Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(manager/nuget): Enforce basic authentication for NuGet restore command #25502

Merged
merged 3 commits into from Oct 31, 2023
Merged

fix(manager/nuget): Enforce basic authentication for NuGet restore command #25502

merged 3 commits into from Oct 31, 2023

Conversation

sbaeurle
Copy link
Contributor

@sbaeurle sbaeurle commented Oct 30, 2023
edited

Changes

This PR changes the ValidAuthenticationTypes for the dotnet restore command issued to update an package.lock.json files found in the repository.

Context

Some artifact feed support multiple authentication types (e.g. NTLM for Azure DevOps Server) which are not supported by the configured authentication scheme.
Since the current implementation of the NuGet dependency lookup only supports basic authentication, it is sensible to enforce basic authentication for the dotnet restore command as well.

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@sbaeurle sbaeurle marked this pull request as ready for review October 30, 2023 16:27
@sbaeurle sbaeurle changed the title Enforce basic authentication for NuGet restore command fix(manager/nuget): Enforce basic authentication for NuGet restore command Oct 30, 2023
viceice
viceice reviewed Oct 30, 2023
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this needs tests against real repos, you can use GitHub packages for testing.

@sbaeurle
Copy link
Contributor Author

sbaeurle commented Oct 31, 2023
edited

I verified the following use cases:

  • Update of package-lock.json files in our local Azure DevOps instance (works as expected)
  • Update of package-lock.json file for dummy project on GitHub using a private "NewtonSoft.Json" clone hosted in Github packages (see https://github.com/sbaeurle/nuget-manager-fix-test/pull/2 for the resulting PR)

@sbaeurle sbaeurle requested a review from viceice October 31, 2023 15:38
@viceice viceice added this pull request to the merge queue Oct 31, 2023
Merged via the queue into renovatebot:main with commit 5d9296e Oct 31, 2023
38 of 51 checks passed
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 37.37.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

jon4hz pushed a commit to jon4hz/renovate that referenced this pull request Nov 9, 2023
@sbaeurle @jon4hz
fix(manager/nuget): Enforce basic authentication for NuGet restore co…
08aaeec 
…mmand (renovatebot#25502)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@viceice viceice viceice approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sbaeurle @renovate-release @viceice