Skip to content
Snippets Groups Projects
Select Git revision
  • 1fe7ab7b68b07b35e752d7273aff2aaa3145f39c
  • main default protected
  • feat/37531-npm-install-twice
  • renovate/main-ghcr.io-renovatebot-base-image-11.x
  • feat/37517-base64-private-key
  • next
  • feat/gnupg
  • renovate/main-redis-5.x
  • chore/update-static-data
  • feat/poetry/supersede-pep621
  • fix/markdown/linking
  • fix/36615b-branch-reuse-no-cache
  • chore/punycode
  • refactor/pin-new-value
  • feat/36219--git-x509-signing
  • feat/structured-logger
  • hotfix/39.264.1
  • feat/skip-dangling
  • gh-readonly-queue/next/pr-36034-7a061c4ca1024a19e2c295d773d9642625d1c2be
  • hotfix/39.238.3
  • refactor/gitlab-auto-approve
  • 41.73.2
  • 41.73.1
  • 41.73.0
  • 41.72.1
  • 41.72.0
  • 42.0.0-next.2
  • 42.0.0-next.1
  • 41.71.1
  • 41.71.0
  • 41.70.3
  • 41.70.2
  • 41.70.1
  • 41.70.0
  • 41.69.1
  • 41.69.0
  • 41.68.0
  • 41.67.0
  • 41.66.3
  • 41.66.2
  • 41.66.1
41 results

check-token.ts

Blame
    • user avatar
    refactor: Host rule types (#28454)
    Sergei Zharinov authored and GitHub committed
    a39ca891
    History
    user avatar a39ca891
    History
    check-token.ts 3.70 KiB 
    import { GlobalConfig } from '../config/global';
import { logger } from '../logger';
import { GithubReleaseAttachmentsDatasource } from '../modules/datasource/github-release-attachments';
import { GithubReleasesDatasource } from '../modules/datasource/github-releases';
import { GithubTagsDatasource } from '../modules/datasource/github-tags';
import type { PackageFileContent } from '../modules/manager/types';
import type { CombinedHostRule } from '../types';
import * as memCache from '../util/cache/memory';
import * as hostRules from './host-rules';

export function checkGithubToken(
  packageFiles: Record<string, PackageFileContent[]> = {},
): void {
  const { token } = hostRules.find({
    hostType: 'github',
    url: 'https://api.github.com',
  });

  if (token) {
    logger.trace('GitHub token is found');
    return;
  }

  if (!GlobalConfig.get('githubTokenWarn')) {
    logger.trace('GitHub token warning is disabled');
    return;
  }

  const githubDeps: string[] = [];
  const deps = Object.values(packageFiles)
    .flat()
    .map((file) => file.deps)
    .flat();
  for (const dep of deps) {
    if (
      !dep.skipReason &&
      (dep.datasource === GithubTagsDatasource.id ||
        dep.datasource === GithubReleasesDatasource.id ||
        dep.datasource === GithubReleaseAttachmentsDatasource.id)
    ) {
      dep.skipReason = 'github-token-required';
      if (dep.depName) {
        githubDeps.push(dep.depName);
      }
    }
  }

  if (githubDeps.length > 0) {
    const warningLogged = memCache.get<boolean | undefined>(
      'github-token-required-warning-logged',
    );
    if (!warningLogged) {
      const withoutDuplicates = [...new Set(githubDeps)];
      logger.warn(
        { githubDeps: withoutDuplicates },
        `GitHub token is required for some dependencies`,
      );
      memCache.set('github-token-required-warning-logged', true);
    }
  }
}

export function isGithubPersonalAccessToken(token: string): boolean {
  return token.startsWith('ghp_');
}

export function isGithubServerToServerToken(token: string): boolean {
  return token.startsWith('ghs_');
}

    export function isGithubFineGrainedPersonalAccessToken(token: string): boolean {
  return token.startsWith('github_pat_');
}

export function findGithubToken(
  searchResult: CombinedHostRule,
): string | undefined {
  return searchResult?.token?.replace('x-access-token:', '');
}

export function takePersonalAccessTokenIfPossible(
  githubToken: string | undefined,
  gitTagsGithubToken: string | undefined,
): string | undefined {
  if (gitTagsGithubToken && isGithubPersonalAccessToken(gitTagsGithubToken)) {
    logger.debug('Using GitHub Personal Access Token (git-tags)');
    return gitTagsGithubToken;
  }

  if (githubToken && isGithubPersonalAccessToken(githubToken)) {
    logger.debug('Using GitHub Personal Access Token');
    return githubToken;
  }

  if (
    gitTagsGithubToken &&
    isGithubFineGrainedPersonalAccessToken(gitTagsGithubToken)
  ) {
    logger.debug('Using GitHub Fine-grained Personal Access Token (git-tags)');
    return gitTagsGithubToken;
  }

  if (githubToken && isGithubFineGrainedPersonalAccessToken(githubToken)) {
    logger.debug('Using GitHub Fine-grained Personal Access Token');
    return githubToken;
  }

  if (gitTagsGithubToken) {
    if (isGithubServerToServerToken(gitTagsGithubToken)) {
      logger.debug('Using GitHub Server-to-Server token (git-tags)');
    } else {
      logger.debug('Using unknown GitHub token type (git-tags)');
    }
    return gitTagsGithubToken;
  }

  if (githubToken) {
    if (isGithubServerToServerToken(githubToken)) {
      logger.debug('Using GitHub Server-to-Server token');
    } else {
      logger.debug('Using unknown GitHub token type');
    }
  }

  return githubToken;
}