From 11d7f26cc12cecfc32628757245f0a29cd84a0e7 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@keylocation.sg>
Date: Fri, 3 Nov 2017 07:51:44 +0100
Subject: [PATCH] refactor: perform decrypt as part of merge renovate.json
(#1086)
Also clarify docs that encrypted config must be contained in renovate.json (i.e. not package.json).
---
docs/configuration.md | 2 +-
lib/config/decrypt.js | 8 ++------
lib/config/definitions.js | 2 +-
lib/workers/repository/apis.js | 9 ++++++++-
lib/workers/repository/index.js | 3 ---
test/config/decrypt.spec.js | 17 ++++++++---------
6 files changed, 20 insertions(+), 21 deletions(-)
diff --git a/docs/configuration.md b/docs/configuration.md
index b82d4e2f04..d837f7fdbe 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -172,7 +172,7 @@ Obviously, you can't set repository or package file location with this method.
</tr>
<tr>
<td>`encrypted`</td>
- <td>A configuration object containing configuration encrypted with project key</td>
+ <td>A configuration object containing configuration encrypted with project key. Valid inside renovate.json only</td>
<td>json</td>
<td><pre>null</pre></td>
<td>`RENOVATE_ENCRYPTED`</td>
diff --git a/lib/config/decrypt.js b/lib/config/decrypt.js
index e0c3ae04dc..5897409793 100644
--- a/lib/config/decrypt.js
+++ b/lib/config/decrypt.js
@@ -4,13 +4,9 @@ module.exports = {
decryptConfig,
};
-function decryptConfig(
- config,
- logger = config.logger,
- privateKey = config.privateKey
-) {
- const decryptedConfig = { ...config };
+function decryptConfig(config, logger, privateKey) {
logger.trace({ config }, 'decryptConfig');
+ const decryptedConfig = { ...config };
for (const key of Object.keys(config)) {
const val = config[key];
if (key === 'encrypted' && isObject(val)) {
diff --git a/lib/config/definitions.js b/lib/config/definitions.js
index c128f35a02..d552e64479 100644
--- a/lib/config/definitions.js
+++ b/lib/config/definitions.js
@@ -89,7 +89,7 @@ const options = [
{
name: 'encrypted',
description:
- 'A configuration object containing configuration encrypted with project key',
+ 'A configuration object containing configuration encrypted with project key. Valid inside renovate.json only',
stage: 'repository',
type: 'json',
default: null,
diff --git a/lib/workers/repository/apis.js b/lib/workers/repository/apis.js
index 05bcf1ac0d..e1613883ca 100644
--- a/lib/workers/repository/apis.js
+++ b/lib/workers/repository/apis.js
@@ -12,6 +12,8 @@ const githubPlatform = require('../../platform/github');
const gitlabPlatform = require('../../platform/gitlab');
const dockerResolve = require('../../manager/docker/resolve');
+const { decryptConfig } = require('../../config/decrypt');
+
module.exports = {
detectSemanticCommits,
checkMonorepos,
@@ -213,8 +215,13 @@ async function mergeRenovateJson(config, branchName) {
logger.debug({ config: renovateJson }, 'renovate.json config');
const migratedConfig = migrateAndValidate(config, renovateJson);
logger.debug({ config: migratedConfig }, 'renovate.json migrated config');
- const resolvedConfig = await presets.resolveConfigPresets(
+ const decryptedConfig = decryptConfig(
migratedConfig,
+ logger,
+ config.privateKey
+ );
+ const resolvedConfig = await presets.resolveConfigPresets(
+ decryptedConfig,
config.logger
);
logger.debug({ config: resolvedConfig }, 'renovate.json resolved config');
diff --git a/lib/workers/repository/index.js b/lib/workers/repository/index.js
index 7000cd3b83..73d9b14079 100644
--- a/lib/workers/repository/index.js
+++ b/lib/workers/repository/index.js
@@ -8,7 +8,6 @@ const apis = require('./apis');
const onboarding = require('./onboarding');
const upgrades = require('./upgrades');
const cleanup = require('./cleanup');
-const { decryptConfig } = require('../../config/decrypt');
module.exports = {
pinDependenciesFirst,
@@ -109,8 +108,6 @@ async function renovateRepository(repoConfig, token) {
logger.trace({ config }, 'post-packageFiles config');
// TODO: why is this fix needed?!
config.logger = logger;
- config = decryptConfig(config);
- logger.trace({ config }, 'post-decrypt config');
const allUpgrades = await upgrades.determineRepoUpgrades(config);
const res = await upgrades.branchifyUpgrades(allUpgrades, logger);
config.errors = config.errors.concat(res.errors);
diff --git a/test/config/decrypt.spec.js b/test/config/decrypt.spec.js
index 456f42bd37..62543105a9 100644
--- a/test/config/decrypt.spec.js
+++ b/test/config/decrypt.spec.js
@@ -1,37 +1,36 @@
const { decryptConfig } = require('../../lib/config/decrypt.js');
-const defaultConfig = require('../../lib/config/defaults').getConfig();
const logger = require('../_fixtures/logger');
const fs = require('fs');
const privateKey = fs.readFileSync('test/_fixtures/keys/private.pem');
-describe('config/massage', () => {
- describe('massageConfig', () => {
+describe('config/decrypt', () => {
+ describe('decryptConfig()', () => {
let config;
beforeEach(() => {
- config = { ...defaultConfig, logger };
+ config = {};
});
it('returns empty with no privateKey', () => {
delete config.encrypted;
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger);
expect(res).toMatchObject(config);
});
it('warns if no privateKey found', () => {
config.encrypted = { a: '1' };
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger);
expect(res.encrypted).not.toBeDefined();
expect(res.a).not.toBeDefined();
});
it('handles invalid encrypted type', () => {
config.encrypted = 1;
config.privateKey = privateKey;
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger, privateKey);
expect(res.encrypted).not.toBeDefined();
});
it('handles invalid encrypted value', () => {
config.encrypted = { a: 1 };
config.privateKey = privateKey;
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger, privateKey);
expect(res.encrypted).not.toBeDefined();
expect(res.a).not.toBeDefined();
});
@@ -50,7 +49,7 @@ describe('config/massage', () => {
},
},
];
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger, privateKey);
expect(res.encrypted).not.toBeDefined();
expect(res.packageFiles[0].devDependencies.encrypted).not.toBeDefined();
expect(res.packageFiles[0].devDependencies.branchPrefix).toEqual(
--
GitLab