Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Read private repository credentials from environment #632

Closed
wants to merge 4 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 23 additions & 0 deletions README.md
Expand Up @@ -112,6 +112,29 @@ BITBUCKET_HOSTNAME | `bitbucket.org`

\* Either `BITBUCKET_ACCESS_TOKEN` must be passed, or `BITBUCKET_APP_USERNAME` and `BITBUCKET_APP_PASSWORD`.

**Private registry credentials**

Variable | Default
:------ | :------
PRIVATE_REGISTRY_CREDENTIALS | N/A (Optional)

This variable takes a JSON array with objects having below properties.
Json Property | Description
:------ | :------
type | Repository type. Currently supports `nuget_feed`, `npm_registry`, `rubygems_server`, `python_index`
url | Repository URL. One that is configured in your feed config in your git repository
token | Token with read access to your repository
Comment on lines +124 to +126
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not all credentials work this way - I don't think you need to limit yourself by specifying exactly how the JSON should be structured. For example, the way Hex organisation credentials are used is here.



Example:
```bash
export PRIVATE_REGISTRY_CREDENTIALS="[{\"type\":\"REPO_TYPE_1\",\"url\":\"REPO_URL_1\",\"token\":\"TOKEN_1\"},{\"type\":\"REPO_TYPE_2\",\"url\":\"REPO_URL_2\",\"token\":\"TOKEN_2\"}]"
```

Limitations:
- `python_index` works but currently you cannot set `replaces-base`.
- `maven_repository`, `docker_registry` uses username/password instead of token. Hence it is not supported. If this feature is of value, this functionality can be extended.
Comment on lines +134 to +136
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changing to the strategy mentioned above would remove this limitation.


### Running dependabot

There are a few ways of running the script:
Expand Down
12 changes: 12 additions & 0 deletions generic-update-script.rb
Expand Up @@ -142,6 +142,18 @@
)
end

# Add additional credentials for repositories that needs authentication
if ENV["PRIVATE_REGISTRY_CREDENTIALS"]
feeds = JSON.parse("#{ENV["PRIVATE_REGISTRY_CREDENTIALS"]}")
feeds.each do |child|
credentials << {
"type" => "#{child['type']}",
"url" => "#{child['url']}",
"token" => "#{child['token']}",
}
end
end

##############################
# Fetch the dependency files #
##############################
Expand Down