renovate 42.68.3 → 42.68.5

package/dist/modules/manager/fingerprint.generated.js

@@ -42,7 +42,7 @@ exports.hashMap.set('fleet', '642e8e7ab739fba65bce7222b6f3e80fe44806c4190c8e93c5
 exports.hashMap.set('flux', '3b87b351f98c11ca0e6cb275deb708dc9bf601a7e578f7a3a7e83fe6e15eb540');
 exports.hashMap.set('fvm', 'aa154dd5ffe3caced30713a9a55967360b7a0f35edd2fc06bd6f3e73c5c87570');
 exports.hashMap.set('git-submodules', 'b5d78ab86025516b8cc52ede93b390c45a1a46e7ca338e1d2b7f1d57481ebf43');
-exports.hashMap.set('github-actions', 'bbc568ece7c04ce5c7c94476ccb15689d8e6a1d555099d88a6a072ed4eb7150a');
+exports.hashMap.set('github-actions', 'c27d8bb80e1e7f864a1c2e2964e40f171d72d0c4f83673de8d8cfe750b7c5c82');
 exports.hashMap.set('gitlabci', '1f2e3e3a3013488e68d2aa0e39d80ee3bfbc9a01d817874f4c8195f8aff1fac9');
 exports.hashMap.set('gitlabci-include', '5bc01de9b40ecc8888a37690152f4a2f9cacc509b9cb5902aac024ca7a7c8e65');
 exports.hashMap.set('glasskube', 'fd415356a866ad174a5b70522d662e4289a2c5d5e34c55d57542b0d8968f1645');

package/dist/modules/manager/fingerprint.generated.js.map

@@ -1 +1 @@
-{"version":3,"file":"fingerprint.generated.js","sourceRoot":"","sources":["../../../lib/modules/manager/fingerprint.generated.ts"],"names":[],"mappings":";;;AAAa,QAAA,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEjD,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,iBAAiB,EAAC,kEAAkE,CAAC,CAAC;AAClG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,cAAc,EAAC,kEAAkE,CAAC,CAAC;AAC/F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,qBAAqB,EAAC,kEAAkE,CAAC,CAAC;AACtG,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,aAAa,EAAC,kEAAkE,CAAC,CAAC;AAC9F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,cAAc,EAAC,kEAAkE,CAAC,CAAC;AAC/F,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,kBAAkB,EAAC,kEAAkE,CAAC,CAAC;AACnG,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,mBAAmB,EAAC,kEAAkE,CAAC,CAAC;AACpG,eAAO,CAAC,GAAG,CAAC,aAAa,EAAC,kEAAkE,CAAC,CAAC;AAC9F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,iBAAiB,EAAC,kEAAkE,CAAC,CAAC;AAClG,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,aAAa,EAAC,kEAAkE,CAAC,CAAC;AAC9F,eAAO,CAAC,GAAG,CAAC,kBAAkB,EAAC,kEAAkE,CAAC,CAAC;AACnG,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,yBAAyB,EAAC,kEAAkE,CAAC,CAAC;AAC1G,eAAO,CAAC,GAAG,CAAC,cAAc,EAAC,kEAAkE,CAAC,CAAC;AAC/F,eAAO,CAAC,GAAG,CAAC,iBAAiB,EAAC,kEAAkE,CAAC,CAAC;AAClG,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,mBAAmB,EAAC,kEAAkE,CAAC,CAAC;AACpG,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,oBAAoB,EAAC,kEAAkE,CAAC,CAAC;AACrG,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC","sourcesContent":["export const hashMap = new Map<string, string>();\n\nhashMap.set('ansible','4c234d79f768392545924fa9b139f8d177f15b6aa46776cf063860a1d36e48c7');\nhashMap.set('ansible-galaxy','a211e40f5c8613986ac16bc8d5389ea23d145cd643091d1b951a7f65926e99ff');\nhashMap.set('argocd','8619ed756b6f7249ea836e14e8f8660ee5f971992e3862d43f19d42f10762560');\nhashMap.set('asdf','e7f29eb8157e6ca5928890a0cc2fc88d57ddcf7b426dad1c4f15386858d3cd6a');\nhashMap.set('azure-pipelines','0b741b2629f6d94589524ce9b3886765e5c5648c9b6d707bb0b5fede276f9c09');\nhashMap.set('batect','523e8d7a309b4814a02819371313b2dac3764eab64cabfaf1d58b6e89de4ce43');\nhashMap.set('batect-wrapper','90941650f810adb3d7abe476da7221ff3434aa9d09ffc3d310e35108f360f364');\nhashMap.set('bazel','19e8ee20f9882e3023b2126d4b8335693cae9fb2b908f59803bbdfd432055d28');\nhashMap.set('bazel-module','4e3d00184b146e5c0ad69433697076f722afe933701ab08676af13e47d289eac');\nhashMap.set('bazelisk','6fbef61d534724ff259ea6e4fc1cd0a3d5a46d740c375128fa59b225daddd39f');\nhashMap.set('bicep','fbbd74998411012cfba829526701109d1fc184ade0cb11a28e4ca2956174b0f1');\nhashMap.set('bitbucket-pipelines','98c0d715a7eb4e41b8231091b83385f325966373f37dc7d6bc10b1febb6f605e');\nhashMap.set('bitrise','d18d2dcd356e19c4cd94912511a88636198c23b64e54f31da273be11044970cf');\nhashMap.set('buildkite','ac713ce38da057ff3ceb08d092291356dfc74f5b33b75f010bb9db1a211439c0');\nhashMap.set('buildpacks','cc8bbe937416a012df36a5c7ab01ae3cdedbed03615549bbe9f0f27fa40a150b');\nhashMap.set('bun','512695cbae4bf6bd17bad3c176b6e715d2cf0d7cbe5bef49da7f44f350161f6b');\nhashMap.set('bun-version','49194d7fcb6b7bdd7e7a1264f71532bb2be8142d48478bf74716f7a9d4b306b9');\nhashMap.set('bundler','7df6f082c34b90b660b70197906fdc3ad299e6650999bb3f8a0fddb7edeb398e');\nhashMap.set('cake','a04160b352550cb470acb62f9a532361842c12f2ffbcd473bffca3de024522d9');\nhashMap.set('cargo','5612a7b7bb5ccd007fed48ff7f345092ffe987d9f1086505d8ac03a436420251');\nhashMap.set('cdnurl','70281459e771df007787fc25dba16e4d5109865f97209dcf4f572ddd287d538a');\nhashMap.set('circleci','c7c7a1b71385f0ea7cf1e9fc24c37a1d5dabf13d6952e1e3b2179861b55f4e44');\nhashMap.set('cloudbuild','e4f926bfb907220e97dce98335837c52b4e0fe66d813593a7e572736acfc53f7');\nhashMap.set('cocoapods','1ff72f39f8c04e4a0253eb598906adebcaa5bc37b68f40e23317482f29936948');\nhashMap.set('composer','35f91e3dcc754668a42b18f5c2c9bd5a337d83eef1b80845fed8fd453074d020');\nhashMap.set('conan','4df92ebfa53ec6b7103030316ff70822d18f73cca8c71f2dca1d71c0d00b9353');\nhashMap.set('copier','34a3f985c82673bb7a2828ef644e271e5031da873e8cd44bf992a1826b3e40db');\nhashMap.set('cpanfile','9b354db9666eee2485b27e44a6e61eaadc86ec2f2c6af9bb7bbc9fab54f31642');\nhashMap.set('crossplane','76261ff27b38f9850ee1a3a7e95168abefd96b4736f2cf04a7343e16827b42d8');\nhashMap.set('crow','ffce0c24358c3097e3935bffc38ef3eff143dbbc589c1b75a6d3635a62fdeea4');\nhashMap.set('deps-edn','306376e0f00f47ea416dba972e6347f44c78228e298e4ed766635018e26f698a');\nhashMap.set('devbox','c00b62bd0fab0bb85874cbe2019dfa428f79dfc697d70a7445b80d641a3b7c0e');\nhashMap.set('devcontainer','e9982b5ff8aeac8fefb40dc363d3ab35f58af8c08b91eb45d22937a8c60447bb');\nhashMap.set('docker-compose','0c867e3aa14ae7dfc673eef348b2086ae2e36cbebfd1827e031a8030f9295276');\nhashMap.set('dockerfile','afbfa832a5d63c972c02445de3cd14fc9cf2e6bab797b0b7c930b16f5f267462');\nhashMap.set('droneci','f2a98fcece07b462baaceb28cd6904e080cb1ab0727fcd7403bea5ffd2e05239');\nhashMap.set('fleet','642e8e7ab739fba65bce7222b6f3e80fe44806c4190c8e93c5bcab23d44e9fd4');\nhashMap.set('flux','3b87b351f98c11ca0e6cb275deb708dc9bf601a7e578f7a3a7e83fe6e15eb540');\nhashMap.set('fvm','aa154dd5ffe3caced30713a9a55967360b7a0f35edd2fc06bd6f3e73c5c87570');\nhashMap.set('git-submodules','b5d78ab86025516b8cc52ede93b390c45a1a46e7ca338e1d2b7f1d57481ebf43');\nhashMap.set('github-actions','bbc568ece7c04ce5c7c94476ccb15689d8e6a1d555099d88a6a072ed4eb7150a');\nhashMap.set('gitlabci','1f2e3e3a3013488e68d2aa0e39d80ee3bfbc9a01d817874f4c8195f8aff1fac9');\nhashMap.set('gitlabci-include','5bc01de9b40ecc8888a37690152f4a2f9cacc509b9cb5902aac024ca7a7c8e65');\nhashMap.set('glasskube','fd415356a866ad174a5b70522d662e4289a2c5d5e34c55d57542b0d8968f1645');\nhashMap.set('gleam','a4621cc86a42890a41c31e957726e02514257f4e91896d92f238ac07ab81cebb');\nhashMap.set('gomod','7c9240c54e09aa30b83d5b02e08e0b93054f9685ce02103a342f7b8aacd5406b');\nhashMap.set('gradle','729af0df3f220bdf461a0e272685dbf1f14275409f8ebb4b12a5c3d6ab2d12d3');\nhashMap.set('gradle-wrapper','d691572ff7a998162d20527dcc70b3fbf569442da0aa8156fdbce04376c537b1');\nhashMap.set('haskell-cabal','a2bf118238529952d0f2f352112dfbc86fb5533ef819625161a130f39c8ca713');\nhashMap.set('helm-requirements','8f643d415ab0cfbef05bce4dce9812eef47bddb7b8b67a191e6a4230489e652f');\nhashMap.set('helm-values','fbd4a0b4bdda8a71dc38ac8916287f73e2b7de5ef122096a5b5d525c1a3306cd');\nhashMap.set('helmfile','d5a965244170f3dede0c74cbfc8447547c740e5ccc41423cb8fd6ed6b154a552');\nhashMap.set('helmsman','734fa89740fd5140ca3e39204872aba3451c05cd17f0b5e2b635934ed7b1710b');\nhashMap.set('helmv3','2c053d7d4b265420350b1cdd8d9ca3d2ad8dd2598c3ff647af8651d777ff92ab');\nhashMap.set('hermit','4fff70ffcae503c3009227601a7a429a55b0d3f8748d49f4fbd69845fea38dc1');\nhashMap.set('homebrew','47393bd17f23eab1d465925b8f13bbda75226e5e5f7c55ffa52a11cbed03d742');\nhashMap.set('html','226a9084e10ebf754906386159db08667394f5432105249bdb30d9c60af9fb56');\nhashMap.set('jenkins','309db014e3590e1cd6d53ede2755395c82e5cd4b880425daf52a6ab60e0d6a42');\nhashMap.set('jsonnet-bundler','73ef9cdc2bb4b44e31699872ebadf1e3d51ef4ab42ae41152e459f296ab6e260');\nhashMap.set('kotlin-script','7d3376b11fc1dfcc87bd6a130b8c7d5158915fdf8ea8f64e83fdb1f7dd62e22c');\nhashMap.set('kubernetes','62cfa6c77593b48290f3c26a2f390c4bdfe8ab3cfb79e358b10d8aece689a999');\nhashMap.set('kustomize','347ab9066fbe7bb8365443280052c5240142488d205a182d4f8fb3bf096d954b');\nhashMap.set('leiningen','0598d2f53cfc92076d47186245a7b591d2b0df157609a7f55a37b54ab2d32a77');\nhashMap.set('maven','5592ee2784417aa586aca86efa13e142c4fdf544bd0deea691c596788a9c48c7');\nhashMap.set('maven-wrapper','63b7a448d3a3eebc8794b4dedce93a234f44f4b4fa5cb4a721078c12b4fee72c');\nhashMap.set('meteor','a9785d85b3520ed9e763c800730f36b95747795699758ecbe1395133c5b0040e');\nhashMap.set('mint','7072e37f18bb57500018406eb8711b2615b1916f073867f30653cdd4a99dab81');\nhashMap.set('mise','d84dcf05c3a23985e20aeca65a51552c808c954196fb4eae1de319c11f539ad9');\nhashMap.set('mix','27421372b5f8df486b0096be2d6f4403dbd64bd71c2f5ca6f6dd7ad0b30b3a3a');\nhashMap.set('nix','169443a1fe51757a040ac60f2aeae57fbd2dd8ec0f82cedb7aa880e327995c95');\nhashMap.set('nodenv','d159174d53e39af2013443cf86df88e14aac79a5a8d602180af229dcb2ddeda9');\nhashMap.set('npm','4dacb294fefc913f68e57b95c11699f760d3ae6d2ead8bcb55b908455c0b1152');\nhashMap.set('nuget','f366c8d11da898ab9012bbec7511354890032f8afd87db944561cffe479c367c');\nhashMap.set('nvm','2d7a15f668d33a31302af960c3bc137b86d0284b1ea16c528d334e46a468b0d4');\nhashMap.set('ocb','bff1864d0937341790cfe08833c39642f785844762669f5753ff057bada923ab');\nhashMap.set('osgi','dae012cd486843eb53da4b032105e54d18f4e7537bd59c5321313950dd108a95');\nhashMap.set('pep621','3f7c61b16393a59cc2e1819998a5e5128af2c55cda37145703a085360b1dde22');\nhashMap.set('pep723','bf07d466ea1bc9513c8d2cb475fcca3bc9b61f2184bd9af0a7a28d45b6f57ecd');\nhashMap.set('pip-compile','c433dd0445137e632dbf3144f337b925a9dd7f27f29ba0945a696adfb74e4066');\nhashMap.set('pip_requirements','16598617b0bd1beef3031d2529c634be601ecf572678f205589bf4d1ce7132f6');\nhashMap.set('pip_setup','31b330d9666d61474326a761a3ce1479f9a189ef6838ecfee78843ff4c80af73');\nhashMap.set('pipenv','e689b0c7680c26169b45ca17c90ced26281aea4c9b7ce01aff42c6169c567a92');\nhashMap.set('pixi','ad1d3689a4f4815be8b579ec7455d4c20f1a7602accd45f451ee554f4bd9d1fd');\nhashMap.set('poetry','8e346ddbee9d8b2e19447cebb0d691eb03b05a852c50d7e9b2d9789857330e1a');\nhashMap.set('pre-commit','64efc3146f0981751a584a29bdcfe6701cc17849c7bc2bc87b238315d843524a');\nhashMap.set('pub','a2e38469167f49a34503e25816c7b9dd113b65bd10a3ad3fa325ac4ce571a453');\nhashMap.set('puppet','34f7e3916780e8ed352b65864bad91bf66547e29f91ee8fca7fd6e8fcd2621fd');\nhashMap.set('pyenv','4e520570d9a1407864aa7c5461d4008372d889254067e405cee2212d0ef8990b');\nhashMap.set('quadlet','972bb8017f8c7811a74b91b56cfcd9d6f1aef1c026c9a8b956cecc63d95b0bb2');\nhashMap.set('renovate-config-presets','27f100d67e2a1ad20cfd4aa3f1db1f1c34f62910929695f381160b3835a7fa65');\nhashMap.set('ruby-version','4aac2178a20ccdf8136363030e5156017f3d44368b4192b3280997df596dcacc');\nhashMap.set('runtime-version','dbf80ce2a5f07dd34bc9a008159b4f08052cc6fd0d92cbd2aeb0026c8008fa72');\nhashMap.set('sbt','dc1ec4aeeb5e012c7a595478873ad67e2dee6e2af951b12b9e9057cb64f2258d');\nhashMap.set('scalafmt','8a54fef703269ed31ce28887e62b0b838a13359e86fa77c7f4dceb89fda0f352');\nhashMap.set('setup-cfg','9a778d8a58f643fff1d23d750dfebed21e45bce99bfdcdc3de39795a407d983f');\nhashMap.set('sveltos','a69f9e206526af08685e20a72344b22d856f2effd882e67333a153a989a0a047');\nhashMap.set('swift','966398303fb2b86c14cede8e4a7bfc7810d3100c39a60ac9e01e56b181df3970');\nhashMap.set('tekton','eb8fb6a25ca7fd0d304f67d5ab2e93ddd8b34854553130003ce3340ca7b3bba1');\nhashMap.set('terraform','61b56a155559e0c1db92f8ed7726b475bf2071804053eba694fcc70fd139e007');\nhashMap.set('terraform-version','b08480f326c45daf3daeccc2d2f593a723c30a50437a66ac2290d671b427a355');\nhashMap.set('terragrunt','b32d2317bf2cf032243c417463f3760e4decf820d2e5332e6415e16dcf05e9ab');\nhashMap.set('terragrunt-version','45f221b13a193a42687f318e10cf1558079e28c970e91ce25c370f35f88f2f58');\nhashMap.set('tflint-plugin','719408f35a233216562aa62fb8126145a3450b69f917c8fcdf2f3b2c05a9898b');\nhashMap.set('travis','30174e78a6297e44db1c030ea2e111084e14b1eac220f522522c77d684a76285');\nhashMap.set('typst','d0e2b7cbf2ac47d55bd41fd4503251a4f606861dc60d812eff7532371ae2a8cb');\nhashMap.set('unity3d','9a61f8db397bc962f03a1d82045805ffa89863894e26824ecbeffcbf66b3ba3d');\nhashMap.set('velaci','9ad5d5d2584b9c189c4edcd25ad9103926bd4ba850a419a3b5e4aba9682817c3');\nhashMap.set('vendir','dec4ea0068ab77bc60c04b9c62184a50e629709da463fe7218c2cdf9da37f2e8');\nhashMap.set('woodpecker','eaaa0a3bcfd0dc60c0990f2a1d7acf19c4f86ce4641ab3cf0a31f2bf46fc61b8');\nhashMap.set('jsonata','b8a0369f94be06f2109b7d233d8165a3e03d93498c43353720eb03b1eaa43e7b');\nhashMap.set('regex','3208bf2bf488d346e58c79c784eaddfc089f8a6b6b3df2263ab2fec8e3ec83c1');"]}
+{"version":3,"file":"fingerprint.generated.js","sourceRoot":"","sources":["../../../lib/modules/manager/fingerprint.generated.ts"],"names":[],"mappings":";;;AAAa,QAAA,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEjD,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,iBAAiB,EAAC,kEAAkE,CAAC,CAAC;AAClG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,cAAc,EAAC,kEAAkE,CAAC,CAAC;AAC/F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,qBAAqB,EAAC,kEAAkE,CAAC,CAAC;AACtG,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,aAAa,EAAC,kEAAkE,CAAC,CAAC;AAC9F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,cAAc,EAAC,kEAAkE,CAAC,CAAC;AAC/F,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,kBAAkB,EAAC,kEAAkE,CAAC,CAAC;AACnG,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,gBAAgB,EAAC,kEAAkE,CAAC,CAAC;AACjG,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,mBAAmB,EAAC,kEAAkE,CAAC,CAAC;AACpG,eAAO,CAAC,GAAG,CAAC,aAAa,EAAC,kEAAkE,CAAC,CAAC;AAC9F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,iBAAiB,EAAC,kEAAkE,CAAC,CAAC;AAClG,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,aAAa,EAAC,kEAAkE,CAAC,CAAC;AAC9F,eAAO,CAAC,GAAG,CAAC,kBAAkB,EAAC,kEAAkE,CAAC,CAAC;AACnG,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,MAAM,EAAC,kEAAkE,CAAC,CAAC;AACvF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,yBAAyB,EAAC,kEAAkE,CAAC,CAAC;AAC1G,eAAO,CAAC,GAAG,CAAC,cAAc,EAAC,kEAAkE,CAAC,CAAC;AAC/F,eAAO,CAAC,GAAG,CAAC,iBAAiB,EAAC,kEAAkE,CAAC,CAAC;AAClG,eAAO,CAAC,GAAG,CAAC,KAAK,EAAC,kEAAkE,CAAC,CAAC;AACtF,eAAO,CAAC,GAAG,CAAC,UAAU,EAAC,kEAAkE,CAAC,CAAC;AAC3F,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,WAAW,EAAC,kEAAkE,CAAC,CAAC;AAC5F,eAAO,CAAC,GAAG,CAAC,mBAAmB,EAAC,kEAAkE,CAAC,CAAC;AACpG,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,oBAAoB,EAAC,kEAAkE,CAAC,CAAC;AACrG,eAAO,CAAC,GAAG,CAAC,eAAe,EAAC,kEAAkE,CAAC,CAAC;AAChG,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC;AACxF,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,QAAQ,EAAC,kEAAkE,CAAC,CAAC;AACzF,eAAO,CAAC,GAAG,CAAC,YAAY,EAAC,kEAAkE,CAAC,CAAC;AAC7F,eAAO,CAAC,GAAG,CAAC,SAAS,EAAC,kEAAkE,CAAC,CAAC;AAC1F,eAAO,CAAC,GAAG,CAAC,OAAO,EAAC,kEAAkE,CAAC,CAAC","sourcesContent":["export const hashMap = new Map<string, string>();\n\nhashMap.set('ansible','4c234d79f768392545924fa9b139f8d177f15b6aa46776cf063860a1d36e48c7');\nhashMap.set('ansible-galaxy','a211e40f5c8613986ac16bc8d5389ea23d145cd643091d1b951a7f65926e99ff');\nhashMap.set('argocd','8619ed756b6f7249ea836e14e8f8660ee5f971992e3862d43f19d42f10762560');\nhashMap.set('asdf','e7f29eb8157e6ca5928890a0cc2fc88d57ddcf7b426dad1c4f15386858d3cd6a');\nhashMap.set('azure-pipelines','0b741b2629f6d94589524ce9b3886765e5c5648c9b6d707bb0b5fede276f9c09');\nhashMap.set('batect','523e8d7a309b4814a02819371313b2dac3764eab64cabfaf1d58b6e89de4ce43');\nhashMap.set('batect-wrapper','90941650f810adb3d7abe476da7221ff3434aa9d09ffc3d310e35108f360f364');\nhashMap.set('bazel','19e8ee20f9882e3023b2126d4b8335693cae9fb2b908f59803bbdfd432055d28');\nhashMap.set('bazel-module','4e3d00184b146e5c0ad69433697076f722afe933701ab08676af13e47d289eac');\nhashMap.set('bazelisk','6fbef61d534724ff259ea6e4fc1cd0a3d5a46d740c375128fa59b225daddd39f');\nhashMap.set('bicep','fbbd74998411012cfba829526701109d1fc184ade0cb11a28e4ca2956174b0f1');\nhashMap.set('bitbucket-pipelines','98c0d715a7eb4e41b8231091b83385f325966373f37dc7d6bc10b1febb6f605e');\nhashMap.set('bitrise','d18d2dcd356e19c4cd94912511a88636198c23b64e54f31da273be11044970cf');\nhashMap.set('buildkite','ac713ce38da057ff3ceb08d092291356dfc74f5b33b75f010bb9db1a211439c0');\nhashMap.set('buildpacks','cc8bbe937416a012df36a5c7ab01ae3cdedbed03615549bbe9f0f27fa40a150b');\nhashMap.set('bun','512695cbae4bf6bd17bad3c176b6e715d2cf0d7cbe5bef49da7f44f350161f6b');\nhashMap.set('bun-version','49194d7fcb6b7bdd7e7a1264f71532bb2be8142d48478bf74716f7a9d4b306b9');\nhashMap.set('bundler','7df6f082c34b90b660b70197906fdc3ad299e6650999bb3f8a0fddb7edeb398e');\nhashMap.set('cake','a04160b352550cb470acb62f9a532361842c12f2ffbcd473bffca3de024522d9');\nhashMap.set('cargo','5612a7b7bb5ccd007fed48ff7f345092ffe987d9f1086505d8ac03a436420251');\nhashMap.set('cdnurl','70281459e771df007787fc25dba16e4d5109865f97209dcf4f572ddd287d538a');\nhashMap.set('circleci','c7c7a1b71385f0ea7cf1e9fc24c37a1d5dabf13d6952e1e3b2179861b55f4e44');\nhashMap.set('cloudbuild','e4f926bfb907220e97dce98335837c52b4e0fe66d813593a7e572736acfc53f7');\nhashMap.set('cocoapods','1ff72f39f8c04e4a0253eb598906adebcaa5bc37b68f40e23317482f29936948');\nhashMap.set('composer','35f91e3dcc754668a42b18f5c2c9bd5a337d83eef1b80845fed8fd453074d020');\nhashMap.set('conan','4df92ebfa53ec6b7103030316ff70822d18f73cca8c71f2dca1d71c0d00b9353');\nhashMap.set('copier','34a3f985c82673bb7a2828ef644e271e5031da873e8cd44bf992a1826b3e40db');\nhashMap.set('cpanfile','9b354db9666eee2485b27e44a6e61eaadc86ec2f2c6af9bb7bbc9fab54f31642');\nhashMap.set('crossplane','76261ff27b38f9850ee1a3a7e95168abefd96b4736f2cf04a7343e16827b42d8');\nhashMap.set('crow','ffce0c24358c3097e3935bffc38ef3eff143dbbc589c1b75a6d3635a62fdeea4');\nhashMap.set('deps-edn','306376e0f00f47ea416dba972e6347f44c78228e298e4ed766635018e26f698a');\nhashMap.set('devbox','c00b62bd0fab0bb85874cbe2019dfa428f79dfc697d70a7445b80d641a3b7c0e');\nhashMap.set('devcontainer','e9982b5ff8aeac8fefb40dc363d3ab35f58af8c08b91eb45d22937a8c60447bb');\nhashMap.set('docker-compose','0c867e3aa14ae7dfc673eef348b2086ae2e36cbebfd1827e031a8030f9295276');\nhashMap.set('dockerfile','afbfa832a5d63c972c02445de3cd14fc9cf2e6bab797b0b7c930b16f5f267462');\nhashMap.set('droneci','f2a98fcece07b462baaceb28cd6904e080cb1ab0727fcd7403bea5ffd2e05239');\nhashMap.set('fleet','642e8e7ab739fba65bce7222b6f3e80fe44806c4190c8e93c5bcab23d44e9fd4');\nhashMap.set('flux','3b87b351f98c11ca0e6cb275deb708dc9bf601a7e578f7a3a7e83fe6e15eb540');\nhashMap.set('fvm','aa154dd5ffe3caced30713a9a55967360b7a0f35edd2fc06bd6f3e73c5c87570');\nhashMap.set('git-submodules','b5d78ab86025516b8cc52ede93b390c45a1a46e7ca338e1d2b7f1d57481ebf43');\nhashMap.set('github-actions','c27d8bb80e1e7f864a1c2e2964e40f171d72d0c4f83673de8d8cfe750b7c5c82');\nhashMap.set('gitlabci','1f2e3e3a3013488e68d2aa0e39d80ee3bfbc9a01d817874f4c8195f8aff1fac9');\nhashMap.set('gitlabci-include','5bc01de9b40ecc8888a37690152f4a2f9cacc509b9cb5902aac024ca7a7c8e65');\nhashMap.set('glasskube','fd415356a866ad174a5b70522d662e4289a2c5d5e34c55d57542b0d8968f1645');\nhashMap.set('gleam','a4621cc86a42890a41c31e957726e02514257f4e91896d92f238ac07ab81cebb');\nhashMap.set('gomod','7c9240c54e09aa30b83d5b02e08e0b93054f9685ce02103a342f7b8aacd5406b');\nhashMap.set('gradle','729af0df3f220bdf461a0e272685dbf1f14275409f8ebb4b12a5c3d6ab2d12d3');\nhashMap.set('gradle-wrapper','d691572ff7a998162d20527dcc70b3fbf569442da0aa8156fdbce04376c537b1');\nhashMap.set('haskell-cabal','a2bf118238529952d0f2f352112dfbc86fb5533ef819625161a130f39c8ca713');\nhashMap.set('helm-requirements','8f643d415ab0cfbef05bce4dce9812eef47bddb7b8b67a191e6a4230489e652f');\nhashMap.set('helm-values','fbd4a0b4bdda8a71dc38ac8916287f73e2b7de5ef122096a5b5d525c1a3306cd');\nhashMap.set('helmfile','d5a965244170f3dede0c74cbfc8447547c740e5ccc41423cb8fd6ed6b154a552');\nhashMap.set('helmsman','734fa89740fd5140ca3e39204872aba3451c05cd17f0b5e2b635934ed7b1710b');\nhashMap.set('helmv3','2c053d7d4b265420350b1cdd8d9ca3d2ad8dd2598c3ff647af8651d777ff92ab');\nhashMap.set('hermit','4fff70ffcae503c3009227601a7a429a55b0d3f8748d49f4fbd69845fea38dc1');\nhashMap.set('homebrew','47393bd17f23eab1d465925b8f13bbda75226e5e5f7c55ffa52a11cbed03d742');\nhashMap.set('html','226a9084e10ebf754906386159db08667394f5432105249bdb30d9c60af9fb56');\nhashMap.set('jenkins','309db014e3590e1cd6d53ede2755395c82e5cd4b880425daf52a6ab60e0d6a42');\nhashMap.set('jsonnet-bundler','73ef9cdc2bb4b44e31699872ebadf1e3d51ef4ab42ae41152e459f296ab6e260');\nhashMap.set('kotlin-script','7d3376b11fc1dfcc87bd6a130b8c7d5158915fdf8ea8f64e83fdb1f7dd62e22c');\nhashMap.set('kubernetes','62cfa6c77593b48290f3c26a2f390c4bdfe8ab3cfb79e358b10d8aece689a999');\nhashMap.set('kustomize','347ab9066fbe7bb8365443280052c5240142488d205a182d4f8fb3bf096d954b');\nhashMap.set('leiningen','0598d2f53cfc92076d47186245a7b591d2b0df157609a7f55a37b54ab2d32a77');\nhashMap.set('maven','5592ee2784417aa586aca86efa13e142c4fdf544bd0deea691c596788a9c48c7');\nhashMap.set('maven-wrapper','63b7a448d3a3eebc8794b4dedce93a234f44f4b4fa5cb4a721078c12b4fee72c');\nhashMap.set('meteor','a9785d85b3520ed9e763c800730f36b95747795699758ecbe1395133c5b0040e');\nhashMap.set('mint','7072e37f18bb57500018406eb8711b2615b1916f073867f30653cdd4a99dab81');\nhashMap.set('mise','d84dcf05c3a23985e20aeca65a51552c808c954196fb4eae1de319c11f539ad9');\nhashMap.set('mix','27421372b5f8df486b0096be2d6f4403dbd64bd71c2f5ca6f6dd7ad0b30b3a3a');\nhashMap.set('nix','169443a1fe51757a040ac60f2aeae57fbd2dd8ec0f82cedb7aa880e327995c95');\nhashMap.set('nodenv','d159174d53e39af2013443cf86df88e14aac79a5a8d602180af229dcb2ddeda9');\nhashMap.set('npm','4dacb294fefc913f68e57b95c11699f760d3ae6d2ead8bcb55b908455c0b1152');\nhashMap.set('nuget','f366c8d11da898ab9012bbec7511354890032f8afd87db944561cffe479c367c');\nhashMap.set('nvm','2d7a15f668d33a31302af960c3bc137b86d0284b1ea16c528d334e46a468b0d4');\nhashMap.set('ocb','bff1864d0937341790cfe08833c39642f785844762669f5753ff057bada923ab');\nhashMap.set('osgi','dae012cd486843eb53da4b032105e54d18f4e7537bd59c5321313950dd108a95');\nhashMap.set('pep621','3f7c61b16393a59cc2e1819998a5e5128af2c55cda37145703a085360b1dde22');\nhashMap.set('pep723','bf07d466ea1bc9513c8d2cb475fcca3bc9b61f2184bd9af0a7a28d45b6f57ecd');\nhashMap.set('pip-compile','c433dd0445137e632dbf3144f337b925a9dd7f27f29ba0945a696adfb74e4066');\nhashMap.set('pip_requirements','16598617b0bd1beef3031d2529c634be601ecf572678f205589bf4d1ce7132f6');\nhashMap.set('pip_setup','31b330d9666d61474326a761a3ce1479f9a189ef6838ecfee78843ff4c80af73');\nhashMap.set('pipenv','e689b0c7680c26169b45ca17c90ced26281aea4c9b7ce01aff42c6169c567a92');\nhashMap.set('pixi','ad1d3689a4f4815be8b579ec7455d4c20f1a7602accd45f451ee554f4bd9d1fd');\nhashMap.set('poetry','8e346ddbee9d8b2e19447cebb0d691eb03b05a852c50d7e9b2d9789857330e1a');\nhashMap.set('pre-commit','64efc3146f0981751a584a29bdcfe6701cc17849c7bc2bc87b238315d843524a');\nhashMap.set('pub','a2e38469167f49a34503e25816c7b9dd113b65bd10a3ad3fa325ac4ce571a453');\nhashMap.set('puppet','34f7e3916780e8ed352b65864bad91bf66547e29f91ee8fca7fd6e8fcd2621fd');\nhashMap.set('pyenv','4e520570d9a1407864aa7c5461d4008372d889254067e405cee2212d0ef8990b');\nhashMap.set('quadlet','972bb8017f8c7811a74b91b56cfcd9d6f1aef1c026c9a8b956cecc63d95b0bb2');\nhashMap.set('renovate-config-presets','27f100d67e2a1ad20cfd4aa3f1db1f1c34f62910929695f381160b3835a7fa65');\nhashMap.set('ruby-version','4aac2178a20ccdf8136363030e5156017f3d44368b4192b3280997df596dcacc');\nhashMap.set('runtime-version','dbf80ce2a5f07dd34bc9a008159b4f08052cc6fd0d92cbd2aeb0026c8008fa72');\nhashMap.set('sbt','dc1ec4aeeb5e012c7a595478873ad67e2dee6e2af951b12b9e9057cb64f2258d');\nhashMap.set('scalafmt','8a54fef703269ed31ce28887e62b0b838a13359e86fa77c7f4dceb89fda0f352');\nhashMap.set('setup-cfg','9a778d8a58f643fff1d23d750dfebed21e45bce99bfdcdc3de39795a407d983f');\nhashMap.set('sveltos','a69f9e206526af08685e20a72344b22d856f2effd882e67333a153a989a0a047');\nhashMap.set('swift','966398303fb2b86c14cede8e4a7bfc7810d3100c39a60ac9e01e56b181df3970');\nhashMap.set('tekton','eb8fb6a25ca7fd0d304f67d5ab2e93ddd8b34854553130003ce3340ca7b3bba1');\nhashMap.set('terraform','61b56a155559e0c1db92f8ed7726b475bf2071804053eba694fcc70fd139e007');\nhashMap.set('terraform-version','b08480f326c45daf3daeccc2d2f593a723c30a50437a66ac2290d671b427a355');\nhashMap.set('terragrunt','b32d2317bf2cf032243c417463f3760e4decf820d2e5332e6415e16dcf05e9ab');\nhashMap.set('terragrunt-version','45f221b13a193a42687f318e10cf1558079e28c970e91ce25c370f35f88f2f58');\nhashMap.set('tflint-plugin','719408f35a233216562aa62fb8126145a3450b69f917c8fcdf2f3b2c05a9898b');\nhashMap.set('travis','30174e78a6297e44db1c030ea2e111084e14b1eac220f522522c77d684a76285');\nhashMap.set('typst','d0e2b7cbf2ac47d55bd41fd4503251a4f606861dc60d812eff7532371ae2a8cb');\nhashMap.set('unity3d','9a61f8db397bc962f03a1d82045805ffa89863894e26824ecbeffcbf66b3ba3d');\nhashMap.set('velaci','9ad5d5d2584b9c189c4edcd25ad9103926bd4ba850a419a3b5e4aba9682817c3');\nhashMap.set('vendir','dec4ea0068ab77bc60c04b9c62184a50e629709da463fe7218c2cdf9da37f2e8');\nhashMap.set('woodpecker','eaaa0a3bcfd0dc60c0990f2a1d7acf19c4f86ce4641ab3cf0a31f2bf46fc61b8');\nhashMap.set('jsonata','b8a0369f94be06f2109b7d233d8165a3e03d93498c43353720eb03b1eaa43e7b');\nhashMap.set('regex','3208bf2bf488d346e58c79c784eaddfc089f8a6b6b3df2263ab2fec8e3ec83c1');"]}

