB,EAClB,OAAe;IAEf,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,UAAU,EAAE,UAAU,CAAC,uCAAuC,CAAC,EAAE,CAAC;QACpE,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM;YAC3C,CAAC,CAAC,MAAM,IAAA,2BAAiB,EAAC,UAAU,EAAE,YAAY,CAAC;YACnD,CAAC,CAAC,MAAM,IAAA,uBAAe,EAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACtD,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,GAAG,sBAAsB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,YAAY,GAAG,IAAA,mCAA0B,EAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACpE,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,6FAA6F,CAC9F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,IAAA,iCAAwB,EAAC,UAAU,EAAE,YAAY,CAAC,CAAC;YAClE,qCAAqC;YACrC,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,2FAA2F,CAC5F,CAAC;YACJ,CAAC;YACD,oBAAoB;QACtB,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAgB,sBAAsB,CACpC,eAAuB,EACvB,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,wBAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAChE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,mCAAmC,CAAC;YAC5D,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEhD,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;QAC7C,IAAI,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;YACvC,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,IAAI,UAAU,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACpE,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,WAAW,GAAG,GAAG;aACpB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;aAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,yBAAmB,EAAC,CAAC,CAAC,CAAC,CAAC;QAEtC,IAAI,YAAE,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAChD,GAAG,SAAS,GAAG,IAAI,EAAE,CAAC,WAAW,EAAE,CACpC,CAAC;YACF,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;gBAC9B,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;oBACtC,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,EACf,4CAA4C,CAC7C,CAAC;YACF,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,KAAK,CAAC,eAAe,GAAG,0DAA0D,WAAW,IAAI,CAAC;YAClG,MAAM,KAAK,CAAC;QACd,CAAC;QAED,4BAA4B;QAC5B,MAAM,KAAK,GACT,eAAe,KAAK,SAAS;YAC3B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAA,yBAAmB,EAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;QACzD,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC9B,IACE,WAAW,CAAC,IAAI,CACd,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,SAAS,KAAK,KAAK,CAC/D,EACD,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,EAAE,qCAAqC,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,KAAK,CAAC,eAAe,GAAG,mDAAmD,WAAW,IAAI,CAAC;QAC3F,MAAM,KAAK,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,kCAAkC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,UAAkB,EAClB,YAAY,GAAG,GAAG;IAElB,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC5C,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IACtC,MAAM,UAAU,GAAG,qBAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,qBAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACxD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,GAAG,KAAK,WAAW,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,6BAA6B,IAAI,EAAE,CAAC,CAAC;YAEnE,MAAM,gBAAgB,GAAG,qBAAY,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAC9D,IAAI,YAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAChC,eAAM,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrC,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC/C,eAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBACrD,IAAI,YAAY,GAAG,MAAM,UAAU,CACjC,UAAU,EACV,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACF,IAAI,aAAa,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACtD,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;wBACvD,YAAY,GAAG,MAAM,UAAU,CAC7B,aAAa,EACb,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACJ,CAAC;oBACD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACrC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;wBAC7C,KAAK,CAAC,eAAe,GAAG,2BAA2B,IAAI,oCAAoC,CAAC;wBAC5F,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,eAAM,CAAC,KAAK,CAAC,aAAa,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBAC7C,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;wBACxB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAA,aAAK,EAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;wBACrD,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;wBAC9B,IAAA,iCAAsB,EAAC,KAAK,CAAC,CAAC;oBAChC,CAAC;yBAAM,CAAC;wBACN,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;wBACrC,IAAA,iCAAsB,EAAC,YAAY,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,MAAM,EAAE,CAAC;oBACvD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,kCAAiB,CAAC,CAAC;oBAC3C,KAAK,CAAC,gBAAgB,GAAG,QAAQ,CAAC;oBAClC,KAAK,CAAC,eAAe,GAAG,8BAA8B,CAAC;oBACvD,KAAK,CAAC,iBAAiB,GAAG,4DAA4D,GAAG,sJAAsJ,CAAC;oBAChP,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;wBACvC,KAAK,CAAC,iBAAiB,GAAG;;;+FAGyD,CAAC;oBACtF,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC,SAAS,CAAC;QACnC,CAAC;aAAM,IAAI,YAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1C,IAAI,YAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,IAAI,KAAK,GAAG,CAAC;oBAC/C,eAAe,CAAC,GAAG,CAAsB,CAAC,IAAI,CAC7C,MAAM,aAAa,CAAC,IAAsB,EAAE,UAAU,EAAE,IAAI,CAAC,CAC9D,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACL,eAAe,CAAC,GAAG,CAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAe,CAAC,GAAG,CAAC,GAAG,MAAM,aAAa,CACxC,GAAqB,EACrB,UAAU,EACV,IAAI,CACL,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAC,SAAS,CAAC;IACjC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAgB,kBAAkB;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,oBAAoB;QACpB,eAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,IAAA,iBAAW,EAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;QACxC,eAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,sBAAsB;QACtB,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { CONFIG_VALIDATION } from '../constants/error-messages';\nimport { logger } from '../logger';\nimport { regEx } from '../util/regex';\nimport { addSecretForSanitizing } from '../util/sanitize';\nimport { ensureTrailingSlash, parseUrl, trimSlashes } from '../util/url';\nimport { tryDecryptKbPgp } from './decrypt/kbpgp';\nimport {\n tryDecryptPublicKeyDefault,\n tryDecryptPublicKeyPKCS1,\n} from './decrypt/legacy';\nimport { tryDecryptOpenPgp } from './decrypt/openpgp';\nimport { GlobalConfig } from './global';\nimport { DecryptedObject } from './schema';\nimport type { RenovateConfig } from './types';\n\nexport async function tryDecrypt(\n privateKey: string,\n encryptedStr: string,\n repository: string,\n keyName: string,\n): Promise<string | null> {\n let decryptedStr: string | null = null;\n if (privateKey?.startsWith('-----BEGIN PGP PRIVATE KEY BLOCK-----')) {\n const decryptedObjStr =\n process.env.RENOVATE_X_USE_OPENPGP === 'true'\n ? await tryDecryptOpenPgp(privateKey, encryptedStr)\n : await tryDecryptKbPgp(privateKey, encryptedStr);\n if (decryptedObjStr) {\n decryptedStr = validateDecryptedValue(decryptedObjStr, repository);\n }\n } else {\n decryptedStr = tryDecryptPublicKeyDefault(privateKey, encryptedStr);\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated default padding, please change to using PGP encryption.',\n );\n } else {\n decryptedStr = tryDecryptPublicKeyPKCS1(privateKey, encryptedStr);\n /* v8 ignore start -- not testable */\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated PKCS1 padding, please change to using PGP encryption.',\n );\n }\n /* v8 ignore stop */\n }\n }\n return decryptedStr;\n}\n\nexport function validateDecryptedValue(\n decryptedObjStr: string,\n repository: string,\n): string | null {\n try {\n const decryptedObj = DecryptedObject.safeParse(decryptedObjStr);\n if (!decryptedObj.success) {\n const error = new Error('config-validation');\n error.validationError = `Could not parse decrypted config.`;\n throw error;\n }\n\n const { o: org, r: repo, v: value } = decryptedObj.data;\n\n if (!is.nonEmptyString(value)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a value.`;\n throw error;\n }\n\n if (!is.nonEmptyString(org)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a scope.`;\n throw error;\n }\n\n const repositories = [repository.toUpperCase()];\n\n const azureCollection = getAzureCollection();\n if (is.nonEmptyString(azureCollection)) {\n // used for full 'org/project/repo' matching\n repositories.push(`${azureCollection}/${repository}`.toUpperCase());\n // used for org prefix matching without repo\n repositories.push(`${azureCollection}/*/`.toUpperCase());\n }\n\n const orgPrefixes = org\n .split(',')\n .map((o) => o.trim())\n .map((o) => o.toUpperCase())\n .map((o) => ensureTrailingSlash(o));\n\n if (is.nonEmptyString(repo)) {\n const scopedRepos = orgPrefixes.map((orgPrefix) =>\n `${orgPrefix}${repo}`.toUpperCase(),\n );\n for (const rp of repositories) {\n if (scopedRepos.some((r) => r === rp)) {\n return value;\n }\n }\n\n logger.debug(\n { scopedRepos },\n 'Secret is scoped to a different repository',\n );\n const error = new Error('config-validation');\n const scopeString = scopedRepos.join(',');\n error.validationError = `Encrypted secret is scoped to a different repository: \"${scopeString}\".`;\n throw error;\n }\n\n // no scoped repos, only org\n const azcol =\n azureCollection === undefined\n ? undefined\n : ensureTrailingSlash(azureCollection).toUpperCase();\n for (const rp of repositories) {\n if (\n orgPrefixes.some(\n (orgPrefix) => rp.startsWith(orgPrefix) && orgPrefix !