Description
Discussed in #33204
Originally posted by emwl December 19, 2024
How are you running Renovate?
Self-hosted Renovate
If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.
GitLab-CE with Renovate 39.31.4
Please tell us more about your question or problem
I recently had to regenerate access tokens for our on-premise Azure DevOps Server NuGet feed, and because it was a good reason to try it, I wanted to remove it from the host rules in favor of a GitLab CI variable (that ends up as environment variable). I thought I tried the same thing before and failed, which is why I had the token hardcoded/plaintext (which is never a good idea, but I just wanted to get things to work back in the day).
The (relevant part of the) config looks like this:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"packageRules": [...],
"nuget": {
"registryUrls": [
"https://api.nuget.org/v3/index.json",
"https://tfs/MainCollection/_packaging/NUGET_PACKAGES/nuget/v3/index.json"
]
},
"hostRules": [
{
"hostType": "nuget",
"matchHost": "https://tfs/MainCollection/",
- "password": "old token"
}
],
"configMigration": true,
"platformAutomerge": true,
"extends": [...]
}After removing the password member, I added a CI variable named NUGET_TFS_PASSWORD instead with the new token and used the various masking/protection features of GitLab to prevent them from showing up in a log accidentally.
However, the following run failed to access the NuGet feed with this:
WARN: Cannot parse env
"env": "NUGET_TFS_PASSWORD"
I did find #10211 and apparently, single-word hostnames always trigger this warning (then skip the rule). We don't use the FQDN to access the NuGet feed, and changing this configuration across many projects (and even more developer machines) isn't really something we want to do if we can avoid it. "tfs" is just a DNS alias, in case we ever migrate to a different server.
The way I understand
Line 114 in 854d0a8
...it seems that those hostnames are not supported at all. Is there anything I can do about it, other than changing the hostname everywhere else to a FQDN?
Putting it back into the json config does the trick, but isn't really optimal.
Logs (if relevant)
Logs
$ npx renovate $RENOVATE_EXTRA_FLAGS
DEBUG: Using RE2 regex engine
DEBUG: Parsing configs
DEBUG: Checking for config file in config.js
DEBUG: Converting GITHUB_COM_TOKEN into a global host rule
DEBUG: File config
"config": {
"endpoint": "https://gitlab/api/v4/",
"platform": "gitlab",
"onboardingConfig": {"extends": ["renovate/config"]},
"autodiscover": true,
"autodiscoverFilter": ["!/infra/.*/"],
"optimizeForDisabled": true,
"persistRepoData": true,
"detectGlobalManagerConfig": true,
"detectHostRulesFromEnv": true
}
DEBUG: CLI config
"config": {}
DEBUG: Env config
"config": {
"hostRules": [
{"hostType": "github", "matchHost": "github.com", "token": "***********"}
],
"dryRun": "full",
"baseDir": "E:\\GitLab\\builds\\gqSWmGzn\\1\\renovate\\runner/renovate",
"endpoint": "https://gitlab/api/v4",
"token": "***********"
}
DEBUG: Combined config
"config": {
"endpoint": "https://gitlab/api/v4",
"platform": "gitlab",
"onboardingConfig": {"extends": ["renovate/config"]},
"autodiscover": true,
"autodiscoverFilter": ["!/infra/.*/"],
"optimizeForDisabled": true,
"persistRepoData": true,
"detectGlobalManagerConfig": true,
"detectHostRulesFromEnv": true,
"hostRules": [
{"hostType": "github", "matchHost": "github.com", "token": "***********"}
],
"dryRun": "full",
"baseDir": "E:\\GitLab\\builds\\gqSWmGzn\\1\\renovate\\runner/renovate",
"token": "***********"
}
DEBUG: Detecting global manager config
DEBUG: Detected C:/Users/tfssrv/.npmrc and adding it to global config
DEBUG: Global manager config
"config": {"npmrc": "***********", "npmrcMerge": true}
WARN: Cannot parse env
"env": "NUGET_TFS_PASSWORD"
DEBUG: Adding trailing slash to endpoint