package/dist/modules/manager/github-actions/extract.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.extractPackageFile = extractPackageFile;
 const tslib_1 = require("tslib");
+const is_1 = tslib_1.__importDefault(require("@sindresorhus/is"));
 const global_1 = require("../../../config/global");
 const logger_1 = require("../../../logger");
 const common_1 = require("../../../util/common");
@@ -16,12 +17,8 @@ const nodeVersioning = tslib_1.__importStar(require("../../versioning/node"));
 const npmVersioning = tslib_1.__importStar(require("../../versioning/npm"));
 const extract_1 = require("../dockerfile/extract");
 const community_1 = require("./community");
+const parse_1 = require("./parse");
 const schema_1 = require("./schema");
-const dockerActionRe = (0, regex_1.regEx)(/^\s+uses\s*: ['"]?docker:\/\/([^'"\s]+)/);
-const actionRe = (0, regex_1.regEx)(/^\s+-?\s+?uses\s*: (?<replaceString>['"]?(?<depName>(?<registryUrl>https:\/\/[.\w-]+\/)?(?<packageName>[\w-]+\/[.\w-]+))(?<path>\/.*)?@(?<currentValue>[^\s'"]+)['"]?(?:(?<commentWhiteSpaces>\s+)#\s*(((?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?|(?:ratchet:[\w-]+\/[.\w-]+)?)@?(?<tag>([\w-]*[-/])?v?\d+(?:\.\d+(?:\.\d+)?)?)|(?:ratchet:exclude)))?)/);
-// SHA1 or SHA256, see https://github.blog/2020-10-19-git-2-29-released/
-const shaRe = (0, regex_1.regEx)(/^(?:[a-f0-9]{40}|[a-f0-9]{64})$/);
-const shaShortRe = (0, regex_1.regEx)(/^[a-f0-9]{6,7}$/);
 // detects if we run against a Github Enterprise Server and adds the URL to the beginning of the registryURLs for looking up Actions
 // This reflects the behavior of how GitHub looks up Actions
 // First on the Enterprise Server, then on GitHub.com
@@ -38,6 +35,61 @@ function detectCustomGitHubRegistryUrlsForActions() {
     }
     return {};
 }
+function extractDockerAction(actionRef, config) {
+    const dep = (0, extract_1.getDep)(actionRef.originalRef, true, config.registryAliases);
+    dep.depType = 'docker';
+    dep.replaceString = actionRef.originalRef;
+    return dep;
+}
+function extractRepositoryAction(actionRef, parsed, customRegistryUrlsPackageDependency) {
+    const { replaceString: valueString, quote, commentData, commentPrecedingWhitespace, } = parsed;
+    const { owner, repo, path: subPath, ref, hostname, isExplicitHostname, } = actionRef;
+    const registryUrl = isExplicitHostname ? `https://${hostname}/` : '';
+    const packageName = `${owner}/${repo}`;
+    const depName = `${registryUrl}${packageName}`;
+    const pathSuffix = subPath ? `/${subPath}` : '';
+    const commentWs = commentPrecedingWhitespace || ' ';
+    const dep = {
+        depName,
+        commitMessageTopic: '{{{depName}}} action',
+        datasource: github_tags_1.GithubTagsDatasource.id,
+        versioning: dockerVersioning.id,
+        depType: 'action',
+        replaceString: valueString,
+        autoReplaceStringTemplate: `${quote}{{depName}}${pathSuffix}@{{#if newDigest}}{{newDigest}}${quote}{{#if newValue}}${commentWs}# {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}${quote}{{/unless}}`,
+        ...(isExplicitHostname
+            ? detectDatasource(registryUrl)
+            : customRegistryUrlsPackageDependency),
+    };
+    if (packageName !== depName) {
+        dep.packageName = packageName;
+    }
+    if (commentData.pinnedVersion &&
+        !is_1.default.undefined(commentData.index) &&
+        !is_1.default.undefined(commentData.matchedString)) {
+        const cleanComment = parsed.commentString.slice(1);
+        const matchEndIndex = commentData.index + commentData.matchedString.length;
+        const commentSuffix = cleanComment.slice(0, matchEndIndex);
+        dep.replaceString =
+            valueString + commentPrecedingWhitespace + '#' + commentSuffix;
+    }
+    else if (commentData.ratchetExclude) {
+        dep.replaceString =
+            valueString + commentPrecedingWhitespace + parsed.commentString;
+    }
+    if ((0, parse_1.isSha)(ref)) {
+        dep.currentValue = commentData.pinnedVersion;
+        dep.currentDigest = ref;
+    }
+    else if ((0, parse_1.isShortSha)(ref)) {
+        dep.currentValue = commentData.pinnedVersion;
+        dep.currentDigestShort = ref;
+    }
+    else {
+        dep.currentValue = ref;
+    }
+    return dep;
+}
 function extractWithRegex(content, config) {
     const customRegistryUrlsPackageDependency = detectCustomGitHubRegistryUrlsForActions();
     logger_1.logger.trace('github-actions.extractWithRegex()');
@@ -46,49 +98,17 @@ function extractWithRegex(content, config) {
         if (line.trim().startsWith('#')) {
             continue;
         }
-        const dockerMatch = dockerActionRe.exec(line);
-        if (dockerMatch) {
-            const [, currentFrom] = dockerMatch;
-            const dep = (0, extract_1.getDep)(currentFrom, true, config.registryAliases);
-            dep.depType = 'docker';
-            deps.push(dep);
+        const parsed = (0, parse_1.parseUsesLine)(line);
+        if (!parsed?.actionRef) {
             continue;
         }
-        const tagMatch = actionRe.exec(line);
-        if (tagMatch?.groups) {
-            const { depName, packageName, currentValue, path = '', tag, replaceString, registryUrl = '', commentWhiteSpaces = ' ', } = tagMatch.groups;
-            let quotes = '';
-            if (replaceString.includes("'")) {
-                quotes = "'";
-            }
-            if (replaceString.includes('"')) {
-                quotes = '"';
-            }
-            const dep = {
-                depName,
-                ...(packageName !== depName && { packageName }),
-                commitMessageTopic: '{{{depName}}} action',
-                datasource: github_tags_1.GithubTagsDatasource.id,
-                versioning: dockerVersioning.id,
-                depType: 'action',
-                replaceString,
-                autoReplaceStringTemplate: `${quotes}{{depName}}${path}@{{#if newDigest}}{{newDigest}}${quotes}{{#if newValue}}${commentWhiteSpaces}# {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}${quotes}{{/unless}}`,
-                ...(registryUrl
-                    ? detectDatasource(registryUrl)
-                    : customRegistryUrlsPackageDependency),
-            };
-            if (shaRe.test(currentValue)) {
-                dep.currentValue = tag;
-                dep.currentDigest = currentValue;
-            }
-            else if (shaShortRe.test(currentValue)) {
-                dep.currentValue = tag;
-                dep.currentDigestShort = currentValue;
-            }
-            else {
-                dep.currentValue = currentValue;
-            }
-            deps.push(dep);
+        const { actionRef } = parsed;
+        if (actionRef.kind === 'docker') {
+            deps.push(extractDockerAction(actionRef, config));
+            continue;
+        }
+        if (actionRef.kind === 'repository') {
+            deps.push(extractRepositoryAction(actionRef, parsed, customRegistryUrlsPackageDependency));
         }
     }
     return deps;
@@ -145,68 +165,79 @@ const versionedActions = {
     // - dotnet
     // - java
 };
-function extractSteps(steps, deps) {
+function extractVersionedAction(step) {
+    for (const [action, versioning] of Object.entries(versionedActions)) {
+        const actionName = `actions/setup-${action}`;
+        if (step.uses !== actionName && !step.uses?.startsWith(`${actionName}@`)) {
+            continue;
+        }
+        const fieldName = `${action}-version`;
+        const currentValue = step.with?.[fieldName];
+        if (!currentValue) {
+            return null;
+        }
+        return {
+            datasource: github_releases_1.GithubReleasesDatasource.id,
+            depName: action,
+            packageName: `actions/${action}-versions`,
+            versioning,
+            extractVersion: '^(?<version>\\d+\\.\\d+\\.\\d+)(-\\d+)?$',
+            currentValue,
+            depType: 'uses-with',
+        };
+    }
+    return null;
+}
+function extractSteps(steps) {
+    const deps = [];
     for (const step of steps) {
         const res = community_1.CommunityActions.safeParse(step);
         if (res.success) {
             deps.push(res.data);
             continue;
         }
-        for (const [action, versioning] of Object.entries(versionedActions)) {
-            const actionName = `actions/setup-${action}`;
-            if (step.uses === actionName || step.uses?.startsWith(`${actionName}@`)) {
-                const fieldName = `${action}-version`;
-                const currentValue = step.with?.[fieldName];
-                if (currentValue) {
-                    deps.push({
-                        datasource: github_releases_1.GithubReleasesDatasource.id,
-                        depName: action,
-                        packageName: `actions/${action}-versions`,
-                        versioning,
-                        extractVersion: '^(?<version>\\d+\\.\\d+\\.\\d+)(-\\d+)?$', // Actions release tags are like 1.24.1-13667719799
-                        currentValue,
-                        depType: 'uses-with',
-                    });
-                }
-            }
+        const versionedDep = extractVersionedAction(step);
+        if (versionedDep) {
+            deps.push(versionedDep);
         }
     }
+    return deps;
 }
 function extractWithYAMLParser(content, packageFile, config) {
     logger_1.logger.trace('github-actions.extractWithYAMLParser()');
-    const deps = [];
     const obj = (0, logger_1.withMeta)({ packageFile }, () => schema_1.Workflow.parse(content));
     if (!obj) {
-        return deps;
+        return [];
     }
-    // composite action
     if ('runs' in obj && obj.runs.steps) {
-        extractSteps(obj.runs.steps, deps);
-    }
-    else if ('jobs' in obj) {
-        for (const job of Object.values(obj.jobs)) {
-            if (job.container) {
-                const dep = (0, extract_1.getDep)(job.container, true, config.registryAliases);
-                if (dep) {
-                    dep.depType = 'container';
-                    deps.push(dep);
-                }
+        return extractSteps(obj.runs.steps);
+    }
+    if (!('jobs' in obj)) {
+        return [];
+    }
+    const deps = [];
+    for (const job of Object.values(obj.jobs)) {
+        if (job.container) {
+            const dep = (0, extract_1.getDep)(job.container, true, config.registryAliases);
+            if (dep) {
+                dep.depType = 'container';
+                deps.push(dep);
             }
-            for (const service of job.services) {
-                const dep = (0, extract_1.getDep)(service, true, config.registryAliases);
-                if (dep) {
-                    dep.depType = 'service';
-                    deps.push(dep);
-                }
+        }
+        for (const service of job.services) {
+            const dep = (0, extract_1.getDep)(service, true, config.registryAliases);
+            if (dep) {
+                dep.depType = 'service';
+                deps.push(dep);
             }
-            for (const runner of job['runs-on']) {
-                const dep = extractRunner(runner);
-                if (dep) {
-                    deps.push(dep);
-                }
+        }
+        for (const runner of job['runs-on']) {
+            const dep = extractRunner(runner);
+            if (dep) {
+                deps.push(dep);
             }
-            extractSteps(job.steps, deps);
         }
+        deps.push(...extractSteps(job.steps));
     }
     return deps;
 }

