feat(github): automatic ghcr.io auth when using github.com (#25017)

Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Co-authored-by: Sebastian Poxhofer <secustor@users.noreply.github.com>
renovatebot · Oct 9, 2023 · 22709f4 · 22709f4
1 parent 03b72ba
commit 22709f4
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 2 deletions.
diff --git a/lib/modules/platform/github/__snapshots__/index.spec.ts.snap b/lib/modules/platform/github/__snapshots__/index.spec.ts.snap
@@ -31,6 +31,14 @@ exports[`modules/platform/github/index initPlatform() should support default end
 {
   "endpoint": "https://api.github.com/",
   "gitAuthor": undefined,
+  "hostRules": [
+    {
+      "hostType": "docker",
+      "matchHost": "ghcr.io",
+      "password": "123test",
+      "username": "USERNAME",
+    },
+  ],
   "renovateUsername": "renovate-bot",
   "token": "123test",
 }
@@ -40,6 +48,14 @@ exports[`modules/platform/github/index initPlatform() should support default end
 {
   "endpoint": "https://api.github.com/",
   "gitAuthor": undefined,
+  "hostRules": [
+    {
+      "hostType": "docker",
+      "matchHost": "ghcr.io",
+      "password": "123test",
+      "username": "USERNAME",
+    },
+  ],
   "renovateUsername": "renovate-bot",
   "token": "123test",
 }
@@ -49,6 +65,14 @@ exports[`modules/platform/github/index initPlatform() should support default end
 {
   "endpoint": "https://api.github.com/",
   "gitAuthor": "undefined <user@domain.com>",
+  "hostRules": [
+    {
+      "hostType": "docker",
+      "matchHost": "ghcr.io",
+      "password": "123test",
+      "username": "USERNAME",
+    },
+  ],
   "renovateUsername": "renovate-bot",
   "token": "123test",
 }
@@ -58,6 +82,14 @@ exports[`modules/platform/github/index initPlatform() should support gitAuthor a
 {
   "endpoint": "https://api.github.com/",
   "gitAuthor": "renovate@whitesourcesoftware.com",
+  "hostRules": [
+    {
+      "hostType": "docker",
+      "matchHost": "ghcr.io",
+      "password": "123test",
+      "username": "USERNAME",
+    },
+  ],
   "renovateUsername": "renovate-bot",
   "token": "123test",
 }

diff --git a/lib/modules/platform/github/index.spec.ts b/lib/modules/platform/github/index.spec.ts
@@ -177,12 +177,28 @@ describe('modules/platform/github/index', () => {
       ).toEqual({
         endpoint: 'https://api.github.com/',
         gitAuthor: 'my-app[bot] <12345+my-app[bot]@users.noreply.github.com>',
+        hostRules: [
+          {
+            hostType: 'docker',
+            matchHost: 'ghcr.io',
+            password: 'ghs_123test',
+            username: 'USERNAME',
+          },
+        ],
         renovateUsername: 'my-app[bot]',
         token: 'x-access-token:ghs_123test',
       });
       expect(await github.initPlatform({ token: 'ghs_123test' })).toEqual({
         endpoint: 'https://api.github.com/',
         gitAuthor: 'my-app[bot] <12345+my-app[bot]@users.noreply.github.com>',
+        hostRules: [
+          {
+            hostType: 'docker',
+            matchHost: 'ghcr.io',
+            password: 'ghs_123test',
+            username: 'USERNAME',
+          },
+        ],
         renovateUsername: 'my-app[bot]',
         token: 'x-access-token:ghs_123test',
       });

diff --git a/lib/modules/platform/github/index.ts b/lib/modules/platform/github/index.ts
@@ -204,7 +204,17 @@ export async function initPlatform({
     renovateUsername,
     token,
   };
-
+  if (platformResult.endpoint === 'https://api.github.com/') {
+    logger.debug('Adding GitHub token as GHCR password');
+    platformResult.hostRules = [
+      {
+        matchHost: 'ghcr.io',
+        hostType: 'docker',
+        username: 'USERNAME',
+        password: token.replace(/^x-access-token:/, ''),
+      },
+    ];
+  }
   return platformResult;
 }
 

diff --git a/lib/modules/platform/index.spec.ts b/lib/modules/platform/index.spec.ts
@@ -118,4 +118,35 @@ describe('modules/platform/index', () => {
       renovateUsername: 'abc',
     });
   });
+
+  it('merges platform hostRules with additionalHostRules', async () => {
+    const config = {
+      platform: 'github' as PlatformId,
+      endpoint: 'https://api.github.com',
+      gitAuthor: 'user@domain.com',
+      username: 'abc',
+      token: '123',
+    };
+
+    expect(await platform.initPlatform(config)).toEqual({
+      endpoint: 'https://api.github.com/',
+      gitAuthor: 'user@domain.com',
+      hostRules: [
+        {
+          hostType: 'docker',
+          matchHost: 'ghcr.io',
+          password: '123',
+          username: 'USERNAME',
+        },
+        {
+          hostType: 'github',
+          matchHost: 'api.github.com',
+          token: '123',
+          username: 'abc',
+        },
+      ],
+      platform: 'github',
+      renovateUsername: 'abc',
+    });
+  });
 });
diff --git a/lib/modules/platform/types.ts b/lib/modules/platform/types.ts
@@ -1,5 +1,5 @@
 import type { MergeStrategy } from '../../config/types';
-import type { BranchStatus, VulnerabilityAlert } from '../../types';
+import type { BranchStatus, HostRule, VulnerabilityAlert } from '../../types';
 import type { CommitFilesConfig, CommitSha } from '../../util/git/types';
 
 type VulnerabilityKey = string;
@@ -23,6 +23,10 @@ export interface PlatformResult {
   renovateUsername?: string;
   token?: string;
   gitAuthor?: string;
+  /*
+   * return these only if _additional_ rules/hosts are required
+   */
+  hostRules?: HostRule[];
 }
 
 export interface RepoResult {