== azcol,\n )\n ) {\n return value;\n }\n }\n logger.debug({ orgPrefixes }, 'Secret is scoped to a different org');\n const error = new Error('config-validation');\n const scopeString = orgPrefixes.join(',');\n error.validationError = `Encrypted secret is scoped to a different org: \"${scopeString}\".`;\n throw error;\n } catch (err) {\n logger.warn({ err }, 'Could not parse decrypted string');\n }\n return null;\n}\n\nexport async function decryptConfig(\n config: RenovateConfig,\n repository: string,\n existingPath = '$',\n): Promise<RenovateConfig> {\n logger.trace({ config }, 'decryptConfig()');\n const decryptedConfig = { ...config };\n const privateKey = GlobalConfig.get('privateKey');\n const privateKeyOld = GlobalConfig.get('privateKeyOld');\n for (const [key, val] of Object.entries(config)) {\n if (key === 'encrypted' && is.object(val)) {\n const path = `${existingPath}.${key}`;\n logger.debug({ config: val }, `Found encrypted config in ${path}`);\n\n const encryptedWarning = GlobalConfig.get('encryptedWarning');\n if (is.string(encryptedWarning)) {\n logger.once.warn(encryptedWarning);\n }\n\n if (privateKey) {\n for (const [eKey, eVal] of Object.entries(val)) {\n logger.debug(`Trying to decrypt ${eKey} in ${path}`);\n let decryptedStr = await tryDecrypt(\n privateKey,\n eVal,\n repository,\n eKey,\n );\n if (privateKeyOld && !is.nonEmptyString(decryptedStr)) {\n logger.debug(`Trying to decrypt with old private key`);\n decryptedStr = await tryDecrypt(\n privateKeyOld,\n eVal,\n repository,\n eKey,\n );\n }\n if (!is.nonEmptyString(decryptedStr)) {\n const error = new Error('config-validation');\n error.validationError = `Failed to decrypt field ${eKey}. Please re-encrypt and try again.`;\n throw error;\n }\n logger.debug(`Decrypted ${eKey} in ${path}`);\n if (eKey === 'npmToken') {\n const token = decryptedStr.replace(regEx(/\\n$/), '');\n decryptedConfig[eKey] = token;\n addSecretForSanitizing(token);\n } else {\n decryptedConfig[eKey] = decryptedStr;\n addSecretForSanitizing(decryptedStr);\n }\n }\n } else {\n if (process.env.RENOVATE_X_ENCRYPTED_STRICT === 'true') {\n const error = new Error(CONFIG_VALIDATION);\n error.validationSource = 'config';\n error.validationError = 'Encrypted config unsupported';\n error.validationMessage = `This config contains an encrypted object at location \\`$.${key}\\` but no privateKey is configured. To support encrypted config, the Renovate administrator must configure a \\`privateKey\\` in Global Configuration.`;\n if (process.env.MEND_HOSTED === 'true') {\n error.validationMessage = `Mend-hosted Renovate Apps no longer support the use of encrypted secrets in Renovate file config (e.g. renovate.json).\nPlease migrate all secrets to the Developer Portal using the web UI available at https://developer.mend.io/\n\nRefer to migration documents here: https://docs.renovatebot.com/mend-hosted/migrating-secrets/`;\n }\n throw error;\n } else {\n logger.error('Found encrypted data but no privateKey');\n }\n }\n delete decryptedConfig.encrypted;\n } else if (is.array(val)) {\n decryptedConfig[key] = [];\n for (const [index, item] of val.entries()) {\n if (is.object(item) && !is.array(item)) {\n const path = `${existingPath}.${key}[${index}]`;\n (decryptedConfig[key] as RenovateConfig[]).push(\n await decryptConfig(item as RenovateConfig, repository, path),\n );\n } else {\n (decryptedConfig[key] as unknown[]).push(item);\n }\n }\n } else if (is.object(val) && key !== 'content') {\n const path = `${existingPath}.${key}`;\n decryptedConfig[key] = await decryptConfig(\n val as RenovateConfig,\n repository,\n path,\n );\n }\n }\n delete decryptedConfig.encrypted;\n logger.trace({ config: decryptedConfig }, 'decryptedConfig');\n return decryptedConfig;\n}\n\nexport function getAzureCollection(): string | undefined {\n const platform = GlobalConfig.get('platform');\n if (platform !== 'azure') {\n return undefined;\n }\n\n const endpoint = GlobalConfig.get('endpoint');\n const endpointUrl = parseUrl(endpoint);\n if (endpointUrl === null) {\n // should not happen\n logger.warn({ endpoint }, 'Unable to parse endpoint for token decryption');\n return undefined;\n }\n\n const azureCollection = trimSlashes(endpointUrl.pathname);\n if (!is.nonEmptyString(azureCollection)) {\n logger.debug({ endpoint }, 'Unable to find azure collection name from URL');\n return undefined;\n }\n\n if (azureCollection.startsWith('tfs/')) {\n // Azure DevOps Server\n return azureCollection.substring(4);\n }\n return azureCollection;\n}\n"]}
|
|
1
|
+
{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../lib/config/decrypt.ts"],"names":[],"mappings":";;AAmBA,wCAMC;AAED,gCAmCC;AAED,wDAqFC;AAED,sCA4FC;AAED,gDAyBC;;AA9QD,kEAAkC;AAClC,gEAAgE;AAChE,sCAAmC;AACnC,yCAAsC;AACtC,+CAA0D;AAC1D,qCAAyE;AACzE,2CAAkD;AAClD,6CAG0B;AAC1B,+CAAsD;AACtD,qCAAwC;AACxC,qCAA2C;AAG3C,IAAI,UAA8B,CAAC;AACnC,IAAI,aAAiC,CAAC;AAEtC,SAAgB,cAAc,CAC5B,IAAwB,EACxB,OAA2B;IAE3B,UAAU,GAAG,IAAI,CAAC;IAClB,aAAa,GAAG,OAAO,CAAC;AAC1B,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,YAAoB,EACpB,UAAkB,EAClB,OAAe;IAEf,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,GAAG,EAAE,UAAU,CAAC,uCAAuC,CAAC,EAAE,CAAC;QAC7D,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM;YAC3C,CAAC,CAAC,MAAM,IAAA,2BAAiB,EAAC,GAAG,EAAE,YAAY,CAAC;YAC5C,CAAC,CAAC,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC/C,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,GAAG,sBAAsB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,YAAY,GAAG,IAAA,mCAA0B,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC7D,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,6FAA6F,CAC9F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,IAAA,iCAAwB,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YAC3D,qCAAqC;YACrC,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,2FAA2F,CAC5F,CAAC;YACJ,CAAC;YACD,oBAAoB;QACtB,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAgB,sBAAsB,CACpC,eAAuB,EACvB,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,wBAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAChE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,mCAAmC,CAAC;YAC5D,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEhD,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;QAC7C,IAAI,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;YACvC,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,IAAI,UAAU,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACpE,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,WAAW,GAAG,GAAG;aACpB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;aAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,yBAAmB,EAAC,CAAC,CAAC,CAAC,CAAC;QAEtC,IAAI,YAAE,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAChD,GAAG,SAAS,GAAG,IAAI,EAAE,CAAC,WAAW,EAAE,CACpC,CAAC;YACF,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;gBAC9B,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;oBACtC,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,EACf,4CAA4C,CAC7C,CAAC;YACF,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,KAAK,CAAC,eAAe,GAAG,0DAA0D,WAAW,IAAI,CAAC;YAClG,MAAM,KAAK,CAAC;QACd,CAAC;QAED,4BAA4B;QAC5B,MAAM,KAAK,GACT,eAAe,KAAK,SAAS;YAC3B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAA,yBAAmB,EAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;QACzD,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC9B,IACE,WAAW,CAAC,IAAI,CACd,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,SAAS,KAAK,KAAK,CAC/D,EACD,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,EAAE,qCAAqC,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,KAAK,CAAC,eAAe,GAAG,mDAAmD,WAAW,IAAI,CAAC;QAC3F,MAAM,KAAK,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,kCAAkC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,UAAkB,EAClB,YAAY,GAAG,GAAG;IAElB,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC5C,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,GAAG,KAAK,WAAW,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,6BAA6B,IAAI,EAAE,CAAC,CAAC;YAEnE,MAAM,gBAAgB,GAAG,qBAAY,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAC9D,IAAI,YAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAChC,eAAM,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrC,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC/C,eAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBACrD,IAAI,YAAY,GAAG,MAAM,UAAU,CACjC,UAAU,EACV,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACF,IAAI,aAAa,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACtD,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;wBACvD,YAAY,GAAG,MAAM,UAAU,CAC7B,aAAa,EACb,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACJ,CAAC;oBACD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACrC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;wBAC7C,KAAK,CAAC,eAAe,GAAG,2BAA2B,IAAI,oCAAoC,CAAC;wBAC5F,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,eAAM,CAAC,KAAK,CAAC,aAAa,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBAC7C,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;wBACxB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAA,aAAK,EAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;wBACrD,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;wBAC9B,IAAA,iCAAsB,EAAC,KAAK,CAAC,CAAC;oBAChC,CAAC;yBAAM,CAAC;wBACN,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;wBACrC,IAAA,iCAAsB,EAAC,YAAY,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,MAAM,EAAE,CAAC;oBACvD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,kCAAiB,CAAC,CAAC;oBAC3C,KAAK,CAAC,gBAAgB,GAAG,QAAQ,CAAC;oBAClC,KAAK,CAAC,eAAe,GAAG,8BAA8B,CAAC;oBACvD,KAAK,CAAC,iBAAiB,GAAG,4DAA4D,GAAG,sJAAsJ,CAAC;oBAChP,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;wBACvC,KAAK,CAAC,iBAAiB,GAAG;;;+FAGyD,CAAC;oBACtF,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC,SAAS,CAAC;QACnC,CAAC;aAAM,IAAI,YAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1C,IAAI,YAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,IAAI,KAAK,GAAG,CAAC;oBAC/C,eAAe,CAAC,GAAG,CAAsB,CAAC,IAAI,CAC7C,MAAM,aAAa,CAAC,IAAsB,EAAE,UAAU,EAAE,IAAI,CAAC,CAC9D,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACL,eAAe,CAAC,GAAG,CAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAe,CAAC,GAAG,CAAC,GAAG,MAAM,aAAa,CACxC,GAAqB,EACrB,UAAU,EACV,IAAI,CACL,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAC,SAAS,CAAC;IACjC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAgB,kBAAkB;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,oBAAoB;QACpB,eAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,IAAA,iBAAW,EAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;QACxC,eAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,sBAAsB;QACtB,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { CONFIG_VALIDATION } from '../constants/error-messages';\nimport { logger } from '../logger';\nimport { regEx } from '../util/regex';\nimport { addSecretForSanitizing } from '../util/sanitize';\nimport { ensureTrailingSlash, parseUrl, trimSlashes } from '../util/url';\nimport { tryDecryptKbPgp } from './decrypt/kbpgp';\nimport {\n tryDecryptPublicKeyDefault,\n tryDecryptPublicKeyPKCS1,\n} from './decrypt/legacy';\nimport { tryDecryptOpenPgp } from './decrypt/openpgp';\nimport { GlobalConfig } from './global';\nimport { DecryptedObject } from './schema';\nimport type { RenovateConfig } from './types';\n\nlet privateKey: string | undefined;\nlet privateKeyOld: string | undefined;\n\nexport function setPrivateKeys(\n pKey: string | undefined,\n pKeyOld: string | undefined,\n): void {\n privateKey = pKey;\n privateKeyOld = pKeyOld;\n}\n\nexport async function tryDecrypt(\n key: string,\n encryptedStr: string,\n repository: string,\n keyName: string,\n): Promise<string | null> {\n let decryptedStr: string | null = null;\n if (key?.startsWith('-----BEGIN PGP PRIVATE KEY BLOCK-----')) {\n const decryptedObjStr =\n process.env.RENOVATE_X_USE_OPENPGP === 'true'\n ? await tryDecryptOpenPgp(key, encryptedStr)\n : await tryDecryptKbPgp(key, encryptedStr);\n if (decryptedObjStr) {\n decryptedStr = validateDecryptedValue(decryptedObjStr, repository);\n }\n } else {\n decryptedStr = tryDecryptPublicKeyDefault(key, encryptedStr);\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated default padding, please change to using PGP encryption.',\n );\n } else {\n decryptedStr = tryDecryptPublicKeyPKCS1(key, encryptedStr);\n /* v8 ignore start -- not testable */\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated PKCS1 padding, please change to using PGP encryption.',\n );\n }\n /* v8 ignore stop */\n }\n }\n return decryptedStr;\n}\n\nexport function validateDecryptedValue(\n decryptedObjStr: string,\n repository: string,\n): string | null {\n try {\n const decryptedObj = DecryptedObject.safeParse(decryptedObjStr);\n if (!decryptedObj.success) {\n const error = new Error('config-validation');\n error.validationError = `Could not parse decrypted config.`;\n throw error;\n }\n\n const { o: org, r: repo, v: value } = decryptedObj.data;\n\n if (!is.nonEmptyString(value)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a value.`;\n throw error;\n }\n\n if (!is.nonEmptyString(org)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a scope.`;\n throw error;\n }\n\n const repositories = [repository.toUpperCase()];\n\n const azureCollection = getAzureCollection();\n if (is.nonEmptyString(azureCollection)) {\n // used for full 'org/project/repo' matching\n repositories.push(`${azureCollection}/${repository}`.toUpperCase());\n // used for org prefix matching without repo\n repositories.push(`${azureCollection}/*/`.toUpperCase());\n }\n\n const orgPrefixes = org\n .split(',')\n .map((o) => o.trim())\n .map((o) => o.toUpperCase())\n .map((o) => ensureTrailingSlash(o));\n\n if (is.nonEmptyString(repo)) {\n const scopedRepos = orgPrefixes.map((orgPrefix) =>\n `${orgPrefix}${repo}`.toUpperCase(),\n );\n for (const rp of repositories) {\n if (scopedRepos.some((r) => r === rp)) {\n return value;\n }\n }\n\n logger.debug(\n { scopedRepos },\n 'Secret is scoped to a different repository',\n );\n const error = new Error('config-validation');\n const scopeString = scopedRepos.join(',');\n error.validationError = `Encrypted secret is scoped to a different repository: \"${scopeString}\".`;\n throw error;\n }\n\n // no scoped repos, only org\n const azcol =\n azureCollection === undefined\n ? undefined\n : ensureTrailingSlash(azureCollection).toUpperCase();\n for (const rp of repositories) {\n if (\n orgPrefixes.some(\n (orgPrefix) => rp.startsWith(orgPrefix) && orgPrefix !== azcol,\n )\n ) {\n return value;\n }\n }\n logger.debug({ orgPrefixes }, 'Secret is scoped to a different org');\n const error = new Error('config-validation');\n const scopeString = orgPrefixes.join(',');\n error.validationError = `Encrypted secret is scoped to a different org: \"${scopeString}\".`;\n throw error;\n } catch (err) {\n logger.warn({ err }, 'Could not parse decrypted string');\n }\n return null;\n}\n\nexport async function decryptConfig(\n config: RenovateConfig,\n repository: string,\n existingPath = '$',\n): Promise<RenovateConfig> {\n logger.trace({ config }, 'decryptConfig()');\n const decryptedConfig = { ...config };\n for (const [key, val] of Object.entries(config)) {\n if (key === 'encrypted' && is.object(val)) {\n const path = `${existingPath}.${key}`;\n logger.debug({ config: val }, `Found encrypted config in ${path}`);\n\n const encryptedWarning = GlobalConfig.get('encryptedWarning');\n if (is.string(encryptedWarning)) {\n logger.once.warn(encryptedWarning);\n }\n\n if (privateKey) {\n for (const [eKey, eVal] of Object.entries(val)) {\n logger.debug(`Trying to decrypt ${eKey} in ${path}`);\n let decryptedStr = await tryDecrypt(\n privateKey,\n eVal,\n repository,\n eKey,\n );\n if (privateKeyOld && !is.nonEmptyString(decryptedStr)) {\n logger.debug(`Trying to decrypt with old private key`);\n decryptedStr = await tryDecrypt(\n privateKeyOld,\n eVal,\n repository,\n eKey,\n );\n }\n if (!is.nonEmptyString(decryptedStr)) {\n const error = new Error('config-validation');\n error.validationError = `Failed to decrypt field ${eKey}. Please re-encrypt and try again.`;\n throw error;\n }\n logger.debug(`Decrypted ${eKey} in ${path}`);\n if (eKey === 'npmToken') {\n const token = decryptedStr.replace(regEx(/\\n$/), '');\n decryptedConfig[eKey] = token;\n addSecretForSanitizing(token);\n } else {\n decryptedConfig[eKey] = decryptedStr;\n addSecretForSanitizing(decryptedStr);\n }\n }\n } else {\n if (process.env.RENOVATE_X_ENCRYPTED_STRICT === 'true') {\n const error = new Error(CONFIG_VALIDATION);\n error.validationSource = 'config';\n error.validationError = 'Encrypted config unsupported';\n error.validationMessage = `This config contains an encrypted object at location \\`$.${key}\\` but no privateKey is configured. To support encrypted config, the Renovate administrator must configure a \\`privateKey\\` in Global Configuration.`;\n if (process.env.MEND_HOSTED === 'true') {\n error.validationMessage = `Mend-hosted Renovate Apps no longer support the use of encrypted secrets in Renovate file config (e.g. renovate.json).\nPlease migrate all secrets to the Developer Portal using the web UI available at https://developer.mend.io/\n\nRefer to migration documents here: https://docs.renovatebot.com/mend-hosted/migrating-secrets/`;\n }\n throw error;\n } else {\n logger.error('Found encrypted data but no privateKey');\n }\n }\n delete decryptedConfig.encrypted;\n } else if (is.array(val)) {\n decryptedConfig[key] = [];\n for (const [index, item] of val.entries()) {\n if (is.object(item) && !is.array(item)) {\n const path = `${existingPath}.${key}[${index}]`;\n (decryptedConfig[key] as RenovateConfig[]).push(\n await decryptConfig(item as RenovateConfig, repository, path),\n );\n } else {\n (decryptedConfig[key] as unknown[]).push(item);\n }\n }\n } else if (is.object(val) && key !== 'content') {\n const path = `${existingPath}.${key}`;\n decryptedConfig[key] = await decryptConfig(\n val as RenovateConfig,\n repository,\n path,\n );\n }\n }\n delete decryptedConfig.encrypted;\n logger.trace({ config: decryptedConfig }, 'decryptedConfig');\n return decryptedConfig;\n}\n\nexport function getAzureCollection(): string | undefined {\n const platform = GlobalConfig.get('platform');\n if (platform !== 'azure') {\n return undefined;\n }\n\n const endpoint = GlobalConfig.get('endpoint');\n const endpointUrl = parseUrl(endpoint);\n if (endpointUrl === null) {\n // should not happen\n logger.warn({ endpoint }, 'Unable to parse endpoint for token decryption');\n return undefined;\n }\n\n const azureCollection = trimSlashes(endpointUrl.pathname);\n if (!is.nonEmptyString(azureCollection)) {\n logger.debug({ endpoint }, 'Unable to find azure collection name from URL');\n return undefined;\n }\n\n if (azureCollection.startsWith('tfs/')) {\n // Azure DevOps Server\n return azureCollection.substring(4);\n }\n return azureCollection;\n}\n"]}
|
package/dist/config/global.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"global.js","sourceRoot":"","sources":["../../lib/config/global.ts"],"names":[],"mappings":";;;AAEA,MAAa,YAAY;IACvB,iIAAiI;IACzH,MAAM,CAAU,OAAO,GAA+B;QAC5D,iBAAiB;QACjB,YAAY;QACZ,4BAA4B;QAC5B,gBAAgB;QAChB,cAAc;QACd,cAAc;QACd,cAAc;QACd,UAAU;QACV,qBAAqB;QACrB,kBAAkB;QAClB,kBAAkB;QAClB,oBAAoB;QACpB,mBAAmB;QACnB,kBAAkB;QAClB,oBAAoB;QACpB,YAAY;QACZ,QAAQ;QACR,kBAAkB;QAClB,cAAc;QACd,kBAAkB;QAClB,iBAAiB;QACjB,UAAU;QACV,gBAAgB;QAChB,wBAAwB;QACxB,YAAY;QACZ,
