Set npmToken
value in npmrc string even when it is not withtin encrypted
object
#31808
Labels
manager:npm
package.json files (npm/yarn/pnpm)
priority-2-high
Bugs impacting wide number of users or very important features
type:bug
Bug fix of existing functionality
We moved from keeing secrets inside the
encrypted
object to using the Mend Developer portal for users of the Github App. But, missed to make some necessary modififcations to the logic which would use thenpmToken
value from the config and replace${NPM_TOKEN}
in thenpmrc
string with it.For example:
Expected behaviour for the above config is that
npmToken
value is add to thenpmrc
string.But, actually the
npmToken
value is not added to thenpmrc
string. And, this causes lookup errors down the line.Example of such cases: #31707 #31253
Reason for this:
decryptConfig
fn handles the logic to replace${NPM_TOKEN}
in thenpmrc
string with value ofnpmToken
.decryptConfig
only processes items in theencrypted
object.npmToken
does not necessarily have to be in theencrypted
object anymore, this logic fails for Github App users.Fix:
Reuse the logic in
decryptConfig
and place it such that the value fromnpmToken
replaces the${NPM_TOKEN}
. Most probably, this logic goes after the secrets have been applied to the config ie. at the end ofmergeRenovateConfig
fnOriginally posted by @RahulGautamSingh in #31707 (reply in thread)
The text was updated successfully, but these errors were encountered: