yarn: replace credentials with dummy creds #9466
Conversation
jakecoffman
changed the title
jakecoffman
changed the title
|
I verified this does fix the issue. |
| content.gsub(/\"\$\{.*?\}\"/, '""').gsub(/\$\{.*?\}/, '""') | ||
| # Replace all "${...}" and ${...} occurrences with dummy strings. We use | ||
| # dummy strings instead of empty strings to prevent issues with npmAlwaysAuth | ||
| content.gsub(/"\$\{.*?}"/, '"DUMMYCREDS"').gsub(/\$\{.*?}/, '"DUMMYCREDS"') |
There was a problem hiding this comment.
I think this regex is no longer catching the closing brace }. We're getting this error:
updater | 2024/04/11 00:22:38 ERROR <job_812946518> bad URI(is not URI?): "https://our-npm-registry.us.online/registry}/api/npm/our-npm/express"
There was a problem hiding this comment.
I'm not particularly familiar with regex sorry, but I think it might be a ruby regex thing where } still needs to be escaped.
I think if the regex check is just reverted to the fully escaped version it will be fixed.
| content.gsub(/"\$\{.*?}"/, '"DUMMYCREDS"').gsub(/\$\{.*?}/, '"DUMMYCREDS"') | |
| content.gsub(/\"\$\{.*?\}\"/, '"DUMMYCREDS"').gsub(/\$\{.*?\}/, '"DUMMYCREDS"') |
There was a problem hiding this comment.
I can't see how this PR would have caused that as job 812946518 is failing during the UpdateChecker step which happens before the FileUpdater step where I made this change.
There was a problem hiding this comment.
Ah gotcha. Maybe something wrong on our end? I'll do some digging.
There was a problem hiding this comment.
Yep, looks like that was an issue on our end sorry.
Our repo was trying to do some odd conditional assignment in a .yarnrc.yml:
npmRegistryServer: '${REMOTE_URL:-https://our.url.us.online/remote}/api/npm/our-npm/'
This fixed it:
npmRegistryServer: "https://our.url.us.online/remote/api/npm/our-npm/"
I'll look up the yml syntax guide in the morning and figure out what we were doing wrong. Thanks for your help, greatly appreciated.
There was a problem hiding this comment.
The GitHub documentation says this:
When accessing environment variables in your
.yarnrc.ymlfile, you should provide a fallback value such as${ENV_VAR-fallback}or${ENV_VAR:-fallback}.
But with this change, the fallback value provided is no longer used because it's stripped out by sanitize_yarnrc_content (resulting in the above problem with npmRegistryServer). Is this intentional? If so, then the GitHub documentation should be updated because it gives the impression that you can provide a fallback value, when in fact the fallback is always DUMMYCREDS.
Customers are setting
npmAlwaysAuthin their.yarmrc.ymlwhich due to our sanitation results inNo authentication configured for request, even if they set a fallback value with${TOKEN:-fallback}because we clear out the entire thing.This works around that by setting a default value ourselves.
For the life of me I cannot reproduce this issue locally, but it should be completely harmless assuming all the tests pass.