package/dist/modules/manager/github-actions/extract.js.map

@@ -1 +1 @@
-{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../../lib/modules/manager/github-actions/extract.ts"],"names":[],"mappings":";;AA6QA,gDAcC;;AA3RD,mDAAsD;AACtD,4CAAmD;AACnD,iDAAsD;AACtD,+CAA0D;AAC1D,gEAAsE;AACtE,4DAAkE;AAClE,sEAA4E;AAC5E,oEAA0E;AAC1E,8DAAoE;AACpE,kFAA4D;AAC5D,8EAAwD;AACxD,4EAAsD;AACtD,mDAA+C;AAM/C,2CAA+C;AAE/C,qCAAoC;AAEpC,MAAM,cAAc,GAAG,IAAA,aAAK,EAAC,yCAAyC,CAAC,CAAC;AACxE,MAAM,QAAQ,GAAG,IAAA,aAAK,EACpB,0VAA0V,CAC3V,CAAC;AAEF,wEAAwE;AACxE,MAAM,KAAK,GAAG,IAAA,aAAK,EAAC,iCAAiC,CAAC,CAAC;AACvD,MAAM,UAAU,GAAG,IAAA,aAAK,EAAC,iBAAiB,CAAC,CAAC;AAE5C,oIAAoI;AACpI,4DAA4D;AAC5D,qDAAqD;AACrD,SAAS,wCAAwC;IAC/C,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,YAAY,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAC5C,IAAI,QAAQ,IAAI,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEzC,IACE,cAAc,CAAC,IAAI,KAAK,YAAY;YACpC,cAAc,CAAC,IAAI,KAAK,gBAAgB,EACxC,CAAC;YACD,YAAY,CAAC,OAAO,CAClB,GAAG,cAAc,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,EAAE,CACrD,CAAC;YACF,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,gBAAgB,CACvB,OAAe,EACf,MAAqB;IAErB,MAAM,mCAAmC,GACvC,wCAAwC,EAAE,CAAC;IAC7C,eAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAClD,MAAM,IAAI,GAAwB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,oBAAY,CAAC,EAAE,CAAC;QAC/C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,EAAE,WAAW,CAAC,GAAG,WAAW,CAAC;YACpC,MAAM,GAAG,GAAG,IAAA,gBAAM,EAAC,WAAW,EAAE,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;YAC9D,GAAG,CAAC,OAAO,GAAG,QAAQ,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACf,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,QAAQ,EAAE,MAAM,EAAE,CAAC;YACrB,MAAM,EACJ,OAAO,EACP,WAAW,EACX,YAAY,EACZ,IAAI,GAAG,EAAE,EACT,GAAG,EACH,aAAa,EACb,WAAW,GAAG,EAAE,EAChB,kBAAkB,GAAG,GAAG,GACzB,GAAG,QAAQ,CAAC,MAAM,CAAC;YACpB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChC,MAAM,GAAG,GAAG,CAAC;YACf,CAAC;YACD,IAAI,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChC,MAAM,GAAG,GAAG,CAAC;YACf,CAAC;YACD,MAAM,GAAG,GAAsB;gBAC7B,OAAO;gBACP,GAAG,CAAC,WAAW,KAAK,OAAO,IAAI,EAAE,WAAW,EAAE,CAAC;gBAC/C,kBAAkB,EAAE,sBAAsB;gBAC1C,UAAU,EAAE,kCAAoB,CAAC,EAAE;gBACnC,UAAU,EAAE,gBAAgB,CAAC,EAAE;gBAC/B,OAAO,EAAE,QAAQ;gBACjB,aAAa;gBACb,yBAAyB,EAAE,GAAG,MAAM,cAAc,IAAI,kCAAkC,MAAM,mBAAmB,kBAAkB,gEAAgE,MAAM,aAAa;gBACtN,GAAG,CAAC,WAAW;oBACb,CAAC,CAAC,gBAAgB,CAAC,WAAW,CAAC;oBAC/B,CAAC,CAAC,mCAAmC,CAAC;aACzC,CAAC;YACF,IAAI,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC;gBACvB,GAAG,CAAC,aAAa,GAAG,YAAY,CAAC;YACnC,CAAC;iBAAM,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC;gBACvB,GAAG,CAAC,kBAAkB,GAAG,YAAY,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,YAAY,GAAG,YAAY,CAAC;YAClC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,WAAmB;IAC3C,MAAM,QAAQ,GAAG,IAAA,uBAAc,EAAC,WAAW,CAAC,CAAC;IAE7C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO;gBACL,YAAY,EAAE,CAAC,WAAW,CAAC;gBAC3B,UAAU,EAAE,oCAAqB,CAAC,EAAE;aACrC,CAAC;QACJ,KAAK,OAAO;YACV,OAAO;gBACL,YAAY,EAAE,CAAC,WAAW,CAAC;gBAC3B,UAAU,EAAE,gCAAmB,CAAC,EAAE;aACnC,CAAC;QACJ,KAAK,QAAQ;YACX,OAAO,EAAE,YAAY,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC;IAC3C,CAAC;IAED,OAAO;QACL,UAAU,EAAE,iBAAiB;KAC9B,CAAC;AACJ,CAAC;AAED,MAAM,kBAAkB,GAAG,IAAA,aAAK,EAC9B,mDAAmD,CACpD,CAAC;AAEF,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACpE,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,mBAAmB,CAAC;IAEtD,IAAI,CAAC,wCAAuB,CAAC,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO;QACP,YAAY;QACZ,aAAa,EAAE,GAAG,OAAO,IAAI,YAAY,EAAE;QAC3C,OAAO,EAAE,eAAe;QACxB,UAAU,EAAE,wCAAuB,CAAC,EAAE;QACtC,yBAAyB,EAAE,0BAA0B;KACtD,CAAC;IAEF,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QAChD,UAAU,CAAC,UAAU,GAAG,iBAAiB,CAAC;IAC5C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,0CAA0C;AAC1C,MAAM,gBAAgB,GAA2B;IAC/C,EAAE,EAAE,aAAa,CAAC,EAAE;IACpB,IAAI,EAAE,cAAc,CAAC,EAAE;IACvB,MAAM,EAAE,aAAa,CAAC,EAAE;IAExB,uEAAuE;IACvE,WAAW;IACX,SAAS;CACV,CAAC;AAEF,SAAS,YAAY,CACnB,KAAc,EACd,IAA8C;IAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,4BAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACpB,SAAS;QACX,CAAC;QAED,KAAK,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpE,MAAM,UAAU,GAAG,iBAAiB,MAAM,EAAE,CAAC;YAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,UAAU,GAAG,CAAC,EAAE,CAAC;gBACxE,MAAM,SAAS,GAAG,GAAG,MAAM,UAAU,CAAC;gBACtC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC;gBAC5C,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,CAAC,IAAI,CAAC;wBACR,UAAU,EAAE,0CAAwB,CAAC,EAAE;wBACvC,OAAO,EAAE,MAAM;wBACf,WAAW,EAAE,WAAW,MAAM,WAAW;wBACzC,UAAU;wBACV,cAAc,EAAE,0CAA0C,EAAE,mDAAmD;wBAC/G,YAAY;wBACZ,OAAO,EAAE,WAAW;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAe,EACf,WAAmB,EACnB,MAAqB;IAErB,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IACvD,MAAM,IAAI,GAAwB,EAAE,CAAC;IAErC,MAAM,GAAG,GAAG,IAAA,iBAAQ,EAAC,EAAE,WAAW,EAAE,EAAE,GAAG,EAAE,CAAC,iBAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACpC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;SAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;QACzB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;gBAClB,MAAM,GAAG,GAAG,IAAA,gBAAM,EAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;gBAChE,IAAI,GAAG,EAAE,CAAC;oBACR,GAAG,CAAC,OAAO,GAAG,WAAW,CAAC;oBAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACnC,MAAM,GAAG,GAAG,IAAA,gBAAM,EAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;gBAC1D,IAAI,GAAG,EAAE,CAAC;oBACR,GAAG,CAAC,OAAO,GAAG,SAAS,CAAC;oBACxB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpC,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;gBAClC,IAAI,GAAG,EAAE,CAAC;oBACR,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,kBAAkB,CAChC,OAAe,EACf,WAAmB,EACnB,SAAwB,EAAE;IAE1B,eAAM,CAAC,KAAK,CAAC,qCAAqC,WAAW,GAAG,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG;QACX,GAAG,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC;QACpC,GAAG,qBAAqB,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC;KACvD,CAAC;IACF,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC","sourcesContent":["import { GlobalConfig } from '../../../config/global';\nimport { logger, withMeta } from '../../../logger';\nimport { detectPlatform } from '../../../util/common';\nimport { newlineRegex, regEx } from '../../../util/regex';\nimport { ForgejoTagsDatasource } from '../../datasource/forgejo-tags';\nimport { GiteaTagsDatasource } from '../../datasource/gitea-tags';\nimport { GithubReleasesDatasource } from '../../datasource/github-releases';\nimport { GithubRunnersDatasource } from '../../datasource/github-runners';\nimport { GithubTagsDatasource } from '../../datasource/github-tags';\nimport * as dockerVersioning from '../../versioning/docker';\nimport * as nodeVersioning from '../../versioning/node';\nimport * as npmVersioning from '../../versioning/npm';\nimport { getDep } from '../dockerfile/extract';\nimport type {\n  ExtractConfig,\n  PackageDependency,\n  PackageFileContent,\n} from '../types';\nimport { CommunityActions } from './community';\nimport type { Steps } from './schema';\nimport { Workflow } from './schema';\n\nconst dockerActionRe = regEx(/^\\s+uses\\s*: ['\"]?docker:\\/\\/([^'\"\\s]+)/);\nconst actionRe = regEx(\n  /^\\s+-?\\s+?uses\\s*: (?<replaceString>['\"]?(?<depName>(?<registryUrl>https:\\/\\/[.\\w-]+\\/)?(?<packageName>[\\w-]+\\/[.\\w-]+))(?<path>\\/.*)?@(?<currentValue>[^\\s'\"]+)['\"]?(?:(?<commentWhiteSpaces>\\s+)#\\s*(((?:renovate\\s*:\\s*)?(?:pin\\s+|tag\\s*=\\s*)?|(?:ratchet:[\\w-]+\\/[.\\w-]+)?)@?(?<tag>([\\w-]*[-/])?v?\\d+(?:\\.\\d+(?:\\.\\d+)?)?)|(?:ratchet:exclude)))?)/,\n);\n\n// SHA1 or SHA256, see https://github.blog/2020-10-19-git-2-29-released/\nconst shaRe = regEx(/^(?:[a-f0-9]{40}|[a-f0-9]{64})$/);\nconst shaShortRe = regEx(/^[a-f0-9]{6,7}$/);\n\n// detects if we run against a Github Enterprise Server and adds the URL to the beginning of the registryURLs for looking up Actions\n// This reflects the behavior of how GitHub looks up Actions\n// First on the Enterprise Server, then on GitHub.com\nfunction detectCustomGitHubRegistryUrlsForActions(): PackageDependency {\n  const endpoint = GlobalConfig.get('endpoint');\n  const registryUrls = ['https://github.com'];\n  if (endpoint && GlobalConfig.get('platform') === 'github') {\n    const parsedEndpoint = new URL(endpoint);\n\n    if (\n      parsedEndpoint.host !== 'github.com' &&\n      parsedEndpoint.host !== 'api.github.com'\n    ) {\n      registryUrls.unshift(\n        `${parsedEndpoint.protocol}//${parsedEndpoint.host}`,\n      );\n      return { registryUrls };\n    }\n  }\n  return {};\n}\n\nfunction extractWithRegex(\n  content: string,\n  config: ExtractConfig,\n): PackageDependency[] {\n  const customRegistryUrlsPackageDependency =\n    detectCustomGitHubRegistryUrlsForActions();\n  logger.trace('github-actions.extractWithRegex()');\n  const deps: PackageDependency[] = [];\n  for (const line of content.split(newlineRegex)) {\n    if (line.trim().startsWith('#')) {\n      continue;\n    }\n\n    const dockerMatch = dockerActionRe.exec(line);\n    if (dockerMatch) {\n      const [, currentFrom] = dockerMatch;\n      const dep = getDep(currentFrom, true, config.registryAliases);\n      dep.depType = 'docker';\n      deps.push(dep);\n      continue;\n    }\n\n    const tagMatch = actionRe.exec(line);\n    if (tagMatch?.groups) {\n      const {\n        depName,\n        packageName,\n        currentValue,\n        path = '',\n        tag,\n        replaceString,\n        registryUrl = '',\n        commentWhiteSpaces = ' ',\n      } = tagMatch.groups;\n      let quotes = '';\n      if (replaceString.includes(\"'\")) {\n        quotes = \"'\";\n      }\n      if (replaceString.includes('\"')) {\n        quotes = '\"';\n      }\n      const dep: PackageDependency = {\n        depName,\n        ...(packageName !== depName && { packageName }),\n        commitMessageTopic: '{{{depName}}} action',\n        datasource: GithubTagsDatasource.id,\n        versioning: dockerVersioning.id,\n        depType: 'action',\n        replaceString,\n        autoReplaceStringTemplate: `${quotes}{{depName}}${path}@{{#if newDigest}}{{newDigest}}${quotes}{{#if newValue}}${commentWhiteSpaces}# {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}${quotes}{{/unless}}`,\n        ...(registryUrl\n          ? detectDatasource(registryUrl)\n          : customRegistryUrlsPackageDependency),\n      };\n      if (shaRe.test(currentValue)) {\n        dep.currentValue = tag;\n        dep.currentDigest = currentValue;\n      } else if (shaShortRe.test(currentValue)) {\n        dep.currentValue = tag;\n        dep.currentDigestShort = currentValue;\n      } else {\n        dep.currentValue = currentValue;\n      }\n      deps.push(dep);\n    }\n  }\n  return deps;\n}\n\nfunction detectDatasource(registryUrl: string): PackageDependency {\n  const platform = detectPlatform(registryUrl);\n\n  switch (platform) {\n    case 'forgejo':\n      return {\n        registryUrls: [registryUrl],\n        datasource: ForgejoTagsDatasource.id,\n      };\n    case 'gitea':\n      return {\n        registryUrls: [registryUrl],\n        datasource: GiteaTagsDatasource.id,\n      };\n    case 'github':\n      return { registryUrls: [registryUrl] };\n  }\n\n  return {\n    skipReason: 'unsupported-url',\n  };\n}\n\nconst runnerVersionRegex = regEx(\n  /^\\s*(?<depName>[a-zA-Z]+)-(?<currentValue>[^\\s]+)/,\n);\n\nfunction extractRunner(runner: string): PackageDependency | null {\n  const runnerVersionGroups = runnerVersionRegex.exec(runner)?.groups;\n  if (!runnerVersionGroups) {\n    return null;\n  }\n\n  const { depName, currentValue } = runnerVersionGroups;\n\n  if (!GithubRunnersDatasource.isValidRunner(depName, currentValue)) {\n    return null;\n  }\n\n  const dependency: PackageDependency = {\n    depName,\n    currentValue,\n    replaceString: `${depName}-${currentValue}`,\n    depType: 'github-runner',\n    datasource: GithubRunnersDatasource.id,\n    autoReplaceStringTemplate: '{{depName}}-{{newValue}}',\n  };\n\n  if (!dockerVersioning.api.isValid(currentValue)) {\n    dependency.skipReason = 'invalid-version';\n  }\n\n  return dependency;\n}\n\n// For official https://github.com/actions\nconst versionedActions: Record<string, string> = {\n  go: npmVersioning.id,\n  node: nodeVersioning.id,\n  python: npmVersioning.id,\n\n  // Not covered yet because they use different datasources/packageNames:\n  // - dotnet\n  // - java\n};\n\nfunction extractSteps(\n  steps: Steps[],\n  deps: PackageDependency<Record<string, any>>[],\n): void {\n  for (const step of steps) {\n    const res = CommunityActions.safeParse(step);\n    if (res.success) {\n      deps.push(res.data);\n      continue;\n    }\n\n    for (const [action, versioning] of Object.entries(versionedActions)) {\n      const actionName = `actions/setup-${action}`;\n      if (step.uses === actionName || step.uses?.startsWith(`${actionName}@`)) {\n        const fieldName = `${action}-version`;\n        const currentValue = step.with?.[fieldName];\n        if (currentValue) {\n          deps.push({\n            datasource: GithubReleasesDatasource.id,\n            depName: action,\n            packageName: `actions/${action}-versions`,\n            versioning,\n            extractVersion: '^(?<version>\\\\d+\\\\.\\\\d+\\\\.\\\\d+)(-\\\\d+)?$', // Actions release tags are like 1.24.1-13667719799\n            currentValue,\n            depType: 'uses-with',\n          });\n        }\n      }\n    }\n  }\n}\n\nfunction extractWithYAMLParser(\n  content: string,\n  packageFile: string,\n  config: ExtractConfig,\n): PackageDependency[] {\n  logger.trace('github-actions.extractWithYAMLParser()');\n  const deps: PackageDependency[] = [];\n\n  const obj = withMeta({ packageFile }, () => Workflow.parse(content));\n\n  if (!obj) {\n    return deps;\n  }\n\n  // composite action\n  if ('runs' in obj && obj.runs.steps) {\n    extractSteps(obj.runs.steps, deps);\n  } else if ('jobs' in obj) {\n    for (const job of Object.values(obj.jobs)) {\n      if (job.container) {\n        const dep = getDep(job.container, true, config.registryAliases);\n        if (dep) {\n          dep.depType = 'container';\n          deps.push(dep);\n        }\n      }\n\n      for (const service of job.services) {\n        const dep = getDep(service, true, config.registryAliases);\n        if (dep) {\n          dep.depType = 'service';\n          deps.push(dep);\n        }\n      }\n\n      for (const runner of job['runs-on']) {\n        const dep = extractRunner(runner);\n        if (dep) {\n          deps.push(dep);\n        }\n      }\n\n      extractSteps(job.steps, deps);\n    }\n  }\n\n  return deps;\n}\n\nexport function extractPackageFile(\n  content: string,\n  packageFile: string,\n  config: ExtractConfig = {}, // TODO: enforce ExtractConfig\n): PackageFileContent | null {\n  logger.trace(`github-actions.extractPackageFile(${packageFile})`);\n  const deps = [\n    ...extractWithRegex(content, config),\n    ...extractWithYAMLParser(content, packageFile, config),\n  ];\n  if (!deps.length) {\n    return null;\n  }\n  return { deps };\n}\n"]}
+{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../../lib/modules/manager/github-actions/extract.ts"],"names":[],"mappings":";;AA2UA,gDAiBC;;AA5VD,kEAAkC;AAClC,mDAAsD;AACtD,4CAAmD;AACnD,iDAAsD;AACtD,+CAA0D;AAC1D,gEAAsE;AACtE,4DAAkE;AAClE,sEAA4E;AAC5E,oEAA0E;AAC1E,8DAAoE;AACpE,kFAA4D;AAC5D,8EAAwD;AACxD,4EAAsD;AACtD,mDAA+C;AAM/C,2CAA+C;AAE/C,mCAA2D;AAE3D,qCAAoC;AAEpC,oIAAoI;AACpI,4DAA4D;AAC5D,qDAAqD;AACrD,SAAS,wCAAwC;IAC/C,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,YAAY,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAC5C,IAAI,QAAQ,IAAI,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEzC,IACE,cAAc,CAAC,IAAI,KAAK,YAAY;YACpC,cAAc,CAAC,IAAI,KAAK,gBAAgB,EACxC,CAAC;YACD,YAAY,CAAC,OAAO,CAClB,GAAG,cAAc,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,EAAE,CACrD,CAAC;YACF,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,mBAAmB,CAC1B,SAA0B,EAC1B,MAAqB;IAErB,MAAM,GAAG,GAAG,IAAA,gBAAM,EAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACxE,GAAG,CAAC,OAAO,GAAG,QAAQ,CAAC;IACvB,GAAG,CAAC,aAAa,GAAG,SAAS,CAAC,WAAW,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,uBAAuB,CAC9B,SAA8B,EAC9B,MAAiD,EACjD,mCAAsD;IAEtD,MAAM,EACJ,aAAa,EAAE,WAAW,EAC1B,KAAK,EACL,WAAW,EACX,0BAA0B,GAC3B,GAAG,MAAM,CAAC;IACX,MAAM,EACJ,KAAK,EACL,IAAI,EACJ,IAAI,EAAE,OAAO,EACb,GAAG,EACH,QAAQ,EACR,kBAAkB,GACnB,GAAG,SAAS,CAAC;IAEd,MAAM,WAAW,GAAG,kBAAkB,CAAC,CAAC,CAAC,WAAW,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,MAAM,WAAW,GAAG,GAAG,KAAK,IAAI,IAAI,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,GAAG,WAAW,GAAG,WAAW,EAAE,CAAC;IAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAChD,MAAM,SAAS,GAAG,0BAA0B,IAAI,GAAG,CAAC;IAEpD,MAAM,GAAG,GAAsB;QAC7B,OAAO;QACP,kBAAkB,EAAE,sBAAsB;QAC1C,UAAU,EAAE,kCAAoB,CAAC,EAAE;QACnC,UAAU,EAAE,gBAAgB,CAAC,EAAE;QAC/B,OAAO,EAAE,QAAQ;QACjB,aAAa,EAAE,WAAW;QAC1B,yBAAyB,EAAE,GAAG,KAAK,cAAc,UAAU,kCAAkC,KAAK,mBAAmB,SAAS,gEAAgE,KAAK,aAAa;QAChN,GAAG,CAAC,kBAAkB;YACpB,CAAC,CAAC,gBAAgB,CAAC,WAAW,CAAC;YAC/B,CAAC,CAAC,mCAAmC,CAAC;KACzC,CAAC;IAEF,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;QAC5B,GAAG,CAAC,WAAW,GAAG,WAAW,CAAC;IAChC,CAAC;IAED,IACE,WAAW,CAAC,aAAa;QACzB,CAAC,YAAE,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC;QAChC,CAAC,YAAE,CAAC,SAAS,CAAC,WAAW,CAAC,aAAa,CAAC,EACxC,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnD,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,GAAG,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC;QAC3E,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QAC3D,GAAG,CAAC,aAAa;YACf,WAAW,GAAG,0BAA0B,GAAG,GAAG,GAAG,aAAa,CAAC;IACnE,CAAC;SAAM,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;QACtC,GAAG,CAAC,aAAa;YACf,WAAW,GAAG,0BAA0B,GAAG,MAAM,CAAC,aAAa,CAAC;IACpE,CAAC;IAED,IAAI,IAAA,aAAK,EAAC,GAAG,CAAC,EAAE,CAAC;QACf,GAAG,CAAC,YAAY,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7C,GAAG,CAAC,aAAa,GAAG,GAAG,CAAC;IAC1B,CAAC;SAAM,IAAI,IAAA,kBAAU,EAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,GAAG,CAAC,YAAY,GAAG,WAAW,CAAC,aAAa,CAAC;QAC7C,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC;IAC/B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC;IACzB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,gBAAgB,CACvB,OAAe,EACf,MAAqB;IAErB,MAAM,mCAAmC,GACvC,wCAAwC,EAAE,CAAC;IAC7C,eAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAClD,MAAM,IAAI,GAAwB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,oBAAY,CAAC,EAAE,CAAC;QAC/C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC;YACvB,SAAS;QACX,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAE7B,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;YAClD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CACP,uBAAuB,CACrB,SAAS,EACT,MAAM,EACN,mCAAmC,CACpC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,WAAmB;IAC3C,MAAM,QAAQ,GAAG,IAAA,uBAAc,EAAC,WAAW,CAAC,CAAC;IAE7C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO;gBACL,YAAY,EAAE,CAAC,WAAW,CAAC;gBAC3B,UAAU,EAAE,oCAAqB,CAAC,EAAE;aACrC,CAAC;QACJ,KAAK,OAAO;YACV,OAAO;gBACL,YAAY,EAAE,CAAC,WAAW,CAAC;gBAC3B,UAAU,EAAE,gCAAmB,CAAC,EAAE;aACnC,CAAC;QACJ,KAAK,QAAQ;YACX,OAAO,EAAE,YAAY,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC;IAC3C,CAAC;IAED,OAAO;QACL,UAAU,EAAE,iBAAiB;KAC9B,CAAC;AACJ,CAAC;AAED,MAAM,kBAAkB,GAAG,IAAA,aAAK,EAC9B,mDAAmD,CACpD,CAAC;AAEF,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACpE,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,mBAAmB,CAAC;IAEtD,IAAI,CAAC,wCAAuB,CAAC,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAsB;QACpC,OAAO;QACP,YAAY;QACZ,aAAa,EAAE,GAAG,OAAO,IAAI,YAAY,EAAE;QAC3C,OAAO,EAAE,eAAe;QACxB,UAAU,EAAE,wCAAuB,CAAC,EAAE;QACtC,yBAAyB,EAAE,0BAA0B;KACtD,CAAC;IAEF,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QAChD,UAAU,CAAC,UAAU,GAAG,iBAAiB,CAAC;IAC5C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,0CAA0C;AAC1C,MAAM,gBAAgB,GAA2B;IAC/C,EAAE,EAAE,aAAa,CAAC,EAAE;IACpB,IAAI,EAAE,cAAc,CAAC,EAAE;IACvB,MAAM,EAAE,aAAa,CAAC,EAAE;IAExB,uEAAuE;IACvE,WAAW;IACX,SAAS;CACV,CAAC;AAEF,SAAS,sBAAsB,CAAC,IAAW;IACzC,KAAK,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACpE,MAAM,UAAU,GAAG,iBAAiB,MAAM,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,UAAU,GAAG,CAAC,EAAE,CAAC;YACzE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,MAAM,UAAU,CAAC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,UAAU,EAAE,0CAAwB,CAAC,EAAE;YACvC,OAAO,EAAE,MAAM;YACf,WAAW,EAAE,WAAW,MAAM,WAAW;YACzC,UAAU;YACV,cAAc,EAAE,0CAA0C;YAC1D,YAAY;YACZ,OAAO,EAAE,WAAW;SACrB,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,MAAM,IAAI,GAAwB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,4BAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACpB,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAClD,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAe,EACf,WAAmB,EACnB,MAAqB;IAErB,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAEvD,MAAM,GAAG,GAAG,IAAA,iBAAQ,EAAC,EAAE,WAAW,EAAE,EAAE,GAAG,EAAE,CAAC,iBAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IACrE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACpC,OAAO,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,IAAI,GAAwB,EAAE,CAAC;IAErC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,GAAG,GAAG,IAAA,gBAAM,EAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;YAChE,IAAI,GAAG,EAAE,CAAC;gBACR,GAAG,CAAC,OAAO,GAAG,WAAW,CAAC;gBAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,IAAA,gBAAM,EAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;YAC1D,IAAI,GAAG,EAAE,CAAC;gBACR,GAAG,CAAC,OAAO,GAAG,SAAS,CAAC;gBACxB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YAClC,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,kBAAkB,CAChC,OAAe,EACf,WAAmB,EACnB,SAAwB,EAAE;IAE1B,eAAM,CAAC,KAAK,CAAC,qCAAqC,WAAW,GAAG,CAAC,CAAC;IAElE,MAAM,IAAI,GAAG;QACX,GAAG,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC;QACpC,GAAG,qBAAqB,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC;KACvD,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { GlobalConfig } from '../../../config/global';\nimport { logger, withMeta } from '../../../logger';\nimport { detectPlatform } from '../../../util/common';\nimport { newlineRegex, regEx } from '../../../util/regex';\nimport { ForgejoTagsDatasource } from '../../datasource/forgejo-tags';\nimport { GiteaTagsDatasource } from '../../datasource/gitea-tags';\nimport { GithubReleasesDatasource } from '../../datasource/github-releases';\nimport { GithubRunnersDatasource } from '../../datasource/github-runners';\nimport { GithubTagsDatasource } from '../../datasource/github-tags';\nimport * as dockerVersioning from '../../versioning/docker';\nimport * as nodeVersioning from '../../versioning/node';\nimport * as npmVersioning from '../../versioning/npm';\nimport { getDep } from '../dockerfile/extract';\nimport type {\n  ExtractConfig,\n  PackageDependency,\n  PackageFileContent,\n} from '../types';\nimport { CommunityActions } from './community';\nimport type { DockerReference, RepositoryReference } from './parse';\nimport { isSha, isShortSha, parseUsesLine } from './parse';\nimport type { Steps } from './schema';\nimport { Workflow } from './schema';\n\n// detects if we run against a Github Enterprise Server and adds the URL to the beginning of the registryURLs for looking up Actions\n// This reflects the behavior of how GitHub looks up Actions\n// First on the Enterprise Server, then on GitHub.com\nfunction detectCustomGitHubRegistryUrlsForActions(): PackageDependency {\n  const endpoint = GlobalConfig.get('endpoint');\n  const registryUrls = ['https://github.com'];\n  if (endpoint && GlobalConfig.get('platform') === 'github') {\n    const parsedEndpoint = new URL(endpoint);\n\n    if (\n      parsedEndpoint.host !== 'github.com' &&\n      parsedEndpoint.host !== 'api.github.com'\n    ) {\n      registryUrls.unshift(\n        `${parsedEndpoint.protocol}//${parsedEndpoint.host}`,\n      );\n      return { registryUrls };\n    }\n  }\n  return {};\n}\n\nfunction extractDockerAction(\n  actionRef: DockerReference,\n  config: ExtractConfig,\n): PackageDependency {\n  const dep = getDep(actionRef.originalRef, true, config.registryAliases);\n  dep.depType = 'docker';\n  dep.replaceString = actionRef.originalRef;\n  return dep;\n}\n\nfunction extractRepositoryAction(\n  actionRef: RepositoryReference,\n  parsed: ReturnType<typeof parseUsesLine> & object,\n  customRegistryUrlsPackageDependency: PackageDependency,\n): PackageDependency {\n  const {\n    replaceString: valueString,\n    quote,\n    commentData,\n    commentPrecedingWhitespace,\n  } = parsed;\n  const {\n    owner,\n    repo,\n    path: subPath,\n    ref,\n    hostname,\n    isExplicitHostname,\n  } = actionRef;\n\n  const registryUrl = isExplicitHostname ? `https://${hostname}/` : '';\n  const packageName = `${owner}/${repo}`;\n  const depName = `${registryUrl}${packageName}`;\n  const pathSuffix = subPath ? `/${subPath}` : '';\n  const commentWs = commentPrecedingWhitespace || ' ';\n\n  const dep: PackageDependency = {\n    depName,\n    commitMessageTopic: '{{{depName}}} action',\n    datasource: GithubTagsDatasource.id,\n    versioning: dockerVersioning.id,\n    depType: 'action',\n    replaceString: valueString,\n    autoReplaceStringTemplate: `${quote}{{depName}}${pathSuffix}@{{#if newDigest}}{{newDigest}}${quote}{{#if newValue}}${commentWs}# {{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}${quote}{{/unless}}`,\n    ...(isExplicitHostname\n      ? detectDatasource(registryUrl)\n      : customRegistryUrlsPackageDependency),\n  };\n\n  if (packageName !== depName) {\n    dep.packageName = packageName;\n  }\n\n  if (\n    commentData.pinnedVersion &&\n    !is.undefined(commentData.index) &&\n    !is.undefined(commentData.matchedString)\n  ) {\n    const cleanComment = parsed.commentString.slice(1);\n    const matchEndIndex = commentData.index + commentData.matchedString.length;\n    const commentSuffix = cleanComment.slice(0, matchEndIndex);\n    dep.replaceString =\n      valueString + commentPrecedingWhitespace + '#' + commentSuffix;\n  } else if (commentData.ratchetExclude) {\n    dep.replaceString =\n      valueString + commentPrecedingWhitespace + parsed.commentString;\n  }\n\n  if (isSha(ref)) {\n    dep.currentValue = commentData.pinnedVersion;\n    dep.currentDigest = ref;\n  } else if (isShortSha(ref)) {\n    dep.currentValue = commentData.pinnedVersion;\n    dep.currentDigestShort = ref;\n  } else {\n    dep.currentValue = ref;\n  }\n\n  return dep;\n}\n\nfunction extractWithRegex(\n  content: string,\n  config: ExtractConfig,\n): PackageDependency[] {\n  const customRegistryUrlsPackageDependency =\n    detectCustomGitHubRegistryUrlsForActions();\n  logger.trace('github-actions.extractWithRegex()');\n  const deps: PackageDependency[] = [];\n\n  for (const line of content.split(newlineRegex)) {\n    if (line.trim().startsWith('#')) {\n      continue;\n    }\n\n    const parsed = parseUsesLine(line);\n    if (!parsed?.actionRef) {\n      continue;\n    }\n\n    const { actionRef } = parsed;\n\n    if (actionRef.kind === 'docker') {\n      deps.push(extractDockerAction(actionRef, config));\n      continue;\n    }\n\n    if (actionRef.kind === 'repository') {\n      deps.push(\n        extractRepositoryAction(\n          actionRef,\n          parsed,\n          customRegistryUrlsPackageDependency,\n        ),\n      );\n    }\n  }\n\n  return deps;\n}\n\nfunction detectDatasource(registryUrl: string): PackageDependency {\n  const platform = detectPlatform(registryUrl);\n\n  switch (platform) {\n    case 'forgejo':\n      return {\n        registryUrls: [registryUrl],\n        datasource: ForgejoTagsDatasource.id,\n      };\n    case 'gitea':\n      return {\n        registryUrls: [registryUrl],\n        datasource: GiteaTagsDatasource.id,\n      };\n    case 'github':\n      return { registryUrls: [registryUrl] };\n  }\n\n  return {\n    skipReason: 'unsupported-url',\n  };\n}\n\nconst runnerVersionRegex = regEx(\n  /^\\s*(?<depName>[a-zA-Z]+)-(?<currentValue>[^\\s]+)/,\n);\n\nfunction extractRunner(runner: string): PackageDependency | null {\n  const runnerVersionGroups = runnerVersionRegex.exec(runner)?.groups;\n  if (!runnerVersionGroups) {\n    return null;\n  }\n\n  const { depName, currentValue } = runnerVersionGroups;\n\n  if (!GithubRunnersDatasource.isValidRunner(depName, currentValue)) {\n    return null;\n  }\n\n  const dependency: PackageDependency = {\n    depName,\n    currentValue,\n    replaceString: `${depName}-${currentValue}`,\n    depType: 'github-runner',\n    datasource: GithubRunnersDatasource.id,\n    autoReplaceStringTemplate: '{{depName}}-{{newValue}}',\n  };\n\n  if (!dockerVersioning.api.isValid(currentValue)) {\n    dependency.skipReason = 'invalid-version';\n  }\n\n  return dependency;\n}\n\n// For official https://github.com/actions\nconst versionedActions: Record<string, string> = {\n  go: npmVersioning.id,\n  node: nodeVersioning.id,\n  python: npmVersioning.id,\n\n  // Not covered yet because they use different datasources/packageNames:\n  // - dotnet\n  // - java\n};\n\nfunction extractVersionedAction(step: Steps): PackageDependency | null {\n  for (const [action, versioning] of Object.entries(versionedActions)) {\n    const actionName = `actions/setup-${action}`;\n    if (step.uses !== actionName && !step.uses?.startsWith(`${actionName}@`)) {\n      continue;\n    }\n\n    const fieldName = `${action}-version`;\n    const currentValue = step.with?.[fieldName];\n    if (!currentValue) {\n      return null;\n    }\n\n    return {\n      datasource: GithubReleasesDatasource.id,\n      depName: action,\n      packageName: `actions/${action}-versions`,\n      versioning,\n      extractVersion: '^(?<version>\\\\d+\\\\.\\\\d+\\\\.\\\\d+)(-\\\\d+)?$',\n      currentValue,\n      depType: 'uses-with',\n    };\n  }\n  return null;\n}\n\nfunction extractSteps(steps: Steps[]): PackageDependency[] {\n  const deps: PackageDependency[] = [];\n\n  for (const step of steps) {\n    const res = CommunityActions.safeParse(step);\n    if (res.success) {\n      deps.push(res.data);\n      continue;\n    }\n\n    const versionedDep = extractVersionedAction(step);\n    if (versionedDep) {\n      deps.push(versionedDep);\n    }\n  }\n\n  return deps;\n}\n\nfunction extractWithYAMLParser(\n  content: string,\n  packageFile: string,\n  config: ExtractConfig,\n): PackageDependency[] {\n  logger.trace('github-actions.extractWithYAMLParser()');\n\n  const obj = withMeta({ packageFile }, () => Workflow.parse(content));\n  if (!obj) {\n    return [];\n  }\n\n  if ('runs' in obj && obj.runs.steps) {\n    return extractSteps(obj.runs.steps);\n  }\n\n  if (!('jobs' in obj)) {\n    return [];\n  }\n\n  const deps: PackageDependency[] = [];\n\n  for (const job of Object.values(obj.jobs)) {\n    if (job.container) {\n      const dep = getDep(job.container, true, config.registryAliases);\n      if (dep) {\n        dep.depType = 'container';\n        deps.push(dep);\n      }\n    }\n\n    for (const service of job.services) {\n      const dep = getDep(service, true, config.registryAliases);\n      if (dep) {\n        dep.depType = 'service';\n        deps.push(dep);\n      }\n    }\n\n    for (const runner of job['runs-on']) {\n      const dep = extractRunner(runner);\n      if (dep) {\n        deps.push(dep);\n      }\n    }\n\n    deps.push(...extractSteps(job.steps));\n  }\n\n  return deps;\n}\n\nexport function extractPackageFile(\n  content: string,\n  packageFile: string,\n  config: ExtractConfig = {}, // TODO: enforce ExtractConfig\n): PackageFileContent | null {\n  logger.trace(`github-actions.extractPackageFile(${packageFile})`);\n\n  const deps = [\n    ...extractWithRegex(content, config),\n    ...extractWithYAMLParser(content, packageFile, config),\n  ];\n\n  if (!deps.length) {\n    return null;\n  }\n\n  return { deps };\n}\n"]}