|
|
1
|
+
{"version":3,"file":"global.js","sourceRoot":"","sources":["../../lib/config/global.ts"],"names":[],"mappings":";;;AAEA,MAAa,YAAY;IACvB,iIAAiI;IACzH,MAAM,CAAU,OAAO,GAA+B;QAC5D,iBAAiB;QACjB,YAAY;QACZ,4BAA4B;QAC5B,gBAAgB;QAChB,cAAc;QACd,cAAc;QACd,cAAc;QACd,UAAU;QACV,qBAAqB;QACrB,kBAAkB;QAClB,kBAAkB;QAClB,oBAAoB;QACpB,mBAAmB;QACnB,kBAAkB;QAClB,oBAAoB;QACpB,YAAY;QACZ,QAAQ;QACR,kBAAkB;QAClB,cAAc;QACd,kBAAkB;QAClB,iBAAiB;QACjB,UAAU;QACV,gBAAgB;QAChB,wBAAwB;QACxB,YAAY;QACZ,UAAU;QACV,UAAU;QACV,kBAAkB;QAClB,sBAAsB;QACtB,uBAAuB;QACvB,WAAW;QACX,gBAAgB;QAChB,YAAY;QACZ,aAAa;QACb,sBAAsB;KACvB,CAAC;IAEM,MAAM,CAAC,MAAM,GAAqB,EAAE,CAAC;IAU7C,MAAM,CAAC,GAAG,CACR,GAAS,EACT,YAAoC;QAEpC,OAAO,GAAG;YACR,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC;IAC1B,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,MAAyC;QAClD,YAAY,CAAC,KAAK,EAAE,CAAC;QAErB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;QAC7B,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1C,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAU,CAAC;YACtD,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC;IAC3B,CAAC;;AAzEH,oCA0EC","sourcesContent":["import type { RenovateConfig, RepoGlobalConfig } from './types';\n\nexport class GlobalConfig {\n // TODO: once global config work is complete, add a test to make sure this list includes all options with globalOnly=true (#9603)\n private static readonly OPTIONS: (keyof RepoGlobalConfig)[] = [\n 'allowedCommands',\n 'allowedEnv',\n 'allowCustomCrateRegistries',\n 'allowedHeaders',\n 'allowPlugins',\n 'allowScripts',\n 'binarySource',\n 'cacheDir',\n 'cacheHardTtlMinutes',\n 'cacheTtlOverride',\n 'containerbaseDir',\n 'customEnvVariables',\n 'dockerChildPrefix',\n 'dockerCliOptions',\n 'dockerSidecarImage',\n 'dockerUser',\n 'dryRun',\n 'encryptedWarning',\n 'exposeAllEnv',\n 'executionTimeout',\n 'githubTokenWarn',\n 'localDir',\n 'migratePresets',\n 'presetCachePersistence',\n 'gitTimeout',\n 'platform',\n 'endpoint',\n 'httpCacheTtlDays',\n 'autodiscoverRepoSort',\n 'autodiscoverRepoOrder',\n 'userAgent',\n 'dockerMaxPages',\n 's3Endpoint',\n 's3PathStyle',\n 'cachePrivatePackages',\n ];\n\n private static config: RepoGlobalConfig = {};\n\n static get(): RepoGlobalConfig;\n static get<Key extends keyof RepoGlobalConfig>(\n key: Key,\n ): RepoGlobalConfig[Key];\n static get<Key extends keyof RepoGlobalConfig>(\n key: Key,\n defaultValue: Required<RepoGlobalConfig>[Key],\n ): Required<RepoGlobalConfig>[Key];\n static get<Key extends keyof RepoGlobalConfig>(\n key?: Key,\n defaultValue?: RepoGlobalConfig[Key],\n ): RepoGlobalConfig | RepoGlobalConfig[Key] {\n return key\n ? (GlobalConfig.config[key] ?? defaultValue)\n : GlobalConfig.config;\n }\n\n static set(config: RenovateConfig | RepoGlobalConfig): RenovateConfig {\n GlobalConfig.reset();\n\n const result = { ...config };\n for (const option of GlobalConfig.OPTIONS) {\n GlobalConfig.config[option] = config[option] as never;\n delete result[option];\n }\n\n return result;\n }\n\n static reset(): void {\n GlobalConfig.config = {};\n }\n}\n"]}
|
package/dist/config/types.d.ts
CHANGED
|
@@ -105,6 +105,8 @@ export interface GlobalOnlyConfig {
|
|
|
105
105
|
mergeConfidenceEndpoint?: string;
|
|
106
106
|
platform?: PlatformId;
|
|
107
107
|
prCommitsPerRunLimit?: number;
|
|
108
|
+
privateKey?: string;
|
|
109
|
+
privateKeyOld?: string;
|
|
108
110
|
privateKeyPath?: string;
|
|
109
111
|
privateKeyPathOld?: string;
|
|
110
112
|
redisPrefix?: string;
|
|
@@ -142,8 +144,6 @@ export interface RepoGlobalConfig {
|
|
|
142
144
|
migratePresets?: Record<string, string>;
|
|
143
145
|
platform?: PlatformId;
|
|
144
146
|
presetCachePersistence?: boolean;
|
|
145
|
-
privateKey?: string;
|
|
146
|
-
privateKeyOld?: string;
|
|
147
147
|
httpCacheTtlDays?: number;
|
|
148
148
|
autodiscoverRepoSort?: RepoSortMethod;
|
|
149
149
|
autodiscoverRepoOrder?: SortMethod;
|
package/dist/config/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../lib/config/types.ts"],"names":[],"mappings":";;;AAqNa,QAAA,yBAAyB,GAAG;IACvC,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,eAAe;CACP,CAAC;AAmGX,MAAM,uBAAuB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAU,CAAC","sourcesContent":["import type { PlatformId } from '../constants';\nimport type { LogLevelRemap } from '../logger/types';\nimport type { CustomManager } from '../modules/manager/custom/types';\nimport type { RepoSortMethod, SortMethod } from '../modules/platform/types';\nimport type { HostRule, SkipReason } from '../types';\nimport type { StageName } from '../types/skip-reason';\nimport type { GitNoVerifyOption } from '../util/git/types';\nimport type { MergeConfidence } from '../util/merge-confidence/types';\nimport type { Timestamp } from '../util/timestamp';\n\nexport type RenovateConfigStage =\n | 'global'\n | 'inherit'\n | 'repository'\n | 'package'\n | 'branch'\n | 'pr';\n\nexport type RepositoryCacheConfig = 'disabled' | 'enabled' | 'reset';\n// eslint-disable-next-line @typescript-eslint/no-redundant-type-constituents\nexport type RepositoryCacheType = 'local' | string;\nexport type DryRunConfig = 'extract' | 'lookup' | 'full';\nexport type RequiredConfig = 'required' | 'optional' | 'ignored';\n\nexport interface GroupConfig extends Record<string, unknown> {\n branchName?: string;\n branchTopic?: string;\n}\n\nexport type RecreateWhen = 'auto' | 'never' | 'always';\nexport type PlatformCommitOptions = 'auto' | 'disabled' | 'enabled';\n// TODO: Proper typings\nexport interface RenovateSharedConfig {\n $schema?: string;\n addLabels?: string[];\n autoReplaceGlobalMatch?: boolean;\n automerge?: boolean;\n automergeSchedule?: string[];\n automergeStrategy?: MergeStrategy;\n branchName?: string;\n branchNameStrict?: boolean;\n branchPrefix?: string;\n branchPrefixOld?: string;\n commitMessage?: string;\n commitMessageAction?: string;\n commitMessageExtra?: string;\n commitMessageLowerCase?: 'auto' | 'never';\n commitMessagePrefix?: string;\n commitMessageTopic?: string;\n confidential?: boolean;\n changelogUrl?: string;\n dependencyDashboardApproval?: boolean;\n draftPR?: boolean;\n enabled?: boolean;\n enabledManagers?: string[];\n extends?: string[];\n fileMatch?: string[];\n force?: RenovateConfig;\n gitIgnoredAuthors?: string[];\n group?: GroupConfig;\n groupName?: string;\n groupSlug?: string;\n hashedBranchLength?: number;\n ignoreDeps?: string[];\n ignorePaths?: string[];\n ignoreTests?: boolean;\n includePaths?: string[];\n internalChecksAsSuccess?: boolean;\n keepUpdatedLabel?: string;\n labels?: string[];\n manager?: string;\n milestone?: number;\n npmrc?: string;\n npmrcMerge?: boolean;\n platformCommit?: PlatformCommitOptions;\n postUpgradeTasks?: PostUpgradeTasks;\n prBodyColumns?: string[];\n prBodyDefinitions?: Record<string, string>;\n prCreation?: 'immediate' | 'not-pending' | 'status-success' | 'approval';\n prPriority?: number;\n productLinks?: Record<string, string>;\n pruneBranchAfterAutomerge?: boolean;\n rebaseLabel?: string;\n rebaseWhen?: string;\n recreateClosed?: boolean;\n recreateWhen?: RecreateWhen;\n repository?: string;\n repositoryCache?: RepositoryCacheConfig;\n repositoryCacheType?: RepositoryCacheType;\n respectLatest?: boolean;\n schedule?: string[];\n semanticCommitScope?: string | null;\n semanticCommitType?: string;\n semanticCommits?: 'auto' | 'enabled' | 'disabled';\n stopUpdatingLabel?: string;\n suppressNotifications?: string[];\n timezone?: string;\n unicodeEmoji?: boolean;\n}\n\n// Config options used only within the global worker\n// The below should contain config options where stage=global\nexport interface GlobalOnlyConfig {\n autodiscover?: boolean;\n autodiscoverFilter?: string[] | string;\n autodiscoverNamespaces?: string[];\n autodiscoverProjects?: string[];\n autodiscoverTopics?: string[];\n baseDir?: string;\n cacheDir?: string;\n containerbaseDir?: string;\n detectHostRulesFromEnv?: boolean;\n dockerCliOptions?: string;\n endpoint?: string;\n forceCli?: boolean;\n gitNoVerify?: GitNoVerifyOption[];\n gitPrivateKey?: string;\n globalExtends?: string[];\n mergeConfidenceDatasources?: string[];\n mergeConfidenceEndpoint?: string;\n platform?: PlatformId;\n prCommitsPerRunLimit?: number;\n privateKeyPath?: string;\n privateKeyPathOld?: string;\n redisPrefix?: string;\n redisUrl?: string;\n repositories?: RenovateRepository[];\n useCloudMetadataServices?: boolean;\n deleteConfigFile?: boolean;\n}\n\n// Config options used within the repository worker, but not user configurable\n// The below should contain config options where globalOnly=true\nexport interface RepoGlobalConfig {\n allowedCommands?: string[];\n allowCustomCrateRegistries?: boolean;\n allowPlugins?: boolean;\n allowScripts?: boolean;\n allowedEnv?: string[];\n allowedHeaders?: string[];\n binarySource?: 'docker' | 'global' | 'install' | 'hermit';\n cacheDir?: string;\n cacheHardTtlMinutes?: number;\n cacheTtlOverride?: Record<string, number>;\n containerbaseDir?: string;\n customEnvVariables?: Record<string, string>;\n dockerChildPrefix?: string;\n dockerCliOptions?: string;\n dockerSidecarImage?: string;\n dockerUser?: string;\n dryRun?: DryRunConfig;\n encryptedWarning?: string;\n endpoint?: string;\n executionTimeout?: number;\n exposeAllEnv?: boolean;\n gitTimeout?: number;\n githubTokenWarn?: boolean;\n includeMirrors?: boolean;\n localDir?: string;\n migratePresets?: Record<string, string>;\n platform?: PlatformId;\n presetCachePersistence?: boolean;\n privateKey?: string;\n privateKeyOld?: string;\n httpCacheTtlDays?: number;\n autodiscoverRepoSort?: RepoSortMethod;\n autodiscoverRepoOrder?: SortMethod;\n userAgent?: string;\n dockerMaxPages?: number;\n s3Endpoint?: string;\n s3PathStyle?: boolean;\n cachePrivatePackages?: boolean;\n}\n\nexport interface LegacyAdminConfig {\n localDir?: string;\n\n logContext?: string;\n\n onboarding?: boolean;\n onboardingBranch?: string;\n onboardingCommitMessage?: string;\n onboardingNoDeps?: 'auto' | 'enabled' | 'disabled';\n onboardingRebaseCheckbox?: boolean;\n onboardingPrTitle?: string;\n onboardingConfig?: RenovateSharedConfig;\n onboardingConfigFileName?: string;\n\n requireConfig?: RequiredConfig;\n}\n\nexport type ExecutionMode = 'branch' | 'update';\n\nexport interface PostUpgradeTasks {\n commands?: string[];\n fileFilters?: string[];\n executionMode: ExecutionMode;\n}\n\nexport type UpdateConfig<\n T extends RenovateSharedConfig = RenovateSharedConfig,\n> = Partial<Record<UpdateType, T | null>>;\n\nexport type RenovateRepository =\n | string\n | {\n repository: string;\n secrets?: Record<string, string>;\n };\n\nexport type UseBaseBranchConfigType = 'merge' | 'none';\nexport type ConstraintsFilter = 'strict' | 'none';\n\nexport const allowedStatusCheckStrings = [\n 'minimumReleaseAge',\n 'mergeConfidence',\n 'configValidation',\n 'artifactError',\n] as const;\nexport type StatusCheckKey = (typeof allowedStatusCheckStrings)[number];\ntype UserEnv = Record<string, string>;\n// TODO: Proper typings\nexport interface RenovateConfig\n extends LegacyAdminConfig,\n RenovateSharedConfig,\n UpdateConfig<PackageRule>,\n AssigneesAndReviewersConfig,\n ConfigMigration,\n Record<string, unknown> {\n s3Endpoint?: string;\n s3PathStyle?: boolean;\n reportPath?: string;\n reportType?: 'logging' | 'file' | 's3' | null;\n depName?: string;\n baseBranches?: string[];\n commitBody?: string;\n useBaseBranchConfig?: UseBaseBranchConfigType;\n baseBranch?: string;\n defaultBranch?: string;\n branchList?: string[];\n cloneSubmodulesFilter?: string[];\n description?: string | string[];\n force?: RenovateConfig;\n errors?: ValidationMessage[];\n\n gitAuthor?: string;\n\n hostRules?: HostRule[];\n\n inheritConfig?: boolean;\n inheritConfigFileName?: string;\n inheritConfigRepoName?: string;\n inheritConfigStrict?: boolean;\n\n ignorePresets?: string[];\n forkProcessing?: 'auto' | 'enabled' | 'disabled';\n isFork?: boolean;\n\n fileList?: string[];\n configWarningReuseIssue?: boolean;\n dependencyDashboard?: boolean;\n dependencyDashboardAutoclose?: boolean;\n dependencyDashboardChecks?: Record<string, string>;\n dependencyDashboardIssue?: number;\n dependencyDashboardTitle?: string;\n dependencyDashboardHeader?: string;\n dependencyDashboardFooter?: string;\n dependencyDashboardLabels?: string[];\n dependencyDashboardOSVVulnerabilitySummary?: 'none' | 'all' | 'unresolved';\n packageFile?: string;\n packageRules?: PackageRule[];\n postUpdateOptions?: string[];\n branchConcurrentLimit?: number | null;\n prConcurrentLimit?: number;\n prHourlyLimit?: number;\n forkModeDisallowMaintainerEdits?: boolean;\n\n defaultRegistryUrls?: string[];\n registryUrls?: string[] | null;\n registryAliases?: Record<string, string>;\n\n repoIsOnboarded?: boolean;\n repoIsActivated?: boolean;\n\n updateInternalDeps?: boolean;\n updateType?: UpdateType;\n\n warnings?: ValidationMessage[];\n vulnerabilityAlerts?: RenovateSharedConfig;\n osvVulnerabilityAlerts?: boolean;\n vulnerabilitySeverity?: string;\n customManagers?: CustomManager[];\n customDatasources?: Record<string, CustomDatasourceConfig>;\n\n fetchChangeLogs?: FetchChangeLogsOptions;\n secrets?: Record<string, string>;\n\n constraints?: Record<string, string>;\n skipInstalls?: boolean | null;\n\n constraintsFiltering?: ConstraintsFilter;\n\n checkedBranches?: string[];\n customizeDashboard?: Record<string, string>;\n\n statusCheckNames?: Record<StatusCheckKey, string | null>;\n /**\n * User configured environment variables that Renovate uses when executing package manager commands\n */\n env?: UserEnv;\n logLevelRemap?: LogLevelRemap[];\n\n branchTopic?: string;\n additionalBranchPrefix?: string;\n sharedVariableName?: string;\n}\n\nconst CustomDatasourceFormats = ['json', 'plain', 'yaml', 'html'] as const;\nexport type CustomDatasourceFormats = (typeof CustomDatasourceFormats)[number];\n\nexport interface CustomDatasourceConfig {\n defaultRegistryUrlTemplate?: string;\n format?: CustomDatasourceFormats;\n transformTemplates?: string[];\n}\n\nexport interface AllConfig\n extends RenovateConfig,\n GlobalOnlyConfig,\n RepoGlobalConfig {}\n\nexport interface AssigneesAndReviewersConfig {\n assigneesFromCodeOwners?: boolean;\n expandCodeOwnersGroups?: boolean;\n assignees?: string[];\n assigneesSampleSize?: number;\n ignoreReviewers?: string[];\n reviewersFromCodeOwners?: boolean;\n reviewers?: string[];\n reviewersSampleSize?: number;\n additionalReviewers?: string[];\n filterUnavailableUsers?: boolean;\n}\n\nexport type UpdateType =\n | 'major'\n | 'minor'\n | 'patch'\n | 'pin'\n | 'digest'\n | 'pinDigest'\n | 'lockFileMaintenance'\n | 'lockfileUpdate'\n | 'rollback'\n | 'bump'\n | 'replacement';\n\nexport type FetchChangeLogsOptions = 'off' | 'branch' | 'pr';\n\nexport type MatchStringsStrategy = 'any' | 'recursive' | 'combination';\n\nexport type MergeStrategy =\n | 'auto'\n | 'fast-forward'\n | 'merge-commit'\n | 'rebase'\n | 'squash';\n\n// TODO: Proper typings\nexport interface PackageRule\n extends RenovateSharedConfig,\n UpdateConfig,\n Record<string, unknown> {\n description?: string | string[];\n isVulnerabilityAlert?: boolean;\n matchBaseBranches?: string[];\n matchCategories?: string[];\n matchConfidence?: MergeConfidence[];\n matchCurrentAge?: string;\n matchCurrentValue?: string;\n matchCurrentVersion?: string;\n matchDatasources?: string[];\n matchDepNames?: string[];\n matchDepTypes?: string[];\n matchFileNames?: string[];\n matchManagers?: string[];\n matchNewValue?: string;\n matchPackageNames?: string[];\n matchRepositories?: string[];\n matchSourceUrls?: string[];\n matchUpdateTypes?: UpdateType[];\n matchJsonata?: string[];\n registryUrls?: string[] | null;\n vulnerabilitySeverity?: string;\n vulnerabilityFixVersion?: string;\n}\n\nexport interface ValidationMessage {\n topic: string;\n message: string;\n}\n\nexport type AllowedParents =\n | 'customDatasources'\n | 'customManagers'\n | 'hostRules'\n | 'logLevelRemap'\n | 'packageRules'\n | 'postUpgradeTasks'\n | 'vulnerabilityAlerts';\nexport interface RenovateOptionBase {\n /**\n * If true, the option can only be configured by people with access to the Renovate instance.\n * Furthermore, the option should be documented in docs/usage/self-hosted-configuration.md.\n */\n globalOnly?: boolean;\n\n inheritConfigSupport?: boolean;\n\n allowedValues?: string[];\n\n allowString?: boolean;\n\n cli?: boolean;\n\n description: string;\n\n env?: false | string;\n\n /**\n * Do not validate object children\n */\n freeChoice?: boolean;\n\n mergeable?: boolean;\n\n autogenerated?: boolean;\n\n name: string;\n\n parents?: AllowedParents[];\n\n stage?: RenovateConfigStage;\n\n experimental?: boolean;\n\n experimentalDescription?: string;\n\n experimentalIssues?: number[];\n\n advancedUse?: boolean;\n\n /**\n * This is used to add depreciation message in the docs\n */\n deprecationMsg?: string;\n\n /**\n * For internal use only: add it to any config option that supports regex or glob matching\n */\n patternMatch?: boolean;\n\n /**\n * For internal use only: add it to any config option of type integer that supports negative integers\n */\n allowNegative?: boolean;\n\n /**\n * Managers which support this option, leave undefined if all managers support it.\n */\n supportedManagers?: string[];\n\n /**\n * Platforms which support this option, leave undefined if all platforms support it.\n */\n supportedPlatforms?: PlatformId[];\n}\n\nexport interface RenovateArrayOption<\n T extends string | number | Record<string, unknown> = Record<string, unknown>,\n> extends RenovateOptionBase {\n default?: T[] | null;\n mergeable?: boolean;\n type: 'array';\n subType?: 'string' | 'object' | 'number';\n}\n\nexport interface RenovateStringArrayOption extends RenovateArrayOption<string> {\n format?: 'regex';\n subType: 'string';\n}\n\nexport interface RenovateNumberArrayOption extends RenovateArrayOption<number> {\n subType: 'number';\n}\n\nexport interface RenovateBooleanOption extends RenovateOptionBase {\n default?: boolean | null;\n type: 'boolean';\n}\n\nexport interface RenovateIntegerOption extends RenovateOptionBase {\n default?: number | null;\n type: 'integer';\n}\n\nexport interface RenovateStringOption extends RenovateOptionBase {\n default?: string | null;\n format?: 'regex';\n\n // Not used\n replaceLineReturns?: boolean;\n type: 'string';\n}\n\nexport interface RenovateObjectOption extends RenovateOptionBase {\n default?: any;\n additionalProperties?: Record<string, unknown> | boolean;\n mergeable?: boolean;\n type: 'object';\n}\n\nexport type RenovateOptions =\n | RenovateStringOption\n | RenovateNumberArrayOption\n | RenovateStringArrayOption\n | RenovateIntegerOption\n | RenovateBooleanOption\n | RenovateArrayOption\n | RenovateObjectOption;\n\nexport interface PackageRuleInputConfig extends Record<string, unknown> {\n versioning?: string;\n packageFile?: string;\n lockFiles?: string[];\n depType?: string;\n depTypes?: string[];\n depName?: string;\n packageName?: string | null;\n newValue?: string | null;\n currentValue?: string | null;\n currentVersion?: string;\n lockedVersion?: string;\n updateType?: UpdateType;\n mergeConfidenceLevel?: MergeConfidence | undefined;\n isBump?: boolean;\n sourceUrl?: string | null;\n categories?: string[];\n baseBranch?: string;\n manager?: string;\n datasource?: string;\n packageRules?: (PackageRule & PackageRuleInputConfig)[];\n releaseTimestamp?: Timestamp | null;\n repository?: string;\n currentVersionAgeInDays?: number;\n currentVersionTimestamp?: string;\n enabled?: boolean;\n skipReason?: SkipReason;\n skipStage?: StageName;\n}\n\nexport interface ConfigMigration {\n configMigration?: boolean;\n}\n\nexport interface MigratedConfig {\n isMigrated: boolean;\n migratedConfig: RenovateConfig;\n}\n\nexport interface MigratedRenovateConfig extends RenovateConfig {\n endpoints?: HostRule[];\n pathRules: PackageRule[];\n packages: PackageRule[];\n\n node?: RenovateConfig;\n travis?: RenovateConfig;\n gradle?: RenovateConfig;\n}\n\nexport interface ManagerConfig extends RenovateConfig {\n manager: string;\n}\n\nexport interface ValidationResult {\n errors: ValidationMessage[];\n warnings: ValidationMessage[];\n}\n"]}
