fix(git-submodule): remove token injection from submodule URL (#23458)

renovatebot · Jul 21, 2023 · 807b796 · 807b796
1 parent f049774
commit 807b796
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 8 deletions.
diff --git a/lib/modules/manager/git-submodules/extract.spec.ts b/lib/modules/manager/git-submodules/extract.spec.ts
@@ -78,6 +78,42 @@ describe('modules/manager/git-submodules/extract', () => {
         GIT_CONFIG_VALUE_1: 'git@github.com:',
         GIT_CONFIG_VALUE_2: 'https://github.com/',
       });
+      expect(gitMock.listRemote).toHaveBeenCalledWith([
+        '--symref',
+        'https://github.com/PowerShell/PowerShell-Docs',
+        'HEAD',
+      ]);
+    });
+
+    it('combined token from host rule is used to detect branch', async () => {
+      gitMock.listRemote.mockResolvedValueOnce(
+        'ref: refs/heads/main HEAD\n5701164b9f5edba1f6ca114c491a564ffb55a964        HEAD'
+      );
+      hostRules.add({
+        hostType: 'github',
+        matchHost: 'github.com',
+        token: 'x-access-token:ghs_abc123',
+      });
+      const res = await extractPackageFile('', '.gitmodules.2', {});
+      expect(res?.deps).toHaveLength(1);
+      expect(res?.deps[0].currentValue).toBe('main');
+      expect(gitMock.env).toHaveBeenCalledWith({
+        GIT_CONFIG_COUNT: '3',
+        GIT_CONFIG_KEY_0:
+          'url.https://x-access-token:ghs_abc123@github.com/.insteadOf',
+        GIT_CONFIG_KEY_1:
+          'url.https://x-access-token:ghs_abc123@github.com/.insteadOf',
+        GIT_CONFIG_KEY_2:
+          'url.https://x-access-token:ghs_abc123@github.com/.insteadOf',
+        GIT_CONFIG_VALUE_0: 'ssh://git@github.com/',
+        GIT_CONFIG_VALUE_1: 'git@github.com:',
+        GIT_CONFIG_VALUE_2: 'https://github.com/',
+      });
+      expect(gitMock.listRemote).toHaveBeenCalledWith([
+        '--symref',
+        'https://github.com/PowerShell/PowerShell-Docs',
+        'HEAD',
+      ]);
     });
 
     it('default to master if no branch can be detected', async () => {

diff --git a/lib/modules/manager/git-submodules/extract.ts b/lib/modules/manager/git-submodules/extract.ts
@@ -3,10 +3,9 @@ import Git, { SimpleGit } from 'simple-git';
 import upath from 'upath';
 import { GlobalConfig } from '../../../config/global';
 import { logger } from '../../../logger';
-import { detectPlatform } from '../../../util/common';
 import { getGitEnvironmentVariables } from '../../../util/git/auth';
 import { simpleGitConfig } from '../../../util/git/config';
-import { getHttpUrl, getRemoteUrlWithToken } from '../../../util/git/url';
+import { getHttpUrl } from '../../../util/git/url';
 import { regEx } from '../../../util/regex';
 import { GitRefsDatasource } from '../../datasource/git-refs';
 import type { ExtractConfig, PackageFileContent } from '../types';
@@ -119,19 +118,15 @@ export default async function extractPackageFile(
         .replace(regEx(/^[-+]/), '')
         .split(regEx(/\s/));
       const subModuleUrl = await getUrl(git, gitModulesPath, name);
-      // hostRules only understands HTTP URLs
-      // Find HTTP URL, then apply token
-      let httpSubModuleUrl = getHttpUrl(subModuleUrl);
-      const hostType = detectPlatform(httpSubModuleUrl) ?? GitRefsDatasource.id;
-      httpSubModuleUrl = getRemoteUrlWithToken(httpSubModuleUrl, hostType);
+      const httpSubModuleUrl = getHttpUrl(subModuleUrl);
       const currentValue = await getBranch(
         gitModulesPath,
         name,
         httpSubModuleUrl
       );
       deps.push({
         depName: path,
-        packageName: getHttpUrl(subModuleUrl),
+        packageName: httpSubModuleUrl,
         currentValue,
         currentDigest,
       });