package/dist/modules/manager/github-actions/parse.d.ts

@@ -0,0 +1,70 @@
+interface QuotedValue {
+    value: string;
+    quote: string;
+}
+export declare function parseQuote(input: string): QuotedValue;
+/**
+ * Docker container:
+ * - `docker://image:tag`
+ * - `docker://image@digest`
+ * - `docker://image:tag@digest`
+ */
+export interface DockerReference {
+    kind: 'docker';
+    image: string;
+    tag?: string;
+    digest?: string;
+    originalRef: string;
+}
+/**
+ * Local file or directory:
+ * - `./path/to/action`
+ * - `./.github/workflows/main.yml`
+ */
+export interface LocalReference {
+    kind: 'local';
+    path: string;
+}
+/**
+ * Repository:
+ * - `owner/repo[/path]@ref`
+ * - `https://host/owner/repo[/path]@ref`
+ */
+export interface RepositoryReference {
+    kind: 'repository';
+    hostname: string;
+    isExplicitHostname: boolean;
+    owner: string;
+    repo: string;
+    path?: string;
+    ref: string;
+}
+export type ActionReference = DockerReference | LocalReference | RepositoryReference;
+export interface ParsedUsesLine {
+    /** The whitespace before "uses:" */
+    indentation: string;
+    /** The `uses:` (and optional `-`) part */
+    usesPrefix: string;
+    /** The raw value part, potentially quoted (e.g. `actions/checkout@v2`) */
+    replaceString: string;
+    /** Whitespace between value and `#` */
+    commentPrecedingWhitespace: string;
+    /** The full comment including `#` */
+    commentString: string;
+    actionRef: ActionReference | null;
+    commentData: CommentData;
+    /** The quote char used (' or " or empty) */
+    quote: string;
+}
+export declare function isSha(str: string): boolean;
+export declare function isShortSha(str: string): boolean;
+export declare function parseActionReference(uses: string): ActionReference | null;
+export interface CommentData {
+    pinnedVersion?: string;
+    ratchetExclude?: boolean;
+    matchedString?: string;
+    index?: number;
+}
+export declare function parseComment(commentBody: string): CommentData;
+export declare function parseUsesLine(line: string): ParsedUsesLine | null;
+export {};

package/dist/modules/manager/github-actions/parse.js

@@ -0,0 +1,167 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseQuote = parseQuote;
+exports.isSha = isSha;
+exports.isShortSha = isShortSha;
+exports.parseActionReference = parseActionReference;
+exports.parseComment = parseComment;
+exports.parseUsesLine = parseUsesLine;
+const tslib_1 = require("tslib");
+const is_1 = tslib_1.__importDefault(require("@sindresorhus/is"));
+const regex_1 = require("../../../util/regex");
+function splitFirstFrom(str, sep, start) {
+    const idx = str.indexOf(sep, start);
+    if (idx === -1) {
+        return null;
+    }
+    return [str.slice(0, idx), str.slice(idx + sep.length)];
+}
+function splitFirst(str, sep) {
+    return splitFirstFrom(str, sep, 0);
+}
+function parseQuote(input) {
+    const trimmed = input.trim();
+    const first = trimmed[0];
+    const last = trimmed[trimmed.length - 1];
+    if (trimmed.length >= 2 &&
+        first === last &&
+        (first === '"' || first === "'")) {
+        return { value: trimmed.slice(1, -1), quote: first };
+    }
+    return { value: trimmed, quote: '' };
+}
+const shaRe = (0, regex_1.regEx)(/^(?:[a-f0-9]{40}|[a-f0-9]{64})$/);
+const shaShortRe = (0, regex_1.regEx)(/^[a-f0-9]{6,7}$/);
+function isSha(str) {
+    return shaRe.test(str);
+}
+function isShortSha(str) {
+    return shaShortRe.test(str);
+}
+const DOCKER_PREFIX = 'docker://';
+function parseDockerReference(input) {
+    const originalRef = input.slice(DOCKER_PREFIX.length);
+    if (!originalRef) {
+        return null;
+    }
+    const digestParts = splitFirst(originalRef, '@');
+    if (digestParts) {
+        const [image, digest] = digestParts;
+        return { kind: 'docker', image, digest, originalRef };
+    }
+    // Find tag: look for first colon after last slash (to avoid matching port in registry)
+    const lastSlashIndex = originalRef.lastIndexOf('/');
+    const searchStart = lastSlashIndex === -1 ? 0 : lastSlashIndex + 1;
+    const tagParts = splitFirstFrom(originalRef, ':', searchStart);
+    if (tagParts) {
+        const [image, tag] = tagParts;
+        return { kind: 'docker', image, tag, originalRef };
+    }
+    return { kind: 'docker', image: originalRef, originalRef };
+}
+const repositoryActionRegex = (0, regex_1.regEx)(/^(?:https:\/\/(?<hostname>[^/]+)\/)?(?<owner>[^/]+)\/(?<repo>[^/]+)(?:\/(?<path>.+?))?@(?<ref>.+)$/);
+function parseRepositoryReference(input) {
+    const match = repositoryActionRegex.exec(input);
+    if (!match?.groups) {
+        return null;
+    }
+    const { owner, repo, path, ref } = match.groups;
+    let { hostname } = match.groups;
+    let isExplicitHostname = true;
+    if (is_1.default.undefined(hostname)) {
+        hostname = 'github.com';
+        isExplicitHostname = false;
+    }
+    return {
+        kind: 'repository',
+        hostname,
+        isExplicitHostname,
+        owner,
+        repo,
+        path,
+        ref,
+    };
+}
+function parseActionReference(uses) {
+    if (!uses) {
+        return null;
+    }
+    if (uses.startsWith(DOCKER_PREFIX)) {
+        return parseDockerReference(uses);
+    }
+    if (uses.startsWith('./') || uses.startsWith('../')) {
+        return { kind: 'local', path: uses };
+    }
+    return parseRepositoryReference(uses);
+}
+// Matches version strings with optional prefixes, e.g.:
+// - "@v1.2.3", "v1.2.3", "1.2.3"
+// - "renovate: pin @v1.2.3", "tag=v1.2.3"
+// - "ratchet:owner/repo@v1.2.3"
+// - "stable/v1.2.3", "stable-v1.2.3"
+const pinnedVersionRe = (0, regex_1.regEx)(/^\s*(?:(?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?|(?:ratchet:[\w-]+\/[.\w-]+))?@?(?<version>([\w-]*[-/])?v?\d+(?:\.\d+(?:\.\d+)?)?)/);
+function parseComment(commentBody) {
+    const trimmed = commentBody.trim();
+    if (trimmed === 'ratchet:exclude') {
+        return { ratchetExclude: true };
+    }
+    // We use commentBody (with leading spaces) to get the correct index relative to the comment start
+    const match = pinnedVersionRe.exec(commentBody);
+    if (match?.groups?.version) {
+        return {
+            pinnedVersion: match.groups.version,
+            matchedString: match[0],
+            index: match.index,
+        };
+    }
+    return {};
+}
+const usesLineRegex = (0, regex_1.regEx)(/^(?<prefix>\s+(?:-\s+)?uses\s*:\s*)(?<remainder>.+)$/);
+function parseUsesLine(line) {
+    const match = usesLineRegex.exec(line);
+    if (!match?.groups) {
+        return null;
+    }
+    const { prefix, remainder } = match.groups;
+    if (remainder.startsWith('#')) {
+        return null;
+    }
+    const indentation = prefix.slice(0, prefix.indexOf('uses'));
+    // We look for ' #' to determine where the comment starts.
+    // This is a safe heuristic for valid "uses" values which cannot contain spaces.
+    const commentIndex = remainder.indexOf(' #');
+    // No comment case
+    if (commentIndex === -1) {
+        const { value, quote } = parseQuote(remainder);
+        return {
+            indentation,
+            usesPrefix: prefix,
+            replaceString: remainder.trim(),
+            commentPrecedingWhitespace: '',
+            commentString: '',
+            actionRef: parseActionReference(value),
+            commentData: {},
+            quote,
+        };
+    }
+    // Has comment: split value and comment
+    const rawValuePart = remainder.slice(0, commentIndex);
+    const commentPart = remainder.slice(commentIndex + 1); // starts at #
+    // Calculate whitespace between value and #
+    const partBeforeHash = remainder.slice(0, commentIndex + 1);
+    const commentPrecedingWhitespace = partBeforeHash.slice(partBeforeHash.trimEnd().length);
+    const { value, quote } = parseQuote(rawValuePart);
+    // commentPart always starts with '#' since we found ' #' and sliced after the space
+    const cleanCommentBody = commentPart.slice(1);
+    return {
+        indentation,
+        usesPrefix: prefix,
+        replaceString: rawValuePart.trim(),
+        commentPrecedingWhitespace,
+        commentString: commentPart,
+        actionRef: parseActionReference(value),
+        commentData: parseComment(cleanCommentBody),
+        quote,
+    };
+}
+//# sourceMappingURL=parse.js.map