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../lib/config/types.ts"],"names":[],"mappings":";;;AAqNa,QAAA,yBAAyB,GAAG;IACvC,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,eAAe;CACP,CAAC;AAmGX,MAAM,uBAAuB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAU,CAAC","sourcesContent":["import type { PlatformId } from '../constants';\nimport type { LogLevelRemap } from '../logger/types';\nimport type { CustomManager } from '../modules/manager/custom/types';\nimport type { RepoSortMethod, SortMethod } from '../modules/platform/types';\nimport type { HostRule, SkipReason } from '../types';\nimport type { StageName } from '../types/skip-reason';\nimport type { GitNoVerifyOption } from '../util/git/types';\nimport type { MergeConfidence } from '../util/merge-confidence/types';\nimport type { Timestamp } from '../util/timestamp';\n\nexport type RenovateConfigStage =\n | 'global'\n | 'inherit'\n | 'repository'\n | 'package'\n | 'branch'\n | 'pr';\n\nexport type RepositoryCacheConfig = 'disabled' | 'enabled' | 'reset';\n// eslint-disable-next-line @typescript-eslint/no-redundant-type-constituents\nexport type RepositoryCacheType = 'local' | string;\nexport type DryRunConfig = 'extract' | 'lookup' | 'full';\nexport type RequiredConfig = 'required' | 'optional' | 'ignored';\n\nexport interface GroupConfig extends Record<string, unknown> {\n branchName?: string;\n branchTopic?: string;\n}\n\nexport type RecreateWhen = 'auto' | 'never' | 'always';\nexport type PlatformCommitOptions = 'auto' | 'disabled' | 'enabled';\n// TODO: Proper typings\nexport interface RenovateSharedConfig {\n $schema?: string;\n addLabels?: string[];\n autoReplaceGlobalMatch?: boolean;\n automerge?: boolean;\n automergeSchedule?: string[];\n automergeStrategy?: MergeStrategy;\n branchName?: string;\n branchNameStrict?: boolean;\n branchPrefix?: string;\n branchPrefixOld?: string;\n commitMessage?: string;\n commitMessageAction?: string;\n commitMessageExtra?: string;\n commitMessageLowerCase?: 'auto' | 'never';\n commitMessagePrefix?: string;\n commitMessageTopic?: string;\n confidential?: boolean;\n changelogUrl?: string;\n dependencyDashboardApproval?: boolean;\n draftPR?: boolean;\n enabled?: boolean;\n enabledManagers?: string[];\n extends?: string[];\n fileMatch?: string[];\n force?: RenovateConfig;\n gitIgnoredAuthors?: string[];\n group?: GroupConfig;\n groupName?: string;\n groupSlug?: string;\n hashedBranchLength?: number;\n ignoreDeps?: string[];\n ignorePaths?: string[];\n ignoreTests?: boolean;\n includePaths?: string[];\n internalChecksAsSuccess?: boolean;\n keepUpdatedLabel?: string;\n labels?: string[];\n manager?: string;\n milestone?: number;\n npmrc?: string;\n npmrcMerge?: boolean;\n platformCommit?: PlatformCommitOptions;\n postUpgradeTasks?: PostUpgradeTasks;\n prBodyColumns?: string[];\n prBodyDefinitions?: Record<string, string>;\n prCreation?: 'immediate' | 'not-pending' | 'status-success' | 'approval';\n prPriority?: number;\n productLinks?: Record<string, string>;\n pruneBranchAfterAutomerge?: boolean;\n rebaseLabel?: string;\n rebaseWhen?: string;\n recreateClosed?: boolean;\n recreateWhen?: RecreateWhen;\n repository?: string;\n repositoryCache?: RepositoryCacheConfig;\n repositoryCacheType?: RepositoryCacheType;\n respectLatest?: boolean;\n schedule?: string[];\n semanticCommitScope?: string | null;\n semanticCommitType?: string;\n semanticCommits?: 'auto' | 'enabled' | 'disabled';\n stopUpdatingLabel?: string;\n suppressNotifications?: string[];\n timezone?: string;\n unicodeEmoji?: boolean;\n}\n\n// Config options used only within the global worker\n// The below should contain config options where stage=global\nexport interface GlobalOnlyConfig {\n autodiscover?: boolean;\n autodiscoverFilter?: string[] | string;\n autodiscoverNamespaces?: string[];\n autodiscoverProjects?: string[];\n autodiscoverTopics?: string[];\n baseDir?: string;\n cacheDir?: string;\n containerbaseDir?: string;\n detectHostRulesFromEnv?: boolean;\n dockerCliOptions?: string;\n endpoint?: string;\n forceCli?: boolean;\n gitNoVerify?: GitNoVerifyOption[];\n gitPrivateKey?: string;\n globalExtends?: string[];\n mergeConfidenceDatasources?: string[];\n mergeConfidenceEndpoint?: string;\n platform?: PlatformId;\n prCommitsPerRunLimit?: number;\n privateKey?: string;\n privateKeyOld?: string;\n privateKeyPath?: string;\n privateKeyPathOld?: string;\n redisPrefix?: string;\n redisUrl?: string;\n repositories?: RenovateRepository[];\n useCloudMetadataServices?: boolean;\n deleteConfigFile?: boolean;\n}\n\n// Config options used within the repository worker, but not user configurable\n// The below should contain config options where globalOnly=true\nexport interface RepoGlobalConfig {\n allowedCommands?: string[];\n allowCustomCrateRegistries?: boolean;\n allowPlugins?: boolean;\n allowScripts?: boolean;\n allowedEnv?: string[];\n allowedHeaders?: string[];\n binarySource?: 'docker' | 'global' | 'install' | 'hermit';\n cacheDir?: string;\n cacheHardTtlMinutes?: number;\n cacheTtlOverride?: Record<string, number>;\n containerbaseDir?: string;\n customEnvVariables?: Record<string, string>;\n dockerChildPrefix?: string;\n dockerCliOptions?: string;\n dockerSidecarImage?: string;\n dockerUser?: string;\n dryRun?: DryRunConfig;\n encryptedWarning?: string;\n endpoint?: string;\n executionTimeout?: number;\n exposeAllEnv?: boolean;\n gitTimeout?: number;\n githubTokenWarn?: boolean;\n includeMirrors?: boolean;\n localDir?: string;\n migratePresets?: Record<string, string>;\n platform?: PlatformId;\n presetCachePersistence?: boolean;\n httpCacheTtlDays?: number;\n autodiscoverRepoSort?: RepoSortMethod;\n autodiscoverRepoOrder?: SortMethod;\n userAgent?: string;\n dockerMaxPages?: number;\n s3Endpoint?: string;\n s3PathStyle?: boolean;\n cachePrivatePackages?: boolean;\n}\n\nexport interface LegacyAdminConfig {\n localDir?: string;\n\n logContext?: string;\n\n onboarding?: boolean;\n onboardingBranch?: string;\n onboardingCommitMessage?: string;\n onboardingNoDeps?: 'auto' | 'enabled' | 'disabled';\n onboardingRebaseCheckbox?: boolean;\n onboardingPrTitle?: string;\n onboardingConfig?: RenovateSharedConfig;\n onboardingConfigFileName?: string;\n\n requireConfig?: RequiredConfig;\n}\n\nexport type ExecutionMode = 'branch' | 'update';\n\nexport interface PostUpgradeTasks {\n commands?: string[];\n fileFilters?: string[];\n executionMode: ExecutionMode;\n}\n\nexport type UpdateConfig<\n T extends RenovateSharedConfig = RenovateSharedConfig,\n> = Partial<Record<UpdateType, T | null>>;\n\nexport type RenovateRepository =\n | string\n | {\n repository: string;\n secrets?: Record<string, string>;\n };\n\nexport type UseBaseBranchConfigType = 'merge' | 'none';\nexport type ConstraintsFilter = 'strict' | 'none';\n\nexport const allowedStatusCheckStrings = [\n 'minimumReleaseAge',\n 'mergeConfidence',\n 'configValidation',\n 'artifactError',\n] as const;\nexport type StatusCheckKey = (typeof allowedStatusCheckStrings)[number];\ntype UserEnv = Record<string, string>;\n// TODO: Proper typings\nexport interface RenovateConfig\n extends LegacyAdminConfig,\n RenovateSharedConfig,\n UpdateConfig<PackageRule>,\n AssigneesAndReviewersConfig,\n ConfigMigration,\n Record<string, unknown> {\n s3Endpoint?: string;\n s3PathStyle?: boolean;\n reportPath?: string;\n reportType?: 'logging' | 'file' | 's3' | null;\n depName?: string;\n baseBranches?: string[];\n commitBody?: string;\n useBaseBranchConfig?: UseBaseBranchConfigType;\n baseBranch?: string;\n defaultBranch?: string;\n branchList?: string[];\n cloneSubmodulesFilter?: string[];\n description?: string | string[];\n force?: RenovateConfig;\n errors?: ValidationMessage[];\n\n gitAuthor?: string;\n\n hostRules?: HostRule[];\n\n inheritConfig?: boolean;\n inheritConfigFileName?: string;\n inheritConfigRepoName?: string;\n inheritConfigStrict?: boolean;\n\n ignorePresets?: string[];\n forkProcessing?: 'auto' | 'enabled' | 'disabled';\n isFork?: boolean;\n\n fileList?: string[];\n configWarningReuseIssue?: boolean;\n dependencyDashboard?: boolean;\n dependencyDashboardAutoclose?: boolean;\n dependencyDashboardChecks?: Record<string, string>;\n dependencyDashboardIssue?: number;\n dependencyDashboardTitle?: string;\n dependencyDashboardHeader?: string;\n dependencyDashboardFooter?: string;\n dependencyDashboardLabels?: string[];\n dependencyDashboardOSVVulnerabilitySummary?: 'none' | 'all' | 'unresolved';\n packageFile?: string;\n packageRules?: PackageRule[];\n postUpdateOptions?: string[];\n branchConcurrentLimit?: number | null;\n prConcurrentLimit?: number;\n prHourlyLimit?: number;\n forkModeDisallowMaintainerEdits?: boolean;\n\n defaultRegistryUrls?: string[];\n registryUrls?: string[] | null;\n registryAliases?: Record<string, string>;\n\n repoIsOnboarded?: boolean;\n repoIsActivated?: boolean;\n\n updateInternalDeps?: boolean;\n updateType?: UpdateType;\n\n warnings?: ValidationMessage[];\n vulnerabilityAlerts?: RenovateSharedConfig;\n osvVulnerabilityAlerts?: boolean;\n vulnerabilitySeverity?: string;\n customManagers?: CustomManager[];\n customDatasources?: Record<string, CustomDatasourceConfig>;\n\n fetchChangeLogs?: FetchChangeLogsOptions;\n secrets?: Record<string, string>;\n\n constraints?: Record<string, string>;\n skipInstalls?: boolean | null;\n\n constraintsFiltering?: ConstraintsFilter;\n\n checkedBranches?: string[];\n customizeDashboard?: Record<string, string>;\n\n statusCheckNames?: Record<StatusCheckKey, string | null>;\n /**\n * User configured environment variables that Renovate uses when executing package manager commands\n */\n env?: UserEnv;\n logLevelRemap?: LogLevelRemap[];\n\n branchTopic?: string;\n additionalBranchPrefix?: string;\n sharedVariableName?: string;\n}\n\nconst CustomDatasourceFormats = ['json', 'plain', 'yaml', 'html'] as const;\nexport type CustomDatasourceFormats = (typeof CustomDatasourceFormats)[number];\n\nexport interface CustomDatasourceConfig {\n defaultRegistryUrlTemplate?: string;\n format?: CustomDatasourceFormats;\n transformTemplates?: string[];\n}\n\nexport interface AllConfig\n extends RenovateConfig,\n GlobalOnlyConfig,\n RepoGlobalConfig {}\n\nexport interface AssigneesAndReviewersConfig {\n assigneesFromCodeOwners?: boolean;\n expandCodeOwnersGroups?: boolean;\n assignees?: string[];\n assigneesSampleSize?: number;\n ignoreReviewers?: string[];\n reviewersFromCodeOwners?: boolean;\n reviewers?: string[];\n reviewersSampleSize?: number;\n additionalReviewers?: string[];\n filterUnavailableUsers?: boolean;\n}\n\nexport type UpdateType =\n | 'major'\n | 'minor'\n | 'patch'\n | 'pin'\n | 'digest'\n | 'pinDigest'\n | 'lockFileMaintenance'\n | 'lockfileUpdate'\n | 'rollback'\n | 'bump'\n | 'replacement';\n\nexport type FetchChangeLogsOptions = 'off' | 'branch' | 'pr';\n\nexport type MatchStringsStrategy = 'any' | 'recursive' | 'combination';\n\nexport type MergeStrategy =\n | 'auto'\n | 'fast-forward'\n | 'merge-commit'\n | 'rebase'\n | 'squash';\n\n// TODO: Proper typings\nexport interface PackageRule\n extends RenovateSharedConfig,\n UpdateConfig,\n Record<string, unknown> {\n description?: string | string[];\n isVulnerabilityAlert?: boolean;\n matchBaseBranches?: string[];\n matchCategories?: string[];\n matchConfidence?: MergeConfidence[];\n matchCurrentAge?: string;\n matchCurrentValue?: string;\n matchCurrentVersion?: string;\n matchDatasources?: string[];\n matchDepNames?: string[];\n matchDepTypes?: string[];\n matchFileNames?: string[];\n matchManagers?: string[];\n matchNewValue?: string;\n matchPackageNames?: string[];\n matchRepositories?: string[];\n matchSourceUrls?: string[];\n matchUpdateTypes?: UpdateType[];\n matchJsonata?: string[];\n registryUrls?: string[] | null;\n vulnerabilitySeverity?: string;\n vulnerabilityFixVersion?: string;\n}\n\nexport interface ValidationMessage {\n topic: string;\n message: string;\n}\n\nexport type AllowedParents =\n | 'customDatasources'\n | 'customManagers'\n | 'hostRules'\n | 'logLevelRemap'\n | 'packageRules'\n | 'postUpgradeTasks'\n | 'vulnerabilityAlerts';\nexport interface RenovateOptionBase {\n /**\n * If true, the option can only be configured by people with access to the Renovate instance.\n * Furthermore, the option should be documented in docs/usage/self-hosted-configuration.md.\n */\n globalOnly?: boolean;\n\n inheritConfigSupport?: boolean;\n\n allowedValues?: string[];\n\n allowString?: boolean;\n\n cli?: boolean;\n\n description: string;\n\n env?: false | string;\n\n /**\n * Do not validate object children\n */\n freeChoice?: boolean;\n\n mergeable?: boolean;\n\n autogenerated?: boolean;\n\n name: string;\n\n parents?: AllowedParents[];\n\n stage?: RenovateConfigStage;\n\n experimental?: boolean;\n\n experimentalDescription?: string;\n\n experimentalIssues?: number[];\n\n advancedUse?: boolean;\n\n /**\n * This is used to add depreciation message in the docs\n */\n deprecationMsg?: string;\n\n /**\n * For internal use only: add it to any config option that supports regex or glob matching\n */\n patternMatch?: boolean;\n\n /**\n * For internal use only: add it to any config option of type integer that supports negative integers\n */\n allowNegative?: boolean;\n\n /**\n * Managers which support this option, leave undefined if all managers support it.\n */\n supportedManagers?: string[];\n\n /**\n * Platforms which support this option, leave undefined if all platforms support it.\n */\n supportedPlatforms?: PlatformId[];\n}\n\nexport interface RenovateArrayOption<\n T extends string | number | Record<string, unknown> = Record<string, unknown>,\n> extends RenovateOptionBase {\n default?: T[] | null;\n mergeable?: boolean;\n type: 'array';\n subType?: 'string' | 'object' | 'number';\n}\n\nexport interface RenovateStringArrayOption extends RenovateArrayOption<string> {\n format?: 'regex';\n subType: 'string';\n}\n\nexport interface RenovateNumberArrayOption extends RenovateArrayOption<number> {\n subType: 'number';\n}\n\nexport interface RenovateBooleanOption extends RenovateOptionBase {\n default?: boolean | null;\n type: 'boolean';\n}\n\nexport interface RenovateIntegerOption extends RenovateOptionBase {\n default?: number | null;\n type: 'integer';\n}\n\nexport interface RenovateStringOption extends RenovateOptionBase {\n default?: string | null;\n format?: 'regex';\n\n // Not used\n replaceLineReturns?: boolean;\n type: 'string';\n}\n\nexport interface RenovateObjectOption extends RenovateOptionBase {\n default?: any;\n additionalProperties?: Record<string, unknown> | boolean;\n mergeable?: boolean;\n type: 'object';\n}\n\nexport type RenovateOptions =\n | RenovateStringOption\n | RenovateNumberArrayOption\n | RenovateStringArrayOption\n | RenovateIntegerOption\n | RenovateBooleanOption\n | RenovateArrayOption\n | RenovateObjectOption;\n\nexport interface PackageRuleInputConfig extends Record<string, unknown> {\n versioning?: string;\n packageFile?: string;\n lockFiles?: string[];\n depType?: string;\n depTypes?: string[];\n depName?: string;\n packageName?: string | null;\n newValue?: string | null;\n currentValue?: string | null;\n currentVersion?: string;\n lockedVersion?: string;\n updateType?: UpdateType;\n mergeConfidenceLevel?: MergeConfidence | undefined;\n isBump?: boolean;\n sourceUrl?: string | null;\n categories?: string[];\n baseBranch?: string;\n manager?: string;\n datasource?: string;\n packageRules?: (PackageRule & PackageRuleInputConfig)[];\n releaseTimestamp?: Timestamp | null;\n repository?: string;\n currentVersionAgeInDays?: number;\n currentVersionTimestamp?: string;\n enabled?: boolean;\n skipReason?: SkipReason;\n skipStage?: StageName;\n}\n\nexport interface ConfigMigration {\n configMigration?: boolean;\n}\n\nexport interface MigratedConfig {\n isMigrated: boolean;\n migratedConfig: RenovateConfig;\n}\n\nexport interface MigratedRenovateConfig extends RenovateConfig {\n endpoints?: HostRule[];\n pathRules: PackageRule[];\n packages: PackageRule[];\n\n node?: RenovateConfig;\n travis?: RenovateConfig;\n gradle?: RenovateConfig;\n}\n\nexport interface ManagerConfig extends RenovateConfig {\n manager: string;\n}\n\nexport interface ValidationResult {\n errors: ValidationMessage[];\n warnings: ValidationMessage[];\n}\n"]}
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.parseConfigs = parseConfigs;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
const is_1 = tslib_1.__importDefault(require("@sindresorhus/is"));
|
|
6
|
+
const decrypt_1 = require("../../../../config/decrypt");
|
|
6
7
|
const defaultsParser = tslib_1.__importStar(require("../../../../config/defaults"));
|
|
7
8
|
const secrets_1 = require("../../../../config/secrets");
|
|
8
9
|
const utils_1 = require("../../../../config/utils");
|
|
@@ -49,8 +50,12 @@ async function parseConfigs(env, argv) {
|
|
|
49
50
|
config.privateKeyOld = await (0, fs_1.readSystemFile)(config.privateKeyPathOld, 'utf8');
|
|
50
51
|
delete config.privateKeyPathOld;
|
|
51
52
|
}
|
|
53
|
+
// Add private keys for sanitizing then set and delete them
|
|
52
54
|
(0, sanitize_1.addSecretForSanitizing)(config.privateKey, 'global');
|
|
53
55
|
(0, sanitize_1.addSecretForSanitizing)(config.privateKeyOld, 'global');
|
|
56
|
+
(0, decrypt_1.setPrivateKeys)(config.privateKey, config.privateKeyOld);
|
|
57
|
+
delete config.privateKey;
|
|
58
|
+
delete config.privateKeyOld;
|
|
54
59
|
if (config.logContext) {
|
|
55
60
|
// This only has an effect if logContext was defined via file or CLI, otherwise it would already have been detected in env
|
|
56
61
|
