Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Private Hex packages #11168

Merged
merged 16 commits into from Aug 12, 2021
Merged

feat: Private Hex packages #11168

merged 16 commits into from Aug 12, 2021

Conversation

kamilkowalski
Copy link
Contributor

@kamilkowalski kamilkowalski commented Aug 8, 2021
edited

Changes:

Introduced support for private Hex packages as discussed in #11028.

Example PR opened with private package support: kamilkowalski/public_project#11.

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@kamilkowalski kamilkowalski changed the title Private Hex packages feat: Private Hex packages Aug 8, 2021
@kamilkowalski kamilkowalski mentioned this pull request Aug 8, 2021
Closed
viceice
viceice requested changes Aug 8, 2021
View reviewed changes
lib/datasource/hex/index.ts Outdated Show resolved Hide resolved
@viceice viceice mentioned this pull request Aug 9, 2021
Closed
viceice
viceice reviewed Aug 9, 2021
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

manager needs coverage fix

lib/datasource/hex/index.spec.ts Show resolved Hide resolved
lib/datasource/hex/index.spec.ts Show resolved Hide resolved
lib/datasource/hex/index.ts Outdated Show resolved Hide resolved
viceice
viceice reviewed Aug 11, 2021
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should also try to move the linked issue forward. So hexpm support standard bearer auth in near future. This shouldn't be hard for an elexir developer.

lib/util/http/auth.spec.ts Show resolved Hide resolved
lib/manager/mix/artifacts.spec.ts Outdated Show resolved Hide resolved
lib/manager/mix/artifacts.spec.ts Outdated Show resolved Hide resolved
viceice
viceice reviewed Aug 11, 2021
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small test changes and then we are ready to go

lib/datasource/hex/index.spec.ts Outdated Show resolved Hide resolved
lib/datasource/hex/index.spec.ts Outdated Show resolved Hide resolved
lib/util/http/auth.spec.ts Outdated Show resolved Hide resolved
lib/util/http/auth.spec.ts Outdated Show resolved Hide resolved
HonkingGoose
HonkingGoose reviewed Aug 11, 2021
View reviewed changes
Copy link
Collaborator

@HonkingGoose HonkingGoose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs look fine.

I see a lot of CodeQL warnings though... Are we sure this is good to go?

@kamilkowalski
Copy link
Contributor Author

@HonkingGoose it started flagging dummy authorization headers used in tests once I moved them from inline snapshots, or when assertions were added. Looking at the HardcodedCredentials check it doesn't flag these if the credentials look like dummy ones - and the definition of a dummy credential can be found in SensitiveActions.qll.

I can probably replace all tokens used in tests with "secret" which shouldn't raise issues, but I don't know what to do about auth.ts:40 (which I didn't even change)- I don't think there's anything to fix there. What's your policy around CodeQL - ignore the line, merge without all checks passing?

@HonkingGoose
Copy link
Collaborator

Maybe there was some problem in the main branch when you started working? You could try merging in the current main branch and see if that reduces the warnings.

I don't know enough about the code to say anything meaningful about getting rid of the CodeQL warnings, and I also don't know anything about our CodeQL warning policy. 😉

I'll let @viceice or @rarkins help you with the warnings. 😉

@rarkins
Copy link
Collaborator

rarkins commented Aug 12, 2021

I've manually dismissed the codeql errors. 4 were used in tests, and 1 was a false positive

@rarkins rarkins enabled auto-merge (squash) August 12, 2021 09:27
@rarkins rarkins merged commit a73d827 into renovatebot:main Aug 12, 2021
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 25.72.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@kamilkowalski kamilkowalski deleted the feat/private-hex-packages branch August 12, 2021 10:10
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@astellingwerf astellingwerf astellingwerf left review comments

@HonkingGoose HonkingGoose HonkingGoose left review comments

@viceice viceice viceice approved these changes

@rarkins rarkins Awaiting requested review from rarkins

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@kamilkowalski @HonkingGoose @rarkins @renovate-release @astellingwerf @viceice