package/dist/modules/manager/github-actions/parse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse.js","sourceRoot":"","sources":["../../../../lib/modules/manager/github-actions/parse.ts"],"names":[],"mappings":";;AAwBA,gCAcC;AA2ED,sBAEC;AAED,gCAEC;AA2DD,oDAcC;AAkBD,oCAiBC;AAMD,sCAyDC;;AAlSD,kEAAkC;AAClC,+CAA4C;AAE5C,SAAS,cAAc,CACrB,GAAW,EACX,GAAW,EACX,KAAa;IAEb,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACpC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,UAAU,CAAC,GAAW,EAAE,GAAW;IAC1C,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AACrC,CAAC;AAOD,SAAgB,UAAU,CAAC,KAAa;IACtC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAEzC,IACE,OAAO,CAAC,MAAM,IAAI,CAAC;QACnB,KAAK,KAAK,IAAI;QACd,CAAC,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,GAAG,CAAC,EAChC,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACvD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;AACvC,CAAC;AAwED,MAAM,KAAK,GAAG,IAAA,aAAK,EAAC,iCAAiC,CAAC,CAAC;AACvD,MAAM,UAAU,GAAG,IAAA,aAAK,EAAC,iBAAiB,CAAC,CAAC;AAE5C,SAAgB,KAAK,CAAC,GAAW;IAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,SAAgB,UAAU,CAAC,GAAW;IACpC,OAAO,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,aAAa,GAAG,WAAW,CAAC;AAElC,SAAS,oBAAoB,CAAC,KAAa;IACzC,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IACjD,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,WAAW,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACxD,CAAC;IAED,uFAAuF;IACvF,MAAM,cAAc,GAAG,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IAE/D,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,QAAQ,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,CAAC;IACrD,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AAC7D,CAAC;AAED,MAAM,qBAAqB,GAAG,IAAA,aAAK,EACjC,oGAAoG,CACrG,CAAC;AAEF,SAAS,wBAAwB,CAAC,KAAa;IAC7C,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC;IAEhD,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC;IAChC,IAAI,kBAAkB,GAAG,IAAI,CAAC;IAC9B,IAAI,YAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,QAAQ,GAAG,YAAY,CAAC;QACxB,kBAAkB,GAAG,KAAK,CAAC;IAC7B,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ;QACR,kBAAkB;QAClB,KAAK;QACL,IAAI;QACJ,IAAI;QACJ,GAAG;KACJ,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB,CAAC,IAAY;IAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACnC,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AASD,wDAAwD;AACxD,iCAAiC;AACjC,0CAA0C;AAC1C,gCAAgC;AAChC,qCAAqC;AACrC,MAAM,eAAe,GAAG,IAAA,aAAK,EAC3B,qIAAqI,CACtI,CAAC;AAEF,SAAgB,YAAY,CAAC,WAAmB;IAC9C,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,OAAO,KAAK,iBAAiB,EAAE,CAAC;QAClC,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IAClC,CAAC;IAED,kGAAkG;IAClG,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAChD,IAAI,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC3B,OAAO;YACL,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,OAAO;YACnC,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC;YACvB,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,aAAa,GAAG,IAAA,aAAK,EACzB,sDAAsD,CACvD,CAAC;AAEF,SAAgB,aAAa,CAAC,IAAY;IACxC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC;IAE3C,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAE5D,0DAA0D;IAC1D,gFAAgF;IAChF,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7C,kBAAkB;IAClB,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;QACxB,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/C,OAAO;YACL,WAAW;YACX,UAAU,EAAE,MAAM;YAClB,aAAa,EAAE,SAAS,CAAC,IAAI,EAAE;YAC/B,0BAA0B,EAAE,EAAE;YAC9B,aAAa,EAAE,EAAE;YACjB,SAAS,EAAE,oBAAoB,CAAC,KAAK,CAAC;YACtC,WAAW,EAAE,EAAE;YACf,KAAK;SACN,CAAC;IACJ,CAAC;IAED,uCAAuC;IACvC,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc;IAErE,2CAA2C;IAC3C,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,GAAG,CAAC,CAAC,CAAC;IAC5D,MAAM,0BAA0B,GAAG,cAAc,CAAC,KAAK,CACrD,cAAc,CAAC,OAAO,EAAE,CAAC,MAAM,CAChC,CAAC;IAEF,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IAClD,oFAAoF;IACpF,MAAM,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE9C,OAAO;QACL,WAAW;QACX,UAAU,EAAE,MAAM;QAClB,aAAa,EAAE,YAAY,CAAC,IAAI,EAAE;QAClC,0BAA0B;QAC1B,aAAa,EAAE,WAAW;QAC1B,SAAS,EAAE,oBAAoB,CAAC,KAAK,CAAC;QACtC,WAAW,EAAE,YAAY,CAAC,gBAAgB,CAAC;QAC3C,KAAK;KACN,CAAC;AACJ,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { regEx } from '../../../util/regex';\n\nfunction splitFirstFrom(\n  str: string,\n  sep: string,\n  start: number,\n): [string, string] | null {\n  const idx = str.indexOf(sep, start);\n  if (idx === -1) {\n    return null;\n  }\n  return [str.slice(0, idx), str.slice(idx + sep.length)];\n}\n\nfunction splitFirst(str: string, sep: string): [string, string] | null {\n  return splitFirstFrom(str, sep, 0);\n}\n\ninterface QuotedValue {\n  value: string;\n  quote: string;\n}\n\nexport function parseQuote(input: string): QuotedValue {\n  const trimmed = input.trim();\n  const first = trimmed[0];\n  const last = trimmed[trimmed.length - 1];\n\n  if (\n    trimmed.length >= 2 &&\n    first === last &&\n    (first === '\"' || first === \"'\")\n  ) {\n    return { value: trimmed.slice(1, -1), quote: first };\n  }\n\n  return { value: trimmed, quote: '' };\n}\n\n/**\n * Docker container:\n * - `docker://image:tag`\n * - `docker://image@digest`\n * - `docker://image:tag@digest`\n */\nexport interface DockerReference {\n  kind: 'docker';\n  image: string;\n  tag?: string;\n  digest?: string;\n  originalRef: string;\n}\n\n/**\n * Local file or directory:\n * - `./path/to/action`\n * - `./.github/workflows/main.yml`\n */\nexport interface LocalReference {\n  kind: 'local';\n  path: string;\n}\n\n/**\n * Repository:\n * - `owner/repo[/path]@ref`\n * - `https://host/owner/repo[/path]@ref`\n */\nexport interface RepositoryReference {\n  kind: 'repository';\n\n  hostname: string;\n  isExplicitHostname: boolean;\n\n  owner: string;\n  repo: string;\n  path?: string;\n\n  ref: string;\n}\n\nexport type ActionReference =\n  | DockerReference\n  | LocalReference\n  | RepositoryReference;\n\nexport interface ParsedUsesLine {\n  /** The whitespace before \"uses:\" */\n  indentation: string;\n\n  /** The `uses:` (and optional `-`) part */\n  usesPrefix: string;\n\n  /** The raw value part, potentially quoted (e.g. `actions/checkout@v2`) */\n  replaceString: string;\n\n  /** Whitespace between value and `#` */\n  commentPrecedingWhitespace: string;\n\n  /** The full comment including `#` */\n  commentString: string;\n\n  actionRef: ActionReference | null;\n  commentData: CommentData;\n\n  /** The quote char used (' or \" or empty) */\n  quote: string;\n}\n\nconst shaRe = regEx(/^(?:[a-f0-9]{40}|[a-f0-9]{64})$/);\nconst shaShortRe = regEx(/^[a-f0-9]{6,7}$/);\n\nexport function isSha(str: string): boolean {\n  return shaRe.test(str);\n}\n\nexport function isShortSha(str: string): boolean {\n  return shaShortRe.test(str);\n}\n\nconst DOCKER_PREFIX = 'docker://';\n\nfunction parseDockerReference(input: string): DockerReference | null {\n  const originalRef = input.slice(DOCKER_PREFIX.length);\n  if (!originalRef) {\n    return null;\n  }\n\n  const digestParts = splitFirst(originalRef, '@');\n  if (digestParts) {\n    const [image, digest] = digestParts;\n    return { kind: 'docker', image, digest, originalRef };\n  }\n\n  // Find tag: look for first colon after last slash (to avoid matching port in registry)\n  const lastSlashIndex = originalRef.lastIndexOf('/');\n  const searchStart = lastSlashIndex === -1 ? 0 : lastSlashIndex + 1;\n  const tagParts = splitFirstFrom(originalRef, ':', searchStart);\n\n  if (tagParts) {\n    const [image, tag] = tagParts;\n    return { kind: 'docker', image, tag, originalRef };\n  }\n\n  return { kind: 'docker', image: originalRef, originalRef };\n}\n\nconst repositoryActionRegex = regEx(\n  /^(?:https:\\/\\/(?<hostname>[^/]+)\\/)?(?<owner>[^/]+)\\/(?<repo>[^/]+)(?:\\/(?<path>.+?))?@(?<ref>.+)$/,\n);\n\nfunction parseRepositoryReference(input: string): RepositoryReference | null {\n  const match = repositoryActionRegex.exec(input);\n  if (!match?.groups) {\n    return null;\n  }\n\n  const { owner, repo, path, ref } = match.groups;\n\n  let { hostname } = match.groups;\n  let isExplicitHostname = true;\n  if (is.undefined(hostname)) {\n    hostname = 'github.com';\n    isExplicitHostname = false;\n  }\n\n  return {\n    kind: 'repository',\n    hostname,\n    isExplicitHostname,\n    owner,\n    repo,\n    path,\n    ref,\n  };\n}\n\nexport function parseActionReference(uses: string): ActionReference | null {\n  if (!uses) {\n    return null;\n  }\n\n  if (uses.startsWith(DOCKER_PREFIX)) {\n    return parseDockerReference(uses);\n  }\n\n  if (uses.startsWith('./') || uses.startsWith('../')) {\n    return { kind: 'local', path: uses };\n  }\n\n  return parseRepositoryReference(uses);\n}\n\nexport interface CommentData {\n  pinnedVersion?: string;\n  ratchetExclude?: boolean;\n  matchedString?: string;\n  index?: number;\n}\n\n// Matches version strings with optional prefixes, e.g.:\n// - \"@v1.2.3\", \"v1.2.3\", \"1.2.3\"\n// - \"renovate: pin @v1.2.3\", \"tag=v1.2.3\"\n// - \"ratchet:owner/repo@v1.2.3\"\n// - \"stable/v1.2.3\", \"stable-v1.2.3\"\nconst pinnedVersionRe = regEx(\n  /^\\s*(?:(?:renovate\\s*:\\s*)?(?:pin\\s+|tag\\s*=\\s*)?|(?:ratchet:[\\w-]+\\/[.\\w-]+))?@?(?<version>([\\w-]*[-/])?v?\\d+(?:\\.\\d+(?:\\.\\d+)?)?)/,\n);\n\nexport function parseComment(commentBody: string): CommentData {\n  const trimmed = commentBody.trim();\n  if (trimmed === 'ratchet:exclude') {\n    return { ratchetExclude: true };\n  }\n\n  // We use commentBody (with leading spaces) to get the correct index relative to the comment start\n  const match = pinnedVersionRe.exec(commentBody);\n  if (match?.groups?.version) {\n    return {\n      pinnedVersion: match.groups.version,\n      matchedString: match[0],\n      index: match.index,\n    };\n  }\n\n  return {};\n}\n\nconst usesLineRegex = regEx(\n  /^(?<prefix>\\s+(?:-\\s+)?uses\\s*:\\s*)(?<remainder>.+)$/,\n);\n\nexport function parseUsesLine(line: string): ParsedUsesLine | null {\n  const match = usesLineRegex.exec(line);\n  if (!match?.groups) {\n    return null;\n  }\n\n  const { prefix, remainder } = match.groups;\n\n  if (remainder.startsWith('#')) {\n    return null;\n  }\n\n  const indentation = prefix.slice(0, prefix.indexOf('uses'));\n\n  // We look for ' #' to determine where the comment starts.\n  // This is a safe heuristic for valid \"uses\" values which cannot contain spaces.\n  const commentIndex = remainder.indexOf(' #');\n\n  // No comment case\n  if (commentIndex === -1) {\n    const { value, quote } = parseQuote(remainder);\n    return {\n      indentation,\n      usesPrefix: prefix,\n      replaceString: remainder.trim(),\n      commentPrecedingWhitespace: '',\n      commentString: '',\n      actionRef: parseActionReference(value),\n      commentData: {},\n      quote,\n    };\n  }\n\n  // Has comment: split value and comment\n  const rawValuePart = remainder.slice(0, commentIndex);\n  const commentPart = remainder.slice(commentIndex + 1); // starts at #\n\n  // Calculate whitespace between value and #\n  const partBeforeHash = remainder.slice(0, commentIndex + 1);\n  const commentPrecedingWhitespace = partBeforeHash.slice(\n    partBeforeHash.trimEnd().length,\n  );\n\n  const { value, quote } = parseQuote(rawValuePart);\n  // commentPart always starts with '#' since we found ' #' and sliced after the space\n  const cleanCommentBody = commentPart.slice(1);\n\n  return {\n    indentation,\n    usesPrefix: prefix,\n    replaceString: rawValuePart.trim(),\n    commentPrecedingWhitespace,\n    commentString: commentPart,\n    actionRef: parseActionReference(value),\n    commentData: parseComment(cleanCommentBody),\n    quote,\n  };\n}\n"]}

package/dist/util/exec/common.d.ts

@@ -1,3 +1,3 @@
 import type { ExecResult, RawExecOptions } from './types';
-export declare function exec(cmd: string, opts: RawExecOptions): Promise<ExecResult>;
+export declare function exec(theCmd: string, opts: RawExecOptions): Promise<ExecResult>;
 export declare const rawExec: (cmd: string, opts: RawExecOptions) => Promise<ExecResult>;

package/dist/util/exec/common.js

@@ -4,6 +4,7 @@ exports.rawExec = void 0;
 exports.exec = exec;
 const is_1 = require("@sindresorhus/is");
 const execa_1 = require("execa");
+const shlex_1 = require("shlex");
 const instrumentation_1 = require("../../instrumentation");
 const env_1 = require("../env");
 const sanitize_1 = require("../sanitize");
@@ -65,15 +66,27 @@ function registerDataListeners(readable, dataListeners) {
         readable.on('data', listener);
     }
 }
-function exec(cmd, opts) {
+function exec(theCmd, opts) {
     return new Promise((resolve, reject) => {
+        let cmd = theCmd;
+        let args = [];
         const maxBuffer = opts.maxBuffer ?? 10 * 1024 * 1024; // Set default max buffer size to 10MB
-        const cp = (0, execa_1.execa)(cmd, {
+        // don't use shell by default, as it leads to potential security issues
+        const shell = opts.shell ?? false;
+        // if we're not in shell mode, we need to provide the command and arguments
+        if (shell === false) {
+            const parts = (0, shlex_1.split)(cmd);
+            if (parts) {
+                cmd = parts[0];
+                args = parts.slice(1);
+            }
+        }
+        const cp = (0, execa_1.execa)(cmd, args, {
             ...opts,
             // force detached on non WIN platforms
             // https://github.com/nodejs/node/issues/21825#issuecomment-611328888
             detached: process.platform !== 'win32',
-            shell: typeof opts.shell === 'string' ? opts.shell : true, // force shell
+            shell,
         });
         // handle streams
         const [stdout, stderr] = initStreamListeners(cp, {
@@ -92,14 +105,14 @@ function exec(cmd, opts) {
             }
             if (signal) {
                 kill(cp, signal);
-                reject(new exec_error_1.ExecError(`Command failed: ${cmd}\nInterrupted by ${signal}`, {
+                reject(new exec_error_1.ExecError(`Command failed: ${cp.spawnargs.join(' ')}\nInterrupted by ${signal}`, {
                     ...rejectInfo(),
                     signal,
                 }));
                 return;
             }
             if (code !== 0) {
-                reject(new exec_error_1.ExecError(`Command failed: ${cmd}\n${stringify(stderr)}`, {
+                reject(new exec_error_1.ExecError(`Command failed: ${cp.spawnargs.join(' ')}\n${stringify(stderr)}`, {
                     ...rejectInfo(),
                     exitCode: code,
                 }));

package/dist/util/exec/common.js.map

@@ -1 +1 @@
-{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../lib/util/exec/common.ts"],"names":[],"mappings":";;;AAiFA,oBA8DC;AA7ID,yCAAqD;AACrD,iCAA8B;AAC9B,2DAAmD;AACnD,gCAAgC;AAChC,0CAAuC;AAEvC,6CAAyC;AAGzC,2DAA2D;AAC3D,wBAAwB;AACxB,2GAA2G;AAC3G,MAAM,OAAO,GAAG;IACd,SAAS;IACT,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,QAAQ;IACR,UAAU;CACX,CAAC;AAEF,MAAM,QAAQ,GAAG,MAAM,CAAC;AAExB,SAAS,SAAS,CAAC,IAAc;IAC/B,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,mBAAmB,CAC1B,EAAgB,EAChB,IAA4C;IAE5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,qBAAqB,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC/D,qBAAqB,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAE/D,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACtC,yCAAyC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC/C,SAAS,IAAI,GAAG,CAAC;QACjB,IAAI,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACtC,yCAAyC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC/C,SAAS,IAAI,GAAG,CAAC;QACjB,IAAI,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,qBAAqB,CAC5B,QAAyB,EACzB,aAAyC;IAEzC,IAAI,IAAA,sBAAiB,EAAC,QAAQ,CAAC,IAAI,IAAA,sBAAiB,EAAC,aAAa,CAAC,EAAE,CAAC;QACpE,OAAO;IACT,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAChC,CAAC;AACH,CAAC;AAED,SAAgB,IAAI,CAAC,GAAW,EAAE,IAAoB;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,sCAAsC;QAC5F,MAAM,EAAE,GAAG,IAAA,aAAK,EAAC,GAAG,EAAE;YACpB,GAAG,IAAI;YACP,sCAAsC;YACtC,qEAAqE;YACrE,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;YACtC,KAAK,EAAE,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,cAAc;SAC1E,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,mBAAmB,CAAC,EAAE,EAAE;YAC/C,GAAG,IAAI;YACP,SAAS;SACV,CAAC,CAAC;QAEH,wBAAwB;QACxB,KAAK,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC5B,IAAI,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YACpB,mDAAmD;YACnD,MAAM,CAAC,IAAI,sBAAS,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,KAAK,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,MAAsB,EAAE,EAAE;YAC1D,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7B,OAAO;YACT,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;gBACjB,MAAM,CACJ,IAAI,sBAAS,CAAC,mBAAmB,GAAG,oBAAoB,MAAM,EAAE,EAAE;oBAChE,GAAG,UAAU,EAAE;oBACf,MAAM;iBACP,CAAC,CACH,CAAC;gBACF,OAAO;YACT,CAAC;YACD,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,MAAM,CACJ,IAAI,sBAAS,CAAC,mBAAmB,GAAG,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE;oBAC5D,GAAG,UAAU,EAAE;oBACf,QAAQ,EAAE,IAAI;iBACf,CAAC,CACH,CAAC;gBACF,OAAO;YACT,CAAC;YACD,OAAO,CAAC;gBACN,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;gBACzB,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;aAC1B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,SAAS,UAAU;YACjB,OAAO;gBACL,GAAG,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC3B,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;gBACzB,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;aAC1B,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,IAAI,CAAC,EAAgB,EAAE,MAAsB;IACpD,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,GAAG,IAAI,IAAA,YAAM,GAAE,CAAC,2BAA2B,EAAE,CAAC;YACnD;;;;;eAKG;YACH,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,+CAA+C;YAC/C,4DAA4D;YAC5D,8GAA8G;YAC9G,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gFAAgF;QAChF,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAEM,MAAM,OAAO,GAGO,CAAC,GAAW,EAAE,IAAoB,EAAE,EAAE,CAC/D,IAAA,4BAAU,EAAC,YAAY,IAAA,mBAAQ,EAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;AAJpD,QAAA,OAAO,WAI6C","sourcesContent":["import type { ChildProcess } from 'node:child_process';\nimport type { Readable } from 'node:stream';\nimport { isNullOrUndefined } from '@sindresorhus/is';\nimport { execa } from 'execa';\nimport { instrument } from '../../instrumentation';\nimport { getEnv } from '../env';\nimport { sanitize } from '../sanitize';\nimport type { ExecErrorData } from './exec-error';\nimport { ExecError } from './exec-error';\nimport type { DataListener, ExecResult, RawExecOptions } from './types';\n\n// https://man7.org/linux/man-pages/man7/signal.7.html#NAME\n// Non TERM/CORE signals\n// The following is step 3. in https://github.com/renovatebot/renovate/issues/16197#issuecomment-1171423890\nconst NONTERM = [\n  'SIGCHLD',\n  'SIGCLD',\n  'SIGCONT',\n  'SIGSTOP',\n  'SIGTSTP',\n  'SIGTTIN',\n  'SIGTTOU',\n  'SIGURG',\n  'SIGWINCH',\n];\n\nconst encoding = 'utf8';\n\nfunction stringify(list: Buffer[]): string {\n  return Buffer.concat(list).toString(encoding);\n}\n\nfunction initStreamListeners(\n  cp: ChildProcess,\n  opts: RawExecOptions & { maxBuffer: number },\n): [Buffer[], Buffer[]] {\n  const stdout: Buffer[] = [];\n  const stderr: Buffer[] = [];\n  let stdoutLen = 0;\n  let stderrLen = 0;\n\n  registerDataListeners(cp.stdout, opts.outputListeners?.stdout);\n  registerDataListeners(cp.stderr, opts.outputListeners?.stderr);\n\n  cp.stdout?.on('data', (chunk: Buffer) => {\n    // process.stdout.write(data.toString());\n    const len = Buffer.byteLength(chunk, encoding);\n    stdoutLen += len;\n    if (stdoutLen > opts.maxBuffer) {\n      cp.emit('error', new Error('stdout maxBuffer exceeded'));\n    } else {\n      stdout.push(chunk);\n    }\n  });\n\n  cp.stderr?.on('data', (chunk: Buffer) => {\n    // process.stderr.write(data.toString());\n    const len = Buffer.byteLength(chunk, encoding);\n    stderrLen += len;\n    if (stderrLen > opts.maxBuffer) {\n      cp.emit('error', new Error('stderr maxBuffer exceeded'));\n    } else {\n      stderr.push(chunk);\n    }\n  });\n  return [stdout, stderr];\n}\n\nfunction registerDataListeners(\n  readable: Readable | null,\n  dataListeners: DataListener[] | undefined,\n): void {\n  if (isNullOrUndefined(readable) || isNullOrUndefined(dataListeners)) {\n    return;\n  }\n\n  for (const listener of dataListeners) {\n    readable.on('data', listener);\n  }\n}\n\nexport function exec(cmd: string, opts: RawExecOptions): Promise<ExecResult> {\n  return new Promise((resolve, reject) => {\n    const maxBuffer = opts.maxBuffer ?? 10 * 1024 * 1024; // Set default max buffer size to 10MB\n    const cp = execa(cmd, {\n      ...opts,\n      // force detached on non WIN platforms\n      // https://github.com/nodejs/node/issues/21825#issuecomment-611328888\n      detached: process.platform !== 'win32',\n      shell: typeof opts.shell === 'string' ? opts.shell : true, // force shell\n    });\n\n    // handle streams\n    const [stdout, stderr] = initStreamListeners(cp, {\n      ...opts,\n      maxBuffer,\n    });\n\n    // handle process events\n    void cp.on('error', (error) => {\n      kill(cp, 'SIGTERM');\n      // rethrowing, use originally emitted error message\n      reject(new ExecError(error.message, rejectInfo(), error));\n    });\n\n    void cp.on('exit', (code: number, signal: NodeJS.Signals) => {\n      if (NONTERM.includes(signal)) {\n        return;\n      }\n      if (signal) {\n        kill(cp, signal);\n        reject(\n          new ExecError(`Command failed: ${cmd}\\nInterrupted by ${signal}`, {\n            ...rejectInfo(),\n            signal,\n          }),\n        );\n        return;\n      }\n      if (code !== 0) {\n        reject(\n          new ExecError(`Command failed: ${cmd}\\n${stringify(stderr)}`, {\n            ...rejectInfo(),\n            exitCode: code,\n          }),\n        );\n        return;\n      }\n      resolve({\n        stderr: stringify(stderr),\n        stdout: stringify(stdout),\n      });\n    });\n\n    function rejectInfo(): ExecErrorData {\n      return {\n        cmd: cp.spawnargs.join(' '),\n        options: opts,\n        stdout: stringify(stdout),\n        stderr: stringify(stderr),\n      };\n    }\n  });\n}\n\nfunction kill(cp: ChildProcess, signal: NodeJS.Signals): boolean {\n  try {\n    if (cp.pid && getEnv().RENOVATE_X_EXEC_GPID_HANDLE) {\n      /**\n       * If `pid` is negative, but not `-1`, signal shall be sent to all processes\n       * (excluding an unspecified set of system processes),\n       * whose process group ID (pgid) is equal to the absolute value of pid,\n       * and for which the process has permission to send a signal.\n       */\n      return process.kill(-cp.pid, signal);\n    } else {\n      // destroying stdio is needed for unref to work\n      // https://nodejs.org/api/child_process.html#subprocessunref\n      // https://github.com/nodejs/node/blob/4d5ff25a813fd18939c9f76b17e36291e3ea15c3/lib/child_process.js#L412-L426\n      cp.stderr?.destroy();\n      cp.stdout?.destroy();\n      cp.unref();\n      return cp.kill(signal);\n    }\n  } catch {\n    // cp is a single node tree, therefore -pid is invalid as there is no such pgid,\n    return false;\n  }\n}\n\nexport const rawExec: (\n  cmd: string,\n  opts: RawExecOptions,\n) => Promise<ExecResult> = (cmd: string, opts: RawExecOptions) =>\n  instrument(`rawExec: ${sanitize(cmd)}`, () => exec(cmd, opts));\n"]}
+{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../lib/util/exec/common.ts"],"names":[],"mappings":";;;AAkFA,oBAqFC;AArKD,yCAAqD;AACrD,iCAA8B;AAC9B,iCAA8B;AAC9B,2DAAmD;AACnD,gCAAgC;AAChC,0CAAuC;AAEvC,6CAAyC;AAGzC,2DAA2D;AAC3D,wBAAwB;AACxB,2GAA2G;AAC3G,MAAM,OAAO,GAAG;IACd,SAAS;IACT,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,QAAQ;IACR,UAAU;CACX,CAAC;AAEF,MAAM,QAAQ,GAAG,MAAM,CAAC;AAExB,SAAS,SAAS,CAAC,IAAc;IAC/B,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,mBAAmB,CAC1B,EAAgB,EAChB,IAA4C;IAE5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,qBAAqB,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC/D,qBAAqB,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAE/D,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACtC,yCAAyC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC/C,SAAS,IAAI,GAAG,CAAC;QACjB,IAAI,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACtC,yCAAyC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC/C,SAAS,IAAI,GAAG,CAAC;QACjB,IAAI,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,qBAAqB,CAC5B,QAAyB,EACzB,aAAyC;IAEzC,IAAI,IAAA,sBAAiB,EAAC,QAAQ,CAAC,IAAI,IAAA,sBAAiB,EAAC,aAAa,CAAC,EAAE,CAAC;QACpE,OAAO;IACT,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAChC,CAAC;AACH,CAAC;AAED,SAAgB,IAAI,CAClB,MAAc,EACd,IAAoB;IAEpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,GAAG,GAAG,MAAM,CAAC;QACjB,IAAI,IAAI,GAAa,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,sCAAsC;QAE5F,uEAAuE;QACvE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;QAClC,2EAA2E;QAC3E,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,IAAA,aAAK,EAAC,GAAG,CAAC,CAAC;YACzB,IAAI,KAAK,EAAE,CAAC;gBACV,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACf,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,MAAM,EAAE,GAAG,IAAA,aAAK,EAAC,GAAG,EAAE,IAAI,EAAE;YAC1B,GAAG,IAAI;YACP,sCAAsC;YACtC,qEAAqE;YACrE,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;YACtC,KAAK;SACN,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,mBAAmB,CAAC,EAAE,EAAE;YAC/C,GAAG,IAAI;YACP,SAAS;SACV,CAAC,CAAC;QAEH,wBAAwB;QACxB,KAAK,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC5B,IAAI,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YACpB,mDAAmD;YACnD,MAAM,CAAC,IAAI,sBAAS,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,KAAK,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,MAAsB,EAAE,EAAE;YAC1D,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7B,OAAO;YACT,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;gBACjB,MAAM,CACJ,IAAI,sBAAS,CACX,mBAAmB,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,MAAM,EAAE,EACrE;oBACE,GAAG,UAAU,EAAE;oBACf,MAAM;iBACP,CACF,CACF,CAAC;gBACF,OAAO;YACT,CAAC;YACD,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,MAAM,CACJ,IAAI,sBAAS,CACX,mBAAmB,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,EACjE;oBACE,GAAG,UAAU,EAAE;oBACf,QAAQ,EAAE,IAAI;iBACf,CACF,CACF,CAAC;gBACF,OAAO;YACT,CAAC;YACD,OAAO,CAAC;gBACN,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;gBACzB,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;aAC1B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,SAAS,UAAU;YACjB,OAAO;gBACL,GAAG,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC3B,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;gBACzB,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;aAC1B,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,IAAI,CAAC,EAAgB,EAAE,MAAsB;IACpD,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,GAAG,IAAI,IAAA,YAAM,GAAE,CAAC,2BAA2B,EAAE,CAAC;YACnD;;;;;eAKG;YACH,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,+CAA+C;YAC/C,4DAA4D;YAC5D,8GAA8G;YAC9G,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gFAAgF;QAChF,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAEM,MAAM,OAAO,GAGO,CAAC,GAAW,EAAE,IAAoB,EAAE,EAAE,CAC/D,IAAA,4BAAU,EAAC,YAAY,IAAA,mBAAQ,EAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;AAJpD,QAAA,OAAO,WAI6C","sourcesContent":["import type { ChildProcess } from 'node:child_process';\nimport type { Readable } from 'node:stream';\nimport { isNullOrUndefined } from '@sindresorhus/is';\nimport { execa } from 'execa';\nimport { split } from 'shlex';\nimport { instrument } from '../../instrumentation';\nimport { getEnv } from '../env';\nimport { sanitize } from '../sanitize';\nimport type { ExecErrorData } from './exec-error';\nimport { ExecError } from './exec-error';\nimport type { DataListener, ExecResult, RawExecOptions } from './types';\n\n// https://man7.org/linux/man-pages/man7/signal.7.html#NAME\n// Non TERM/CORE signals\n// The following is step 3. in https://github.com/renovatebot/renovate/issues/16197#issuecomment-1171423890\nconst NONTERM = [\n  'SIGCHLD',\n  'SIGCLD',\n  'SIGCONT',\n  'SIGSTOP',\n  'SIGTSTP',\n  'SIGTTIN',\n  'SIGTTOU',\n  'SIGURG',\n  'SIGWINCH',\n];\n\nconst encoding = 'utf8';\n\nfunction stringify(list: Buffer[]): string {\n  return Buffer.concat(list).toString(encoding);\n}\n\nfunction initStreamListeners(\n  cp: ChildProcess,\n  opts: RawExecOptions & { maxBuffer: number },\n): [Buffer[], Buffer[]] {\n  const stdout: Buffer[] = [];\n  const stderr: Buffer[] = [];\n  let stdoutLen = 0;\n  let stderrLen = 0;\n\n  registerDataListeners(cp.stdout, opts.outputListeners?.stdout);\n  registerDataListeners(cp.stderr, opts.outputListeners?.stderr);\n\n  cp.stdout?.on('data', (chunk: Buffer) => {\n    // process.stdout.write(data.toString());\n    const len = Buffer.byteLength(chunk, encoding);\n    stdoutLen += len;\n    if (stdoutLen > opts.maxBuffer) {\n      cp.emit('error', new Error('stdout maxBuffer exceeded'));\n    } else {\n      stdout.push(chunk);\n    }\n  });\n\n  cp.stderr?.on('data', (chunk: Buffer) => {\n    // process.stderr.write(data.toString());\n    const len = Buffer.byteLength(chunk, encoding);\n    stderrLen += len;\n    if (stderrLen > opts.maxBuffer) {\n      cp.emit('error', new Error('stderr maxBuffer exceeded'));\n    } else {\n      stderr.push(chunk);\n    }\n  });\n  return [stdout, stderr];\n}\n\nfunction registerDataListeners(\n  readable: Readable | null,\n  dataListeners: DataListener[] | undefined,\n): void {\n  if (isNullOrUndefined(readable) || isNullOrUndefined(dataListeners)) {\n    return;\n  }\n\n  for (const listener of dataListeners) {\n    readable.on('data', listener);\n  }\n}\n\nexport function exec(\n  theCmd: string,\n  opts: RawExecOptions,\n): Promise<ExecResult> {\n  return new Promise((resolve, reject) => {\n    let cmd = theCmd;\n    let args: string[] = [];\n    const maxBuffer = opts.maxBuffer ?? 10 * 1024 * 1024; // Set default max buffer size to 10MB\n\n    // don't use shell by default, as it leads to potential security issues\n    const shell = opts.shell ?? false;\n    // if we're not in shell mode, we need to provide the command and arguments\n    if (shell === false) {\n      const parts = split(cmd);\n      if (parts) {\n        cmd = parts[0];\n        args = parts.slice(1);\n      }\n    }\n\n    const cp = execa(cmd, args, {\n      ...opts,\n      // force detached on non WIN platforms\n      // https://github.com/nodejs/node/issues/21825#issuecomment-611328888\n      detached: process.platform !== 'win32',\n      shell,\n    });\n\n    // handle streams\n    const [stdout, stderr] = initStreamListeners(cp, {\n      ...opts,\n      maxBuffer,\n    });\n\n    // handle process events\n    void cp.on('error', (error) => {\n      kill(cp, 'SIGTERM');\n      // rethrowing, use originally emitted error message\n      reject(new ExecError(error.message, rejectInfo(), error));\n    });\n\n    void cp.on('exit', (code: number, signal: NodeJS.Signals) => {\n      if (NONTERM.includes(signal)) {\n        return;\n      }\n      if (signal) {\n        kill(cp, signal);\n        reject(\n          new ExecError(\n            `Command failed: ${cp.spawnargs.join(' ')}\\nInterrupted by ${signal}`,\n            {\n              ...rejectInfo(),\n              signal,\n            },\n          ),\n        );\n        return;\n      }\n      if (code !== 0) {\n        reject(\n          new ExecError(\n            `Command failed: ${cp.spawnargs.join(' ')}\\n${stringify(stderr)}`,\n            {\n              ...rejectInfo(),\n              exitCode: code,\n            },\n          ),\n        );\n        return;\n      }\n      resolve({\n        stderr: stringify(stderr),\n        stdout: stringify(stdout),\n      });\n    });\n\n    function rejectInfo(): ExecErrorData {\n      return {\n        cmd: cp.spawnargs.join(' '),\n        options: opts,\n        stdout: stringify(stdout),\n        stderr: stringify(stderr),\n      };\n    }\n  });\n}\n\nfunction kill(cp: ChildProcess, signal: NodeJS.Signals): boolean {\n  try {\n    if (cp.pid && getEnv().RENOVATE_X_EXEC_GPID_HANDLE) {\n      /**\n       * If `pid` is negative, but not `-1`, signal shall be sent to all processes\n       * (excluding an unspecified set of system processes),\n       * whose process group ID (pgid) is equal to the absolute value of pid,\n       * and for which the process has permission to send a signal.\n       */\n      return process.kill(-cp.pid, signal);\n    } else {\n      // destroying stdio is needed for unref to work\n      // https://nodejs.org/api/child_process.html#subprocessunref\n      // https://github.com/nodejs/node/blob/4d5ff25a813fd18939c9f76b17e36291e3ea15c3/lib/child_process.js#L412-L426\n      cp.stderr?.destroy();\n      cp.stdout?.destroy();\n      cp.unref();\n      return cp.kill(signal);\n    }\n  } catch {\n    // cp is a single node tree, therefore -pid is invalid as there is no such pgid,\n    return false;\n  }\n}\n\nexport const rawExec: (\n  cmd: string,\n  opts: RawExecOptions,\n) => Promise<ExecResult> = (cmd: string, opts: RawExecOptions) =>\n  instrument(`rawExec: ${sanitize(cmd)}`, () => exec(cmd, opts));\n"]}

package/dist/util/exec/types.d.ts

@@ -44,4 +44,5 @@ export interface ExecOptions {
     ignoreStdout?: boolean;
     maxBuffer?: number | undefined;
     timeout?: number | undefined;
+    shell?: boolean | string | undefined;
 }

package/dist/util/exec/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../lib/util/exec/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { Options as ExecaOptions } from 'execa';\n\nexport interface ToolConstraint {\n  toolName: string;\n  constraint?: string | null;\n}\n\nexport interface ToolConfig {\n  datasource: string;\n  extractVersion?: string;\n  packageName: string;\n  hash?: boolean;\n  versioning: string;\n}\n\nexport type Opt<T> = T | null | undefined;\n\nexport type VolumesPair = [string, string];\nexport type VolumeOption = Opt<string | VolumesPair>;\n\nexport interface DockerOptions {\n  volumes?: Opt<VolumeOption[]>;\n  envVars?: Opt<Opt<string>[]>;\n  cwd?: Opt<string>;\n}\n\nexport type DataListener = (chunk: any) => void;\nexport interface OutputListeners {\n  stdout?: DataListener[];\n  stderr?: DataListener[];\n}\n\nexport interface RawExecOptions extends ExecaOptions {\n  maxBuffer?: number | undefined;\n  cwd?: string;\n  outputListeners?: OutputListeners;\n}\n\nexport interface ExecResult {\n  stdout: string;\n  stderr: string;\n}\n\nexport type ExtraEnv<T = unknown> = Record<string, T>;\n\nexport interface ExecOptions {\n  cwd?: string;\n  cwdFile?: string;\n  env?: Opt<ExtraEnv>;\n  extraEnv?: Opt<ExtraEnv>;\n  docker?: Opt<DockerOptions>;\n  toolConstraints?: Opt<ToolConstraint[]>;\n  preCommands?: Opt<string[]>;\n  ignoreStdout?: boolean;\n  // Following are pass-through to child process\n  maxBuffer?: number | undefined;\n  timeout?: number | undefined;\n}\n"]}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../lib/util/exec/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { Options as ExecaOptions } from 'execa';\n\nexport interface ToolConstraint {\n  toolName: string;\n  constraint?: string | null;\n}\n\nexport interface ToolConfig {\n  datasource: string;\n  extractVersion?: string;\n  packageName: string;\n  hash?: boolean;\n  versioning: string;\n}\n\nexport type Opt<T> = T | null | undefined;\n\nexport type VolumesPair = [string, string];\nexport type VolumeOption = Opt<string | VolumesPair>;\n\nexport interface DockerOptions {\n  volumes?: Opt<VolumeOption[]>;\n  envVars?: Opt<Opt<string>[]>;\n  cwd?: Opt<string>;\n}\n\nexport type DataListener = (chunk: any) => void;\nexport interface OutputListeners {\n  stdout?: DataListener[];\n  stderr?: DataListener[];\n}\n\nexport interface RawExecOptions extends ExecaOptions {\n  maxBuffer?: number | undefined;\n  cwd?: string;\n  outputListeners?: OutputListeners;\n}\n\nexport interface ExecResult {\n  stdout: string;\n  stderr: string;\n}\n\nexport type ExtraEnv<T = unknown> = Record<string, T>;\n\nexport interface ExecOptions {\n  cwd?: string;\n  cwdFile?: string;\n  env?: Opt<ExtraEnv>;\n  extraEnv?: Opt<ExtraEnv>;\n  docker?: Opt<DockerOptions>;\n  toolConstraints?: Opt<ToolConstraint[]>;\n  preCommands?: Opt<string[]>;\n  ignoreStdout?: boolean;\n  // Following are pass-through to child process\n  maxBuffer?: number | undefined;\n  timeout?: number | undefined;\n  shell?: boolean | string | undefined;\n}\n"]}

package/dist/workers/repository/update/branch/execute-post-upgrade-commands.js

@@ -82,6 +82,9 @@ async function postUpgradeCommandsExecutor(filteredUpgradeCommands, config) {
                     try {
                         logger_1.logger.trace({ cmd: compiledCmd }, 'Executing post-upgrade task');
                         const execOpts = {
+                            // WARNING to self-hosted administrators: always run post-upgrade commands with `shell` mode on, which has the risk of arbitrary environment variable access or additional command execution
+                            // It is very likely this will be susceptible to these risks, even if you allowlist (via `allowedCommands`), as there may be special characters included in the given commands that can be leveraged here
+                            shell: true,
                             cwd: (0, is_1.isNonEmptyString)(workingDir)
                                 ? workingDir
                                 : global_1.GlobalConfig.get('localDir'),

package/dist/workers/repository/update/branch/execute-post-upgrade-commands.js.map