(0, logger_1.setContext)(config.logContext);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../lib/workers/global/config/parse/index.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../lib/workers/global/config/parse/index.ts"],"names":[],"mappings":";;AAmBA,oCAiHC;;AApID,kEAAkC;AAClC,wDAA4D;AAC5D,oFAA8D;AAC9D,wDAAkE;AAElE,oDAA4D;AAC5D,+CAAwD;AACxD,yDAAoE;AACpE,kDAAqD;AACrD,8CAAoD;AACpD,4CAAqD;AACrD,wDAAmE;AACnE,8CAA2D;AAC3D,yDAAmC;AACnC,iEAA2C;AAC3C,yDAAmC;AACnC,2DAAqC;AACrC,+DAAyD;AAElD,KAAK,UAAU,YAAY,CAChC,GAAsB,EACtB,IAAc;IAEd,eAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAEhC,cAAc;IACd,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAEjD,IAAI,MAAM,GAAc,IAAA,wBAAgB,EAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAChE,MAAM,GAAG,IAAA,wBAAgB,EAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAE7C,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE5C,MAAM,cAAc,GAAG,MAAM,CAAC;IAE9B,MAAM,GAAG,IAAA,wBAAgB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAEjD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,SAAS,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;QACnC,OAAO,SAAS,CAAC,KAAK,CAAC;QACvB,OAAO,SAAS,CAAC,SAAS,CAAC;QAC3B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,CAAC,KAAK,GAAG,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,GAAG,SAAS,EAAE,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,GAAG,SAAS,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,CAAC,UAAU,GAAG,MAAM,IAAA,mBAAc,EAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACxE,OAAO,MAAM,CAAC,cAAc,CAAC;IAC/B,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACtD,MAAM,CAAC,aAAa,GAAG,MAAM,IAAA,mBAAc,EACzC,MAAM,CAAC,iBAAiB,EACxB,MAAM,CACP,CAAC;QACF,OAAO,MAAM,CAAC,iBAAiB,CAAC;IAClC,CAAC;IAED,2DAA2D;IAC3D,IAAA,iCAAsB,EAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACpD,IAAA,iCAAsB,EAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IACvD,IAAA,wBAAc,EAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACxD,OAAO,MAAM,CAAC,UAAU,CAAC;IACzB,OAAO,MAAM,CAAC,aAAa,CAAC;IAE5B,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,0HAA0H;QAC1H,IAAA,mBAAU,EAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAED,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,gBAAgB,CAAC,CAAC;IAC1D,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,aAAa,CAAC,CAAC;IACpD,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,YAAY,CAAC,CAAC;IAClD,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,YAAY,CAAC,CAAC;IAClD,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAE5D,IAAI,MAAM,CAAC,yBAAyB,EAAE,CAAC;QACrC,eAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAChD,MAAM,mBAAmB,GAAG,MAAM,IAAA,+BAAqB,GAAE,CAAC;QAC1D,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,mBAAmB,EAAE,EAAE,uBAAuB,CAAC,CAAC;QACvE,MAAM,GAAG,IAAA,wBAAgB,EAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,MAAM,CAAC,sBAAsB,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,IAAA,sCAAgB,EAAC,GAAG,CAAC,CAAC;QACxC,MAAM,CAAC,SAAS,GAAG,CAAC,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,SAAS,CAAC,EAAE,GAAG,SAAS,CAAC,CAAC;IACtE,CAAC;IACD,oBAAoB;IACpB,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;IAExC,4CAA4C;IAC5C,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,eAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAClD,MAAM,CAAC,QAAQ,GAAG,IAAA,yBAAmB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,yBAAyB;IACzB,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,cAAc,KAAK,UAAU,EAAE,CAAC;QACjE,eAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,MAAM,CAAC,cAAc,GAAG,SAAS,CAAC;IACpC,CAAC;IAED,mDAAmD;IACnD,MAAM,UAAU,CAAC,sBAAsB,CAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAExE,2BAA2B;IAC3B,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACnE,eAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QACzE,MAAM,CAAC,gBAAgB,GAAG,SAAS,CAAC;IACtC,CAAC;IAED,+CAA+C;IAC/C,8GAA8G;IAC9G,IAAI,YAAE,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,MAAM,GAAG,IAAA,8BAAoB,EAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QACxD,uFAAuF;QACvF,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAQ,CAAC,EAAE,CAAC;YACpD,IAAA,iCAAsB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,IAAI,YAAE,CAAC,cAAc,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACjD,IAAA,kBAAY,EAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { setPrivateKeys } from '../../../../config/decrypt';\nimport * as defaultsParser from '../../../../config/defaults';\nimport { applySecretsToConfig } from '../../../../config/secrets';\nimport type { AllConfig } from '../../../../config/types';\nimport { mergeChildConfig } from '../../../../config/utils';\nimport { logger, setContext } from '../../../../logger';\nimport { detectAllGlobalConfig } from '../../../../modules/manager';\nimport { coerceArray } from '../../../../util/array';\nimport { setCustomEnv } from '../../../../util/env';\nimport { readSystemFile } from '../../../../util/fs';\nimport { addSecretForSanitizing } from '../../../../util/sanitize';\nimport { ensureTrailingSlash } from '../../../../util/url';\nimport * as cliParser from './cli';\nimport * as codespaces from './codespaces';\nimport * as envParser from './env';\nimport * as fileParser from './file';\nimport { hostRulesFromEnv } from './host-rules-from-env';\n\nexport async function parseConfigs(\n env: NodeJS.ProcessEnv,\n argv: string[],\n): Promise<AllConfig> {\n logger.debug('Parsing configs');\n\n // Get configs\n const defaultConfig = defaultsParser.getConfig();\n const fileConfig = await fileParser.getConfig(env);\n const cliConfig = cliParser.getConfig(argv);\n const envConfig = await envParser.getConfig(env);\n\n let config: AllConfig = mergeChildConfig(fileConfig, envConfig);\n config = mergeChildConfig(config, cliConfig);\n\n config = await codespaces.setConfig(config);\n\n const combinedConfig = config;\n\n config = mergeChildConfig(defaultConfig, config);\n\n if (config.forceCli) {\n const forcedCli = { ...cliConfig };\n delete forcedCli.token;\n delete forcedCli.hostRules;\n if (config.force) {\n config.force = { ...config.force, ...forcedCli };\n } else {\n config.force = forcedCli;\n }\n }\n\n if (!config.privateKey && config.privateKeyPath) {\n config.privateKey = await readSystemFile(config.privateKeyPath, 'utf8');\n delete config.privateKeyPath;\n }\n\n if (!config.privateKeyOld && config.privateKeyPathOld) {\n config.privateKeyOld = await readSystemFile(\n config.privateKeyPathOld,\n 'utf8',\n );\n delete config.privateKeyPathOld;\n }\n\n // Add private keys for sanitizing then set and delete them\n addSecretForSanitizing(config.privateKey, 'global');\n addSecretForSanitizing(config.privateKeyOld, 'global');\n setPrivateKeys(config.privateKey, config.privateKeyOld);\n delete config.privateKey;\n delete config.privateKeyOld;\n\n if (config.logContext) {\n // This only has an effect if logContext was defined via file or CLI, otherwise it would already have been detected in env\n setContext(config.logContext);\n }\n\n logger.trace({ config: defaultConfig }, 'Default config');\n logger.debug({ config: fileConfig }, 'File config');\n logger.debug({ config: cliConfig }, 'CLI config');\n logger.debug({ config: envConfig }, 'Env config');\n logger.debug({ config: combinedConfig }, 'Combined config');\n\n if (config.detectGlobalManagerConfig) {\n logger.debug('Detecting global manager config');\n const globalManagerConfig = await detectAllGlobalConfig();\n logger.debug({ config: globalManagerConfig }, 'Global manager config');\n config = mergeChildConfig(config, globalManagerConfig);\n }\n\n if (config.detectHostRulesFromEnv) {\n const hostRules = hostRulesFromEnv(env);\n config.hostRules = [...coerceArray(config.hostRules), ...hostRules];\n }\n // Get global config\n logger.trace({ config }, 'Full config');\n\n // Massage endpoint to have a trailing slash\n if (config.endpoint) {\n logger.debug('Adding trailing slash to endpoint');\n config.endpoint = ensureTrailingSlash(config.endpoint);\n }\n\n // Massage forkProcessing\n if (!config.autodiscover && config.forkProcessing !== 'disabled') {\n logger.debug('Enabling forkProcessing while in non-autodiscover mode');\n config.forkProcessing = 'enabled';\n }\n\n // Only try deletion if RENOVATE_CONFIG_FILE is set\n await fileParser.deleteNonDefaultConfig(env, !!config.deleteConfigFile);\n\n // Massage onboardingNoDeps\n if (!config.autodiscover && config.onboardingNoDeps !== 'disabled') {\n logger.debug('Enabling onboardingNoDeps while in non-autodiscover mode');\n config.onboardingNoDeps = 'enabled';\n }\n\n // do not add these secrets to repoSecrets and,\n // do not delete the secrets object after applying on global config as it needs to be re-used for repo config\n if (is.nonEmptyObject(config.secrets)) {\n config = applySecretsToConfig(config, undefined, false);\n // adding these secrets to the globalSecrets set so that they can be redacted from logs\n for (const secret of Object.values(config.secrets!)) {\n addSecretForSanitizing(secret, 'global');\n }\n }\n\n if (is.nonEmptyObject(config.customEnvVariables)) {\n setCustomEnv(config.customEnvVariables);\n }\n\n return config;\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "renovate",
|
|
3
3
|
"description": "Automated dependency updates. Flexible so you don't need to be.",
|
|
4
|
-
"version": "40.0.
|
|
4
|
+
"version": "40.0.9",
|
|
5
5
|
"type": "commonjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"renovate": "dist/renovate.js",
|
|
@@ -230,7 +230,7 @@
|
|
|
230
230
|
"minimatch": "10.0.1",
|
|
231
231
|
"moo": "0.5.2",
|
|
232
232
|
"ms": "2.1.3",
|
|
233
|
-
"nanoid": "
|
|
233
|
+
"nanoid": "5.1.5",
|
|
234
234
|
"neotraverse": "0.6.18",
|
|
235
235
|
"node-html-parser": "7.0.1",
|
|
236
236
|
"p-all": "3.0.0",
|
|
@@ -303,7 +303,7 @@
|
|
|
303
303
|
"@types/mdast": "3.0.15",
|
|
304
304
|
"@types/moo": "0.5.10",
|
|
305
305
|
"@types/ms": "2.1.0",
|
|
306
|
-
"@types/node": "22.15.
|
|
306
|
+
"@types/node": "22.15.2",
|
|
307
307
|
"@types/parse-link-header": "2.0.3",
|
|
308
308
|
"@types/punycode": "2.1.4",
|
|
309
309
|
"@types/semver": "7.7.0",
|