From 19655269e12c622dcae099119045adaebcd73c46 Mon Sep 17 00:00:00 2001
From: Philip <42116482+PhilipAbed@users.noreply.github.com>
Date: Mon, 27 May 2024 15:43:15 +0300
Subject: [PATCH] feat(warnings): add `encryptedWarning` text parameter
 (#29120)

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-authored-by: Rhys Arkins <rhys@arkins.net>
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
---
 docs/usage/self-hosted-configuration.md | 6 ++++++
 lib/config/decrypt.spec.ts              | 5 +++++
 lib/config/decrypt.ts                   | 6 ++++++
 lib/config/global.ts                    | 1 +
 lib/config/options/index.ts             | 9 ++++++++-
 lib/config/types.ts                     | 1 +
 6 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
index 0a0bd42b6b..66f2f3fc93 100644
--- a/docs/usage/self-hosted-configuration.md
+++ b/docs/usage/self-hosted-configuration.md
@@ -553,6 +553,12 @@ You can choose from the following behaviors for the `dryRun` config option:
 
 Information provided mainly in debug log level.
 
+## encryptedWarning
+
+Use this if you want to stop supporting `encrypted` configuration capabilities but want to warn users first to migrate.
+
+If set to a string value, Renovate will log warnings with the `encryptedWarning` text, meaning the message will be visible to users such as on the Dependency Dashboard.
+
 ## endpoint
 
 ## executionTimeout
diff --git a/lib/config/decrypt.spec.ts b/lib/config/decrypt.spec.ts
index 8cde4a0378..66d73753eb 100644
--- a/lib/config/decrypt.spec.ts
+++ b/lib/config/decrypt.spec.ts
@@ -1,3 +1,4 @@
+import { logger } from '../../test/util';
 import { decryptConfig } from './decrypt';
 import { GlobalConfig } from './global';
 import type { RenovateConfig } from './types';
@@ -21,7 +22,11 @@ describe('config/decrypt', () => {
 
     it('warns if no privateKey found', async () => {
       config.encrypted = { a: '1' };
+      GlobalConfig.set({ encryptedWarning: 'text' });
+
       const res = await decryptConfig(config, repository);
+
+      expect(logger.logger.once.warn).toHaveBeenCalledWith('text');
       expect(res.encrypted).toBeUndefined();
       expect(res.a).toBeUndefined();
     });
diff --git a/lib/config/decrypt.ts b/lib/config/decrypt.ts
index 1895b6dc8f..09443ad5f4 100644
--- a/lib/config/decrypt.ts
+++ b/lib/config/decrypt.ts
@@ -134,6 +134,12 @@ export async function decryptConfig(
   for (const [key, val] of Object.entries(config)) {
     if (key === 'encrypted' && is.object(val)) {
       logger.debug({ config: val }, 'Found encrypted config');
+
+      const encryptedWarning = GlobalConfig.get('encryptedWarning');
+      if (is.string(encryptedWarning)) {
+        logger.once.warn(encryptedWarning);
+      }
+
       if (privateKey) {
         for (const [eKey, eVal] of Object.entries(val)) {
           logger.debug('Trying to decrypt ' + eKey);
diff --git a/lib/config/global.ts b/lib/config/global.ts
index 1077299e45..b006feb98f 100644
--- a/lib/config/global.ts
+++ b/lib/config/global.ts
@@ -21,6 +21,7 @@ export class GlobalConfig {
     'dockerSidecarImage',
     'dockerUser',
     'dryRun',
+    'encryptedWarning',
     'exposeAllEnv',
     'executionTimeout',
     'githubTokenWarn',
diff --git a/lib/config/options/index.ts b/lib/config/options/index.ts
index cd4e754f9c..2441f7dcd3 100644
--- a/lib/config/options/index.ts
+++ b/lib/config/options/index.ts
@@ -647,10 +647,17 @@ const options: RenovateOptions[] = [
     default: true,
     globalOnly: true,
   },
+  {
+    name: 'encryptedWarning',
+    description: 'Warning text to use if encrypted config is found.',
+    type: 'string',
+    globalOnly: true,
+    advancedUse: true,
+  },
   {
     name: 'inheritConfig',
     description:
-      'If `true`, Renovate will inherit configuration from the `inheritConfigFileName` file in `inheritConfigRepoName',
+      'If `true`, Renovate will inherit configuration from the `inheritConfigFileName` file in `inheritConfigRepoName`.',
     type: 'boolean',
     default: false,
     globalOnly: true,
diff --git a/lib/config/types.ts b/lib/config/types.ts
index 2129fd9b7e..8dfcfc3d59 100644
--- a/lib/config/types.ts
+++ b/lib/config/types.ts
@@ -147,6 +147,7 @@ export interface RepoGlobalConfig {
   dockerSidecarImage?: string;
   dockerUser?: string;
   dryRun?: DryRunConfig;
+  encryptedWarning?: string;
   endpoint?: string;
   executionTimeout?: number;
   exposeAllEnv?: boolean;
-- 
GitLab