@@ -1 +1 @@
-{"version":3,"file":"execute-post-upgrade-commands.js","sourceRoot":"","sources":["../../../../../lib/workers/repository/update/branch/execute-post-upgrade-commands.ts"],"names":[],"mappings":";;AAiCA,kEAuQC;AAED,6CAuCC;;AAjVD,4DAA4B;AAC5B,cAAc;AACd,yCAA8E;AAC9E,0DAA0B;AAC1B,+CAAsD;AACtD,sDAAyD;AACzD,+CAAqD;AAErD,kDAAqD;AACrD,gDAA6C;AAE7C,4CAO6B;AAC7B,8CAAqD;AACrD,oDAAuE;AAEvE,0DAAuD;AACvD,kDAA+C;AAC/C,wDAAqD;AACrD,wDAAoD;AAQ7C,KAAK,UAAU,2BAA2B,CAC/C,uBAA8C,EAC9C,MAAoB;IAEpB,IAAI,gBAAgB,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5D,MAAM,cAAc,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1D,MAAM,eAAe,GAAG,qBAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAE5D,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,IAAA,gBAAO,EAAC,EAAE,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAClC,eAAM,CAAC,KAAK,CACV;YACE,KAAK,EAAE,OAAO,CAAC,gBAAgB;YAC/B,eAAe;SAChB,EACD,iCAAiC,CAClC,CAAC;QACF,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,EAAE,QAAQ,CAAC;QACpD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;QACpE,MAAM,WAAW,GAAG,OAAO,CAAC,gBAAgB,EAAE,WAAW,IAAI,CAAC,MAAM,CAAC,CAAC;QACtE,IAAI,IAAA,oBAAe,EAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,6EAA6E;YAC7E,MAAM,uBAAuB,GAC3B,MAAM,CAAC,mBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACvD,KAAK,MAAM,IAAI,IAAI,uBAAuB,EAAE,CAAC;gBAC3C,MAAM,YAAY,GAAG,MAAM,IAAA,oBAAe,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;oBAChE,IAAI,QAAuB,CAAC;oBAC5B,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBACtC,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACxC,CAAC;yBAAM,CAAC;wBACN,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;oBAC3B,CAAC;oBACD,cAAc;oBACd,MAAM,IAAA,mBAAc,EAAC,IAAI,CAAC,IAAI,EAAE,QAAS,CAAC,CAAC;gBAC7C,CAAC;YACH,CAAC;YAED,IAAI,YAAY,GAAkB,IAAI,CAAC;YACvC,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,eAAe,GAAG,IAAA,mBAAQ,EAC9B,IAAA,kBAAO,EAAC,gBAAgB,EAAE,IAAA,yBAAgB,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAC7D,CAAC;gBACF,eAAM,CAAC,KAAK,CACV,EAAE,gBAAgB,EAAE,EACpB,qDAAqD,CACtD,CAAC;gBAEF,MAAM,YAAY,GAAG,0BAA0B,gBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC;gBAC3F,YAAY,GAAG,eAAK,CAAC,IAAI,CAAC,IAAA,oBAAe,GAAE,EAAE,YAAY,CAAC,CAAC;gBAE3D,IAAI,CAAC;oBACH,MAAM,IAAA,oBAAe,EAAC,YAAY,EAAE,eAAe,CAAC,CAAC;oBAErD,eAAM,CAAC,KAAK,CACV,EAAE,YAAY,EAAE,eAAe,EAAE,EACjC,0CAA0C,CAC3C,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,cAAc,CAAC,IAAI,CAAC;wBAClB,MAAM,EAAE,IAAA,mBAAQ,EACd,uDAAuD,YAAY,aAAa,KAAK,CAAC,OAAO,EAAE,CAChG;qBACF,CAAC,CAAC;oBAEH,YAAY,GAAG,IAAI,CAAC;gBACtB,CAAC;YACH,CAAC;YAED,MAAM,kBAAkB,GAAG,OAAO,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;YACxE,IAAI,UAAU,GAAkB,IAAI,CAAC;YAErC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,GAAG,IAAA,mBAAQ,EACnB,IAAA,kBAAO,EAAC,kBAAkB,EAAE,IAAA,yBAAgB,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAC/D,CAAC;gBACF,MAAM,IAAA,mBAAc,EAAC,UAAU,CAAC,CAAC;gBACjC,eAAM,CAAC,KAAK,CACV,EAAE,kBAAkB,EAAE,EACtB,6DAA6D,CAC9D,CAAC;YACJ,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,WAAW,GAAG,IAAA,kBAAO,EAAC,GAAG,EAAE,IAAA,yBAAgB,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;gBACpE,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;oBACxB,eAAM,CAAC,KAAK,CACV,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,EAC5B,wCAAwC,CACzC,CAAC;gBACJ,CAAC;gBACD,IACE,eAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,aAAK,EAAC,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EACpE,CAAC;oBACD,IAAI,CAAC;wBACH,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE,6BAA6B,CAAC,CAAC;wBAElE,MAAM,QAAQ,GAAgB;4BAC5B,GAAG,EAAE,IAAA,qBAAgB,EAAC,UAAU,CAAC;gCAC/B,CAAC,CAAC,UAAU;gCACZ,CAAC,CAAC,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC;4BAChC,QAAQ,EAAE,IAAA,iCAA0B,GAAE;yBACvC,CAAC;wBACF,IAAI,YAAY,EAAE,CAAC;4BACjB,QAAQ,CAAC,GAAG,GAAG;gCACb,uCAAuC,EAAE,YAAY;6BACtD,CAAC;wBACJ,CAAC;wBACD,MAAM,UAAU,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;wBAErD,eAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE,EACnC,4BAA4B,CAC7B,CAAC;oBACJ,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,cAAc,CAAC,IAAI,CAAC;4BAClB,QAAQ,EAAE,OAAO,CAAC,WAAW;4BAC7B,MAAM,EAAE,IAAA,mBAAQ,EAAC,KAAK,CAAC,OAAO,CAAC;yBAChC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,eAAM,CAAC,IAAI,CACT;wBACE,GAAG,EAAE,WAAW;wBAChB,eAAe;qBAChB,EACD,6DAA6D,CAC9D,CAAC;oBACF,cAAc,CAAC,IAAI,CAAC;wBAClB,QAAQ,EAAE,OAAO,CAAC,WAAW;wBAC7B,MAAM,EAAE,IAAA,mBAAQ,EACd,yBAAyB,WAAW,6DAA6D,CAClG;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAa,GAAE,CAAC;YAErC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,qCAAqC,CAAC,CAAC;YAEhE,eAAM,CAAC,KAAK,CACV;gBACE,UAAU,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM;gBACpC,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM;gBACtC,YAAY,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM;gBACpC,YAAY,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM;aACrC,EACD,4CAA4C,CAC7C,CAAC;YAEF,MAAM,oBAAoB,GAAG;gBAC3B,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,SAAS,CAAC;gBAChC,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,QAAQ,CAAC;gBAC/B,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;aACjD,CAAC;YACF,MAAM,YAAY,GAAG;gBACnB,GAAG,oBAAoB;gBACvB,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,CAAC;gBAC9B,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aACnD,CAAC;YAEF,4FAA4F;YAC5F,MAAM,sBAAsB,GAAG,gBAAgB,CAAC,MAAM,CACpD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,UAAU,CAC/B,CAAC;YACF,KAAK,MAAM,qBAAqB,IAAI,sBAAsB,EAAE,CAAC;gBAC3D,sCAAsC;gBACtC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvD,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,qBAAqB,CAAC,IAAI,EAAE,EACpC,gEAAgE,CACjE,CAAC;oBACF,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CACxC,CAAC,EAAE,EAAE,EAAE,CACL,CAAC,CACC,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,qBAAqB,CAAC,IAAI,CACjE,CACJ,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,eAAM,CAAC,KAAK,CAAC,EAAE,oBAAoB,EAAE,EAAE,yBAAyB,CAAC,CAAC;YAClE,eAAM,CAAC,KAAK,CACV,YAAY,oBAAoB,CAAC,MAAM,mDAAmD,CAC3F,CAAC;YAEF,MAAM,YAAY,GAAa,EAAE,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;YAED,KAAK,MAAM,YAAY,IAAI,oBAAoB,EAAE,CAAC;gBAChD,IACE,YAAY,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAC5B,IAAA,qBAAS,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CACtD,EACD,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,IAAI,WAAW,GAAG,KAAK,CAAC;gBACxB,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;oBAClC,IAAI,IAAA,qBAAS,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1D,WAAW,GAAG,IAAI,CAAC;wBACnB,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,EAC/B,yBAAyB,CAC1B,CAAC;wBACF,MAAM,eAAe,GAAG,MAAM,IAAA,kBAAa,EAAC,YAAY,CAAC,CAAC;wBAC1D,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,IAAI,CACpD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,CACjC,CAAC;wBACF,IAAI,wBAAwB,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;4BAClD,wBAAwB,CAAC,QAAQ,GAAG,eAAe,CAAC;wBACtD,CAAC;6BAAM,CAAC;4BACN,gBAAgB,CAAC,IAAI,CAAC;gCACpB,IAAI,EAAE,UAAU;gCAChB,IAAI,EAAE,YAAY;gCAClB,QAAQ,EAAE,eAAe;6BAC1B,CAAC,CAAC;wBACL,CAAC;wBACD,sGAAsG;wBACtG,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CACxC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,YAAY,CAAC,CAC9D,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,YAAY,EAAE,EACtB,kDAAkD,CACnD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,KAAK,MAAM,YAAY,IAAI,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;oBAClC,IAAI,IAAA,qBAAS,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1D,IACE,CAAC,gBAAgB,CAAC,IAAI,CACpB,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC,IAAI,KAAK,UAAU,CAC3D,EACD,CAAC;4BACD,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,EAC/B,2BAA2B,CAC5B,CAAC;4BACF,gBAAgB,CAAC,IAAI,CAAC;gCACpB,IAAI,EAAE,UAAU;gCAChB,IAAI,EAAE,YAAY;6BACnB,CAAC,CAAC;wBACL,CAAC;wBACD,sHAAsH;wBACtH,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CACxC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,YAAY,CAAC,CAC9D,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,CAAC;AAC9C,CAAC;AAEc,KAAK,UAAU,0BAA0B,CACtD,MAAoB;IAEpB,MAAM,eAAe,GACnB,CAAC,IAAA,YAAO,EAAC,MAAM,CAAC,mBAAmB,CAAC;QAClC,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAC;QACxC,CAAC,IAAA,YAAO,EAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3E,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,0EAA0E;QAC1E,eAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,qBAAqB,GAA0B;QACnD;YACE,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAChE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,gBAAgB,EACd,MAAM,CAAC,gBAAiB,CAAC,aAAa,KAAK,QAAQ;gBACjD,CAAC,CAAC,MAAM,CAAC,gBAAgB;gBACzB,CAAC,CAAC,SAAS;SAChB;KACF,CAAC;IAEF,MAAM,qBAAqB,GAA0B,MAAM,CAAC,QAAQ,CAAC,MAAM,CACzE,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE,CACvB,CAAC,gBAAgB,EAAE,aAAa;QAChC,gBAAgB,CAAC,aAAa,KAAK,QAAQ,CAC9C,CAAC;IAEF,MAAM,EAAE,gBAAgB,EAAE,cAAc,EAAE,GACxC,MAAM,2BAA2B,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACnE,OAAO,2BAA2B,CAAC,qBAAqB,EAAE;QACxD,GAAG,MAAM;QACT,gBAAgB;QAChB,cAAc;KACf,CAAC,CAAC;AACL,CAAC","sourcesContent":["import crypto from 'crypto';\n// TODO #22198\nimport { isArray, isNonEmptyArray, isNonEmptyString } from '@sindresorhus/is';\nimport upath from 'upath';\nimport { mergeChildConfig } from '../../../../config';\nimport { GlobalConfig } from '../../../../config/global';\nimport { addMeta, logger } from '../../../../logger';\nimport type { ArtifactError } from '../../../../modules/manager/types';\nimport { coerceArray } from '../../../../util/array';\nimport { exec } from '../../../../util/exec';\nimport type { ExecOptions } from '../../../../util/exec/types';\nimport {\n  ensureLocalDir,\n  localPathIsFile,\n  outputCacheFile,\n  privateCacheDir,\n  readLocalFile,\n  writeLocalFile,\n} from '../../../../util/fs';\nimport { getRepoStatus } from '../../../../util/git';\nimport { getGitEnvironmentVariables } from '../../../../util/git/auth';\nimport type { FileChange } from '../../../../util/git/types';\nimport { minimatch } from '../../../../util/minimatch';\nimport { regEx } from '../../../../util/regex';\nimport { sanitize } from '../../../../util/sanitize';\nimport { compile } from '../../../../util/template';\nimport type { BranchConfig, BranchUpgradeConfig } from '../../../types';\n\nexport interface PostUpgradeCommandsExecutionResult {\n  updatedArtifacts: FileChange[];\n  artifactErrors: ArtifactError[];\n}\n\nexport async function postUpgradeCommandsExecutor(\n  filteredUpgradeCommands: BranchUpgradeConfig[],\n  config: BranchConfig,\n): Promise<PostUpgradeCommandsExecutionResult> {\n  let updatedArtifacts = [...(config.updatedArtifacts ?? [])];\n  const artifactErrors = [...(config.artifactErrors ?? [])];\n  const allowedCommands = GlobalConfig.get('allowedCommands');\n\n  for (const upgrade of filteredUpgradeCommands) {\n    addMeta({ dep: upgrade.depName });\n    logger.trace(\n      {\n        tasks: upgrade.postUpgradeTasks,\n        allowedCommands,\n      },\n      `Checking for post-upgrade tasks`,\n    );\n    const commands = upgrade.postUpgradeTasks?.commands;\n    const dataFileTemplate = upgrade.postUpgradeTasks?.dataFileTemplate;\n    const fileFilters = upgrade.postUpgradeTasks?.fileFilters ?? ['**/*'];\n    if (isNonEmptyArray(commands)) {\n      // Persist updated files in file system so any executed commands can see them\n      const previouslyModifiedFiles =\n        config.updatedPackageFiles!.concat(updatedArtifacts);\n      for (const file of previouslyModifiedFiles) {\n        const canWriteFile = await localPathIsFile(file.path);\n        if (file.type === 'addition' && !file.isSymlink && canWriteFile) {\n          let contents: Buffer | null;\n          if (typeof file.contents === 'string') {\n            contents = Buffer.from(file.contents);\n          } else {\n            contents = file.contents;\n          }\n          // TODO #22198\n          await writeLocalFile(file.path, contents!);\n        }\n      }\n\n      let dataFilePath: string | null = null;\n      if (dataFileTemplate) {\n        const dataFileContent = sanitize(\n          compile(dataFileTemplate, mergeChildConfig(config, upgrade)),\n        );\n        logger.debug(\n          { dataFileTemplate },\n          'Processed post-upgrade commands data file template.',\n        );\n\n        const dataFileName = `post-upgrade-data-file-${crypto.randomBytes(8).toString('hex')}.tmp`;\n        dataFilePath = upath.join(privateCacheDir(), dataFileName);\n\n        try {\n          await outputCacheFile(dataFilePath, dataFileContent);\n\n          logger.debug(\n            { dataFilePath, dataFileContent },\n            'Created post-upgrade commands data file.',\n          );\n        } catch (error) {\n          artifactErrors.push({\n            stderr: sanitize(\n              `Failed to create post-upgrade commands data file at ${dataFilePath}, reason: ${error.message}`,\n            ),\n          });\n\n          dataFilePath = null;\n        }\n      }\n\n      const workingDirTemplate = upgrade.postUpgradeTasks?.workingDirTemplate;\n      let workingDir: string | null = null;\n\n      if (workingDirTemplate) {\n        workingDir = sanitize(\n          compile(workingDirTemplate, mergeChildConfig(config, upgrade)),\n        );\n        await ensureLocalDir(workingDir);\n        logger.trace(\n          { workingDirTemplate },\n          'Processed post-upgrade commands working directory template.',\n        );\n      }\n\n      for (const cmd of commands) {\n        const compiledCmd = compile(cmd, mergeChildConfig(config, upgrade));\n        if (compiledCmd !== cmd) {\n          logger.debug(\n            { rawCmd: cmd, compiledCmd },\n            'Post-upgrade command has been compiled',\n          );\n        }\n        if (\n          allowedCommands!.some((pattern) => regEx(pattern).test(compiledCmd))\n        ) {\n          try {\n            logger.trace({ cmd: compiledCmd }, 'Executing post-upgrade task');\n\n            const execOpts: ExecOptions = {\n              cwd: isNonEmptyString(workingDir)\n                ? workingDir\n                : GlobalConfig.get('localDir'),\n              extraEnv: getGitEnvironmentVariables(),\n            };\n            if (dataFilePath) {\n              execOpts.env = {\n                RENOVATE_POST_UPGRADE_COMMAND_DATA_FILE: dataFilePath,\n              };\n            }\n            const execResult = await exec(compiledCmd, execOpts);\n\n            logger.debug(\n              { cmd: compiledCmd, ...execResult },\n              'Executed post-upgrade task',\n            );\n          } catch (error) {\n            artifactErrors.push({\n              lockFile: upgrade.packageFile,\n              stderr: sanitize(error.message),\n            });\n          }\n        } else {\n          logger.warn(\n            {\n              cmd: compiledCmd,\n              allowedCommands,\n            },\n            'Post-upgrade task did not match any on allowedCommands list',\n          );\n          artifactErrors.push({\n            lockFile: upgrade.packageFile,\n            stderr: sanitize(\n              `Post-upgrade command '${compiledCmd}' has not been added to the allowed list in allowedCommands`,\n            ),\n          });\n        }\n      }\n\n      const status = await getRepoStatus();\n\n      logger.trace({ status }, 'git status after post-upgrade tasks');\n\n      logger.debug(\n        {\n          addedCount: status.not_added?.length,\n          modifiedCount: status.modified?.length,\n          deletedCount: status.deleted?.length,\n          renamedCount: status.renamed?.length,\n        },\n        'git status counts after post-upgrade tasks',\n      );\n\n      const addedOrModifiedFiles = [\n        ...coerceArray(status.not_added),\n        ...coerceArray(status.modified),\n        ...coerceArray(status.renamed?.map((x) => x.to)),\n      ];\n      const changedFiles = [\n        ...addedOrModifiedFiles,\n        ...coerceArray(status.deleted),\n        ...coerceArray(status.renamed?.map((x) => x.from)),\n      ];\n\n      // Check for files which were previously deleted but have been re-added without modification\n      const previouslyDeletedFiles = updatedArtifacts.filter(\n        (ua) => ua.type === 'deletion',\n      );\n      for (const previouslyDeletedFile of previouslyDeletedFiles) {\n        /* v8 ignore if -- TODO: needs test */\n        if (!changedFiles.includes(previouslyDeletedFile.path)) {\n          logger.debug(\n            { file: previouslyDeletedFile.path },\n            'Previously deleted file has been restored without modification',\n          );\n          updatedArtifacts = updatedArtifacts.filter(\n            (ua) =>\n              !(\n                ua.type === 'deletion' && ua.path === previouslyDeletedFile.path\n              ),\n          );\n        }\n      }\n\n      logger.trace({ addedOrModifiedFiles }, 'Added or modified files');\n      logger.debug(\n        `Checking ${addedOrModifiedFiles.length} added or modified files for post-upgrade changes`,\n      );\n\n      const fileExcludes: string[] = [];\n      if (config.npmrc) {\n        fileExcludes.push('.npmrc');\n      }\n\n      for (const relativePath of addedOrModifiedFiles) {\n        if (\n          fileExcludes.some((pattern) =>\n            minimatch(pattern, { dot: true }).match(relativePath),\n          )\n        ) {\n          continue;\n        }\n\n        let fileMatched = false;\n        for (const pattern of fileFilters) {\n          if (minimatch(pattern, { dot: true }).match(relativePath)) {\n            fileMatched = true;\n            logger.debug(\n              { file: relativePath, pattern },\n              'Post-upgrade file saved',\n            );\n            const existingContent = await readLocalFile(relativePath);\n            const existingUpdatedArtifacts = updatedArtifacts.find(\n              (ua) => ua.path === relativePath,\n            );\n            if (existingUpdatedArtifacts?.type === 'addition') {\n              existingUpdatedArtifacts.contents = existingContent;\n            } else {\n              updatedArtifacts.push({\n                type: 'addition',\n                path: relativePath,\n                contents: existingContent,\n              });\n            }\n            // If the file is deleted by a previous post-update command, remove the deletion from updatedArtifacts\n            updatedArtifacts = updatedArtifacts.filter(\n              (ua) => !(ua.type === 'deletion' && ua.path === relativePath),\n            );\n          }\n        }\n        if (!fileMatched) {\n          logger.debug(\n            { file: relativePath },\n            'Post-upgrade file did not match any file filters',\n          );\n        }\n      }\n\n      for (const relativePath of coerceArray(status.deleted)) {\n        for (const pattern of fileFilters) {\n          if (minimatch(pattern, { dot: true }).match(relativePath)) {\n            if (\n              !updatedArtifacts.some(\n                (ua) => ua.path === relativePath && ua.type === 'deletion',\n              )\n            ) {\n              logger.debug(\n                { file: relativePath, pattern },\n                'Post-upgrade file removed',\n              );\n              updatedArtifacts.push({\n                type: 'deletion',\n                path: relativePath,\n              });\n            }\n            // If the file is created or modified by a previous post-update command, remove the modification from updatedArtifacts\n            updatedArtifacts = updatedArtifacts.filter(\n              (ua) => !(ua.type === 'addition' && ua.path === relativePath),\n            );\n          }\n        }\n      }\n    }\n  }\n  return { updatedArtifacts, artifactErrors };\n}\n\nexport default async function executePostUpgradeCommands(\n  config: BranchConfig,\n): Promise<PostUpgradeCommandsExecutionResult | null> {\n  const hasChangedFiles =\n    (isArray(config.updatedPackageFiles) &&\n      config.updatedPackageFiles.length > 0) ||\n    (isArray(config.updatedArtifacts) && config.updatedArtifacts.length > 0);\n\n  if (!hasChangedFiles) {\n    /* Only run post-upgrade tasks if there are changes to package files... */\n    logger.debug('No changes to package files, skipping post-upgrade tasks');\n    return null;\n  }\n\n  const branchUpgradeCommands: BranchUpgradeConfig[] = [\n    {\n      manager: config.manager,\n      depName: config.upgrades.map(({ depName }) => depName).join(' '),\n      branchName: config.branchName,\n      postUpgradeTasks:\n        config.postUpgradeTasks!.executionMode === 'branch'\n          ? config.postUpgradeTasks\n          : undefined,\n    },\n  ];\n\n  const updateUpgradeCommands: BranchUpgradeConfig[] = config.upgrades.filter(\n    ({ postUpgradeTasks }) =>\n      !postUpgradeTasks?.executionMode ||\n      postUpgradeTasks.executionMode === 'update',\n  );\n\n  const { updatedArtifacts, artifactErrors } =\n    await postUpgradeCommandsExecutor(updateUpgradeCommands, config);\n  return postUpgradeCommandsExecutor(branchUpgradeCommands, {\n    ...config,\n    updatedArtifacts,\n    artifactErrors,\n  });\n}\n"]}
+{"version":3,"file":"execute-post-upgrade-commands.js","sourceRoot":"","sources":["../../../../../lib/workers/repository/update/branch/execute-post-upgrade-commands.ts"],"names":[],"mappings":";;AAiCA,kEA2QC;AAED,6CAuCC;;AArVD,4DAA4B;AAC5B,cAAc;AACd,yCAA8E;AAC9E,0DAA0B;AAC1B,+CAAsD;AACtD,sDAAyD;AACzD,+CAAqD;AAErD,kDAAqD;AACrD,gDAA6C;AAE7C,4CAO6B;AAC7B,8CAAqD;AACrD,oDAAuE;AAEvE,0DAAuD;AACvD,kDAA+C;AAC/C,wDAAqD;AACrD,wDAAoD;AAQ7C,KAAK,UAAU,2BAA2B,CAC/C,uBAA8C,EAC9C,MAAoB;IAEpB,IAAI,gBAAgB,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5D,MAAM,cAAc,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1D,MAAM,eAAe,GAAG,qBAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAE5D,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,IAAA,gBAAO,EAAC,EAAE,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAClC,eAAM,CAAC,KAAK,CACV;YACE,KAAK,EAAE,OAAO,CAAC,gBAAgB;YAC/B,eAAe;SAChB,EACD,iCAAiC,CAClC,CAAC;QACF,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,EAAE,QAAQ,CAAC;QACpD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;QACpE,MAAM,WAAW,GAAG,OAAO,CAAC,gBAAgB,EAAE,WAAW,IAAI,CAAC,MAAM,CAAC,CAAC;QACtE,IAAI,IAAA,oBAAe,EAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,6EAA6E;YAC7E,MAAM,uBAAuB,GAC3B,MAAM,CAAC,mBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACvD,KAAK,MAAM,IAAI,IAAI,uBAAuB,EAAE,CAAC;gBAC3C,MAAM,YAAY,GAAG,MAAM,IAAA,oBAAe,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;oBAChE,IAAI,QAAuB,CAAC;oBAC5B,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBACtC,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACxC,CAAC;yBAAM,CAAC;wBACN,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;oBAC3B,CAAC;oBACD,cAAc;oBACd,MAAM,IAAA,mBAAc,EAAC,IAAI,CAAC,IAAI,EAAE,QAAS,CAAC,CAAC;gBAC7C,CAAC;YACH,CAAC;YAED,IAAI,YAAY,GAAkB,IAAI,CAAC;YACvC,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,eAAe,GAAG,IAAA,mBAAQ,EAC9B,IAAA,kBAAO,EAAC,gBAAgB,EAAE,IAAA,yBAAgB,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAC7D,CAAC;gBACF,eAAM,CAAC,KAAK,CACV,EAAE,gBAAgB,EAAE,EACpB,qDAAqD,CACtD,CAAC;gBAEF,MAAM,YAAY,GAAG,0BAA0B,gBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC;gBAC3F,YAAY,GAAG,eAAK,CAAC,IAAI,CAAC,IAAA,oBAAe,GAAE,EAAE,YAAY,CAAC,CAAC;gBAE3D,IAAI,CAAC;oBACH,MAAM,IAAA,oBAAe,EAAC,YAAY,EAAE,eAAe,CAAC,CAAC;oBAErD,eAAM,CAAC,KAAK,CACV,EAAE,YAAY,EAAE,eAAe,EAAE,EACjC,0CAA0C,CAC3C,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,cAAc,CAAC,IAAI,CAAC;wBAClB,MAAM,EAAE,IAAA,mBAAQ,EACd,uDAAuD,YAAY,aAAa,KAAK,CAAC,OAAO,EAAE,CAChG;qBACF,CAAC,CAAC;oBAEH,YAAY,GAAG,IAAI,CAAC;gBACtB,CAAC;YACH,CAAC;YAED,MAAM,kBAAkB,GAAG,OAAO,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;YACxE,IAAI,UAAU,GAAkB,IAAI,CAAC;YAErC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,GAAG,IAAA,mBAAQ,EACnB,IAAA,kBAAO,EAAC,kBAAkB,EAAE,IAAA,yBAAgB,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAC/D,CAAC;gBACF,MAAM,IAAA,mBAAc,EAAC,UAAU,CAAC,CAAC;gBACjC,eAAM,CAAC,KAAK,CACV,EAAE,kBAAkB,EAAE,EACtB,6DAA6D,CAC9D,CAAC;YACJ,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,WAAW,GAAG,IAAA,kBAAO,EAAC,GAAG,EAAE,IAAA,yBAAgB,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;gBACpE,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;oBACxB,eAAM,CAAC,KAAK,CACV,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,EAC5B,wCAAwC,CACzC,CAAC;gBACJ,CAAC;gBACD,IACE,eAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,aAAK,EAAC,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EACpE,CAAC;oBACD,IAAI,CAAC;wBACH,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE,6BAA6B,CAAC,CAAC;wBAElE,MAAM,QAAQ,GAAgB;4BAC5B,4LAA4L;4BAC5L,yMAAyM;4BACzM,KAAK,EAAE,IAAI;4BAEX,GAAG,EAAE,IAAA,qBAAgB,EAAC,UAAU,CAAC;gCAC/B,CAAC,CAAC,UAAU;gCACZ,CAAC,CAAC,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC;4BAChC,QAAQ,EAAE,IAAA,iCAA0B,GAAE;yBACvC,CAAC;wBACF,IAAI,YAAY,EAAE,CAAC;4BACjB,QAAQ,CAAC,GAAG,GAAG;gCACb,uCAAuC,EAAE,YAAY;6BACtD,CAAC;wBACJ,CAAC;wBACD,MAAM,UAAU,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;wBAErD,eAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE,EACnC,4BAA4B,CAC7B,CAAC;oBACJ,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,cAAc,CAAC,IAAI,CAAC;4BAClB,QAAQ,EAAE,OAAO,CAAC,WAAW;4BAC7B,MAAM,EAAE,IAAA,mBAAQ,EAAC,KAAK,CAAC,OAAO,CAAC;yBAChC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,eAAM,CAAC,IAAI,CACT;wBACE,GAAG,EAAE,WAAW;wBAChB,eAAe;qBAChB,EACD,6DAA6D,CAC9D,CAAC;oBACF,cAAc,CAAC,IAAI,CAAC;wBAClB,QAAQ,EAAE,OAAO,CAAC,WAAW;wBAC7B,MAAM,EAAE,IAAA,mBAAQ,EACd,yBAAyB,WAAW,6DAA6D,CAClG;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAa,GAAE,CAAC;YAErC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,qCAAqC,CAAC,CAAC;YAEhE,eAAM,CAAC,KAAK,CACV;gBACE,UAAU,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM;gBACpC,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM;gBACtC,YAAY,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM;gBACpC,YAAY,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM;aACrC,EACD,4CAA4C,CAC7C,CAAC;YAEF,MAAM,oBAAoB,GAAG;gBAC3B,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,SAAS,CAAC;gBAChC,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,QAAQ,CAAC;gBAC/B,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;aACjD,CAAC;YACF,MAAM,YAAY,GAAG;gBACnB,GAAG,oBAAoB;gBACvB,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,CAAC;gBAC9B,GAAG,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aACnD,CAAC;YAEF,4FAA4F;YAC5F,MAAM,sBAAsB,GAAG,gBAAgB,CAAC,MAAM,CACpD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,UAAU,CAC/B,CAAC;YACF,KAAK,MAAM,qBAAqB,IAAI,sBAAsB,EAAE,CAAC;gBAC3D,sCAAsC;gBACtC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvD,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,qBAAqB,CAAC,IAAI,EAAE,EACpC,gEAAgE,CACjE,CAAC;oBACF,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CACxC,CAAC,EAAE,EAAE,EAAE,CACL,CAAC,CACC,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,qBAAqB,CAAC,IAAI,CACjE,CACJ,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,eAAM,CAAC,KAAK,CAAC,EAAE,oBAAoB,EAAE,EAAE,yBAAyB,CAAC,CAAC;YAClE,eAAM,CAAC,KAAK,CACV,YAAY,oBAAoB,CAAC,MAAM,mDAAmD,CAC3F,CAAC;YAEF,MAAM,YAAY,GAAa,EAAE,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;YAED,KAAK,MAAM,YAAY,IAAI,oBAAoB,EAAE,CAAC;gBAChD,IACE,YAAY,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAC5B,IAAA,qBAAS,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CACtD,EACD,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,IAAI,WAAW,GAAG,KAAK,CAAC;gBACxB,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;oBAClC,IAAI,IAAA,qBAAS,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1D,WAAW,GAAG,IAAI,CAAC;wBACnB,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,EAC/B,yBAAyB,CAC1B,CAAC;wBACF,MAAM,eAAe,GAAG,MAAM,IAAA,kBAAa,EAAC,YAAY,CAAC,CAAC;wBAC1D,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,IAAI,CACpD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,CACjC,CAAC;wBACF,IAAI,wBAAwB,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;4BAClD,wBAAwB,CAAC,QAAQ,GAAG,eAAe,CAAC;wBACtD,CAAC;6BAAM,CAAC;4BACN,gBAAgB,CAAC,IAAI,CAAC;gCACpB,IAAI,EAAE,UAAU;gCAChB,IAAI,EAAE,YAAY;gCAClB,QAAQ,EAAE,eAAe;6BAC1B,CAAC,CAAC;wBACL,CAAC;wBACD,sGAAsG;wBACtG,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CACxC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,YAAY,CAAC,CAC9D,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,YAAY,EAAE,EACtB,kDAAkD,CACnD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,KAAK,MAAM,YAAY,IAAI,IAAA,mBAAW,EAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;oBAClC,IAAI,IAAA,qBAAS,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1D,IACE,CAAC,gBAAgB,CAAC,IAAI,CACpB,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC,IAAI,KAAK,UAAU,CAC3D,EACD,CAAC;4BACD,eAAM,CAAC,KAAK,CACV,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,EAC/B,2BAA2B,CAC5B,CAAC;4BACF,gBAAgB,CAAC,IAAI,CAAC;gCACpB,IAAI,EAAE,UAAU;gCAChB,IAAI,EAAE,YAAY;6BACnB,CAAC,CAAC;wBACL,CAAC;wBACD,sHAAsH;wBACtH,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CACxC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,YAAY,CAAC,CAC9D,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,CAAC;AAC9C,CAAC;AAEc,KAAK,UAAU,0BAA0B,CACtD,MAAoB;IAEpB,MAAM,eAAe,GACnB,CAAC,IAAA,YAAO,EAAC,MAAM,CAAC,mBAAmB,CAAC;QAClC,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAC;QACxC,CAAC,IAAA,YAAO,EAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3E,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,0EAA0E;QAC1E,eAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,qBAAqB,GAA0B;QACnD;YACE,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAChE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,gBAAgB,EACd,MAAM,CAAC,gBAAiB,CAAC,aAAa,KAAK,QAAQ;gBACjD,CAAC,CAAC,MAAM,CAAC,gBAAgB;gBACzB,CAAC,CAAC,SAAS;SAChB;KACF,CAAC;IAEF,MAAM,qBAAqB,GAA0B,MAAM,CAAC,QAAQ,CAAC,MAAM,CACzE,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE,CACvB,CAAC,gBAAgB,EAAE,aAAa;QAChC,gBAAgB,CAAC,aAAa,KAAK,QAAQ,CAC9C,CAAC;IAEF,MAAM,EAAE,gBAAgB,EAAE,cAAc,EAAE,GACxC,MAAM,2BAA2B,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACnE,OAAO,2BAA2B,CAAC,qBAAqB,EAAE;QACxD,GAAG,MAAM;QACT,gBAAgB;QAChB,cAAc;KACf,CAAC,CAAC;AACL,CAAC","sourcesContent":["import crypto from 'crypto';\n// TODO #22198\nimport { isArray, isNonEmptyArray, isNonEmptyString } from '@sindresorhus/is';\nimport upath from 'upath';\nimport { mergeChildConfig } from '../../../../config';\nimport { GlobalConfig } from '../../../../config/global';\nimport { addMeta, logger } from '../../../../logger';\nimport type { ArtifactError } from '../../../../modules/manager/types';\nimport { coerceArray } from '../../../../util/array';\nimport { exec } from '../../../../util/exec';\nimport type { ExecOptions } from '../../../../util/exec/types';\nimport {\n  ensureLocalDir,\n  localPathIsFile,\n  outputCacheFile,\n  privateCacheDir,\n  readLocalFile,\n  writeLocalFile,\n} from '../../../../util/fs';\nimport { getRepoStatus } from '../../../../util/git';\nimport { getGitEnvironmentVariables } from '../../../../util/git/auth';\nimport type { FileChange } from '../../../../util/git/types';\nimport { minimatch } from '../../../../util/minimatch';\nimport { regEx } from '../../../../util/regex';\nimport { sanitize } from '../../../../util/sanitize';\nimport { compile } from '../../../../util/template';\nimport type { BranchConfig, BranchUpgradeConfig } from '../../../types';\n\nexport interface PostUpgradeCommandsExecutionResult {\n  updatedArtifacts: FileChange[];\n  artifactErrors: ArtifactError[];\n}\n\nexport async function postUpgradeCommandsExecutor(\n  filteredUpgradeCommands: BranchUpgradeConfig[],\n  config: BranchConfig,\n): Promise<PostUpgradeCommandsExecutionResult> {\n  let updatedArtifacts = [...(config.updatedArtifacts ?? [])];\n  const artifactErrors = [...(config.artifactErrors ?? [])];\n  const allowedCommands = GlobalConfig.get('allowedCommands');\n\n  for (const upgrade of filteredUpgradeCommands) {\n    addMeta({ dep: upgrade.depName });\n    logger.trace(\n      {\n        tasks: upgrade.postUpgradeTasks,\n        allowedCommands,\n      },\n      `Checking for post-upgrade tasks`,\n    );\n    const commands = upgrade.postUpgradeTasks?.commands;\n    const dataFileTemplate = upgrade.postUpgradeTasks?.dataFileTemplate;\n    const fileFilters = upgrade.postUpgradeTasks?.fileFilters ?? ['**/*'];\n    if (isNonEmptyArray(commands)) {\n      // Persist updated files in file system so any executed commands can see them\n      const previouslyModifiedFiles =\n        config.updatedPackageFiles!.concat(updatedArtifacts);\n      for (const file of previouslyModifiedFiles) {\n        const canWriteFile = await localPathIsFile(file.path);\n        if (file.type === 'addition' && !file.isSymlink && canWriteFile) {\n          let contents: Buffer | null;\n          if (typeof file.contents === 'string') {\n            contents = Buffer.from(file.contents);\n          } else {\n            contents = file.contents;\n          }\n          // TODO #22198\n          await writeLocalFile(file.path, contents!);\n        }\n      }\n\n      let dataFilePath: string | null = null;\n      if (dataFileTemplate) {\n        const dataFileContent = sanitize(\n          compile(dataFileTemplate, mergeChildConfig(config, upgrade)),\n        );\n        logger.debug(\n          { dataFileTemplate },\n          'Processed post-upgrade commands data file template.',\n        );\n\n        const dataFileName = `post-upgrade-data-file-${crypto.randomBytes(8).toString('hex')}.tmp`;\n        dataFilePath = upath.join(privateCacheDir(), dataFileName);\n\n        try {\n          await outputCacheFile(dataFilePath, dataFileContent);\n\n          logger.debug(\n            { dataFilePath, dataFileContent },\n            'Created post-upgrade commands data file.',\n          );\n        } catch (error) {\n          artifactErrors.push({\n            stderr: sanitize(\n              `Failed to create post-upgrade commands data file at ${dataFilePath}, reason: ${error.message}`,\n            ),\n          });\n\n          dataFilePath = null;\n        }\n      }\n\n      const workingDirTemplate = upgrade.postUpgradeTasks?.workingDirTemplate;\n      let workingDir: string | null = null;\n\n      if (workingDirTemplate) {\n        workingDir = sanitize(\n          compile(workingDirTemplate, mergeChildConfig(config, upgrade)),\n        );\n        await ensureLocalDir(workingDir);\n        logger.trace(\n          { workingDirTemplate },\n          'Processed post-upgrade commands working directory template.',\n        );\n      }\n\n      for (const cmd of commands) {\n        const compiledCmd = compile(cmd, mergeChildConfig(config, upgrade));\n        if (compiledCmd !== cmd) {\n          logger.debug(\n            { rawCmd: cmd, compiledCmd },\n            'Post-upgrade command has been compiled',\n          );\n        }\n        if (\n          allowedCommands!.some((pattern) => regEx(pattern).test(compiledCmd))\n        ) {\n          try {\n            logger.trace({ cmd: compiledCmd }, 'Executing post-upgrade task');\n\n            const execOpts: ExecOptions = {\n              // WARNING to self-hosted administrators: always run post-upgrade commands with `shell` mode on, which has the risk of arbitrary environment variable access or additional command execution\n              // It is very likely this will be susceptible to these risks, even if you allowlist (via `allowedCommands`), as there may be special characters included in the given commands that can be leveraged here\n              shell: true,\n\n              cwd: isNonEmptyString(workingDir)\n                ? workingDir\n                : GlobalConfig.get('localDir'),\n              extraEnv: getGitEnvironmentVariables(),\n            };\n            if (dataFilePath) {\n              execOpts.env = {\n                RENOVATE_POST_UPGRADE_COMMAND_DATA_FILE: dataFilePath,\n              };\n            }\n            const execResult = await exec(compiledCmd, execOpts);\n\n            logger.debug(\n              { cmd: compiledCmd, ...execResult },\n              'Executed post-upgrade task',\n            );\n          } catch (error) {\n            artifactErrors.push({\n              lockFile: upgrade.packageFile,\n              stderr: sanitize(error.message),\n            });\n          }\n        } else {\n          logger.warn(\n            {\n              cmd: compiledCmd,\n              allowedCommands,\n            },\n            'Post-upgrade task did not match any on allowedCommands list',\n          );\n          artifactErrors.push({\n            lockFile: upgrade.packageFile,\n            stderr: sanitize(\n              `Post-upgrade command '${compiledCmd}' has not been added to the allowed list in allowedCommands`,\n            ),\n          });\n        }\n      }\n\n      const status = await getRepoStatus();\n\n      logger.trace({ status }, 'git status after post-upgrade tasks');\n\n      logger.debug(\n        {\n          addedCount: status.not_added?.length,\n          modifiedCount: status.modified?.length,\n          deletedCount: status.deleted?.length,\n          renamedCount: status.renamed?.length,\n        },\n        'git status counts after post-upgrade tasks',\n      );\n\n      const addedOrModifiedFiles = [\n        ...coerceArray(status.not_added),\n        ...coerceArray(status.modified),\n        ...coerceArray(status.renamed?.map((x) => x.to)),\n      ];\n      const changedFiles = [\n        ...addedOrModifiedFiles,\n        ...coerceArray(status.deleted),\n        ...coerceArray(status.renamed?.map((x) => x.from)),\n      ];\n\n      // Check for files which were previously deleted but have been re-added without modification\n      const previouslyDeletedFiles = updatedArtifacts.filter(\n        (ua) => ua.type === 'deletion',\n      );\n      for (const previouslyDeletedFile of previouslyDeletedFiles) {\n        /* v8 ignore if -- TODO: needs test */\n        if (!changedFiles.includes(previouslyDeletedFile.path)) {\n          logger.debug(\n            { file: previouslyDeletedFile.path },\n            'Previously deleted file has been restored without modification',\n          );\n          updatedArtifacts = updatedArtifacts.filter(\n            (ua) =>\n              !(\n                ua.type === 'deletion' && ua.path === previouslyDeletedFile.path\n              ),\n          );\n        }\n      }\n\n      logger.trace({ addedOrModifiedFiles }, 'Added or modified files');\n      logger.debug(\n        `Checking ${addedOrModifiedFiles.length} added or modified files for post-upgrade changes`,\n      );\n\n      const fileExcludes: string[] = [];\n      if (config.npmrc) {\n        fileExcludes.push('.npmrc');\n      }\n\n      for (const relativePath of addedOrModifiedFiles) {\n        if (\n          fileExcludes.some((pattern) =>\n            minimatch(pattern, { dot: true }).match(relativePath),\n          )\n        ) {\n          continue;\n        }\n\n        let fileMatched = false;\n        for (const pattern of fileFilters) {\n          if (minimatch(pattern, { dot: true }).match(relativePath)) {\n            fileMatched = true;\n            logger.debug(\n              { file: relativePath, pattern },\n              'Post-upgrade file saved',\n            );\n            const existingContent = await readLocalFile(relativePath);\n            const existingUpdatedArtifacts = updatedArtifacts.find(\n              (ua) => ua.path === relativePath,\n            );\n            if (existingUpdatedArtifacts?.type === 'addition') {\n              existingUpdatedArtifacts.contents = existingContent;\n            } else {\n              updatedArtifacts.push({\n                type: 'addition',\n                path: relativePath,\n                contents: existingContent,\n              });\n            }\n            // If the file is deleted by a previous post-update command, remove the deletion from updatedArtifacts\n            updatedArtifacts = updatedArtifacts.filter(\n              (ua) => !(ua.type === 'deletion' && ua.path === relativePath),\n            );\n          }\n        }\n        if (!fileMatched) {\n          logger.debug(\n            { file: relativePath },\n            'Post-upgrade file did not match any file filters',\n          );\n        }\n      }\n\n      for (const relativePath of coerceArray(status.deleted)) {\n        for (const pattern of fileFilters) {\n          if (minimatch(pattern, { dot: true }).match(relativePath)) {\n            if (\n              !updatedArtifacts.some(\n                (ua) => ua.path === relativePath && ua.type === 'deletion',\n              )\n            ) {\n              logger.debug(\n                { file: relativePath, pattern },\n                'Post-upgrade file removed',\n              );\n              updatedArtifacts.push({\n                type: 'deletion',\n                path: relativePath,\n              });\n            }\n            // If the file is created or modified by a previous post-update command, remove the modification from updatedArtifacts\n            updatedArtifacts = updatedArtifacts.filter(\n              (ua) => !(ua.type === 'addition' && ua.path === relativePath),\n            );\n          }\n        }\n      }\n    }\n  }\n  return { updatedArtifacts, artifactErrors };\n}\n\nexport default async function executePostUpgradeCommands(\n  config: BranchConfig,\n): Promise<PostUpgradeCommandsExecutionResult | null> {\n  const hasChangedFiles =\n    (isArray(config.updatedPackageFiles) &&\n      config.updatedPackageFiles.length > 0) ||\n    (isArray(config.updatedArtifacts) && config.updatedArtifacts.length > 0);\n\n  if (!hasChangedFiles) {\n    /* Only run post-upgrade tasks if there are changes to package files... */\n    logger.debug('No changes to package files, skipping post-upgrade tasks');\n    return null;\n  }\n\n  const branchUpgradeCommands: BranchUpgradeConfig[] = [\n    {\n      manager: config.manager,\n      depName: config.upgrades.map(({ depName }) => depName).join(' '),\n      branchName: config.branchName,\n      postUpgradeTasks:\n        config.postUpgradeTasks!.executionMode === 'branch'\n          ? config.postUpgradeTasks\n          : undefined,\n    },\n  ];\n\n  const updateUpgradeCommands: BranchUpgradeConfig[] = config.upgrades.filter(\n    ({ postUpgradeTasks }) =>\n      !postUpgradeTasks?.executionMode ||\n      postUpgradeTasks.executionMode === 'update',\n  );\n\n  const { updatedArtifacts, artifactErrors } =\n    await postUpgradeCommandsExecutor(updateUpgradeCommands, config);\n  return postUpgradeCommandsExecutor(branchUpgradeCommands, {\n    ...config,\n    updatedArtifacts,\n    artifactErrors,\n  });\n}\n"]}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "renovate",
   "description": "Automated dependency updates. Flexible so you don't need to be.",
-  "version": "42.68.3",
+  "version": "42.68.5",
   "type": "commonjs",
   "bin": {
     "renovate": "dist/renovate.js",

package/renovate-schema.json

@@ -1,7 +1,7 @@
 {
-  "title": "JSON schema for Renovate 42.68.3 config files (https://renovatebot.com/)",
+  "title": "JSON schema for Renovate 42.68.5 config files (https://renovatebot.com/)",
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "x-renovate-version": "42.68.3",
+  "x-renovate-version": "42.68.5",
   "allowComments": true,
   "type": "object",
   "properties": {