diff --git a/lib/config/admin.ts b/lib/config/admin.ts
index 4881d2dfc03c1f192550d73bd01df6f57df5c234..33d0e99f846cea008284f8e2f66e0093461c1bfa 100644
--- a/lib/config/admin.ts
+++ b/lib/config/admin.ts
@@ -5,8 +5,8 @@ let adminConfig: RepoAdminConfig = {};
const derivedAdminOptions = ['localDir'];
export function setAdminConfig(
- config: RenovateConfig,
- adminOptions: string[]
+ config: RenovateConfig = {},
+ adminOptions = Object.keys(config)
): void {
adminConfig = {};
const repoAdminOptions = adminOptions.concat(derivedAdminOptions);
diff --git a/lib/config/common.ts b/lib/config/common.ts
index b23a0f3342d04398f1fd29f114504be741bc9269..3b60d9815553b72ef817e8ffd41cd46134ae92fe 100644
--- a/lib/config/common.ts
+++ b/lib/config/common.ts
@@ -72,7 +72,6 @@ export interface GlobalAdminConfig {
logLevel?: LogLevel;
redisUrl?: string;
repositories?: RenovateRepository[];
- trustLevel?: 'low' | 'high';
}
// Config options used within the repository worker, but non-user configurable
@@ -81,6 +80,7 @@ export interface RepoAdminConfig {
allowedPostUpgradeCommands?: string[];
dockerImagePrefix?: string;
dockerUser?: string;
+ trustLevel?: 'low' | 'high';
}
export interface RenovateAdminConfig {
diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts
index cf8b7be94363ce5260af93ee729f62482277d04e..7fe2a3df69cc4164786b9c09da53fc62850b3a11 100644
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@@ -537,7 +537,7 @@ const options: RenovateOptions[] = [
name: 'trustLevel',
description:
'Set this to "high" if the bot should trust the repository owners/contents.',
- stage: 'global',
+ admin: true,
type: 'string',
default: 'low',
},
diff --git a/lib/config/index.ts b/lib/config/index.ts
index f94f23c5bba62de65c69c63b3e742d7879b5b0f8..c43021ca2be523c2c76f1744cc1901bc7a8e2770 100644
--- a/lib/config/index.ts
+++ b/lib/config/index.ts
@@ -129,11 +129,6 @@ export async function parseConfigs(
delete config.logFile;
delete config.logFileLevel;
- // Move global variables that we need to use later
- global.trustLevel =
- config.trustLevel || /* istanbul ignore next: never happen? */ 'low';
- delete config.trustLevel;
-
return config;
}
diff --git a/lib/config/presets/npm/index.spec.ts b/lib/config/presets/npm/index.spec.ts
index 7de53977f48863bfab874e9b256ad3d404b198fa..8cd3601638dd68ad7995809eec74f9a9e6d00b02 100644
--- a/lib/config/presets/npm/index.spec.ts
+++ b/lib/config/presets/npm/index.spec.ts
@@ -1,4 +1,5 @@
import nock from 'nock';
+import { setAdminConfig } from '../../admin';
import * as npm from '.';
jest.mock('registry-auth-token');
@@ -8,7 +9,7 @@ describe('config/presets/npm', () => {
delete process.env.NPM_TOKEN;
beforeEach(() => {
jest.resetAllMocks();
- global.trustLevel = 'low';
+ setAdminConfig();
nock.cleanAll();
});
afterEach(() => {
diff --git a/lib/datasource/crate/index.spec.ts b/lib/datasource/crate/index.spec.ts
index 3ec31ced96f47e2e74c0dccc4b17c94f4f13b6c8..afbec9411c2ae449591a56b9d34b085804c82172 100644
--- a/lib/datasource/crate/index.spec.ts
+++ b/lib/datasource/crate/index.spec.ts
@@ -4,6 +4,7 @@ import { DirectoryResult, dir } from 'tmp-promise';
import { dirname, join } from 'upath';
import { getPkgReleases } from '..';
import * as httpMock from '../../../test/http-mock';
+import { setAdminConfig } from '../../config/admin';
import * as memCache from '../../util/cache/memory';
import { setFsConfig } from '../../util/fs';
import {
@@ -71,11 +72,12 @@ describe('datasource/crate', () => {
});
simpleGit.mockReset();
memCache.init();
+ setAdminConfig();
});
afterEach(() => {
fs.rmdirSync(tmpDir.path, { recursive: true });
tmpDir = null;
- delete global.trustLevel;
+ setAdminConfig();
});
it('returns null for missing registry url', async () => {
expect(
@@ -208,9 +210,8 @@ describe('datasource/crate', () => {
});
it('clones cloudsmith private registry', async () => {
const { mockClone } = setupGitMocks();
-
+ setAdminConfig({ trustLevel: 'high' });
const url = 'https://dl.cloudsmith.io/basic/myorg/myrepo/cargo/index.git';
- global.trustLevel = 'high';
const res = await getPkgReleases({
datasource,
depName: 'mypkg',
@@ -223,9 +224,8 @@ describe('datasource/crate', () => {
});
it('clones other private registry', async () => {
const { mockClone } = setupGitMocks();
-
+ setAdminConfig({ trustLevel: 'high' });
const url = 'https://github.com/mcorbin/testregistry';
- global.trustLevel = 'high';
const res = await getPkgReleases({
datasource,
depName: 'mypkg',
@@ -238,9 +238,8 @@ describe('datasource/crate', () => {
});
it('clones once then reuses the cache', async () => {
const { mockClone } = setupGitMocks();
-
+ setAdminConfig({ trustLevel: 'high' });
const url = 'https://github.com/mcorbin/othertestregistry';
- global.trustLevel = 'high';
await getPkgReleases({
datasource,
depName: 'mypkg',
diff --git a/lib/datasource/crate/index.ts b/lib/datasource/crate/index.ts
index aee135998bebeb5f460384b61030bd73cb44b09c..606d48f28a078464ec12faa44eb05feb18343847 100644
--- a/lib/datasource/crate/index.ts
+++ b/lib/datasource/crate/index.ts
@@ -1,6 +1,7 @@
import hasha from 'hasha';
import Git from 'simple-git';
import { join } from 'upath';
+import { getAdminConfig } from '../../config/admin';
import { logger } from '../../logger';
import { ExternalHostError } from '../../types/errors/external-host-error';
import * as memCache from '../../util/cache/memory';
@@ -161,7 +162,7 @@ async function fetchRegistryInfo(
};
if (flavor !== RegistryFlavor.CratesIo) {
- if (global.trustLevel !== 'high') {
+ if (getAdminConfig().trustLevel !== 'high') {
logger.warn(
'crate datasource: trustLevel=high is required for registries other than crates.io, bailing out'
);
diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts
index 71653d4a313ff03ede97710ee61d08846af99806..fba85d1456012955b016e0394ac9423d3c53f709 100644
--- a/lib/datasource/npm/index.spec.ts
+++ b/lib/datasource/npm/index.spec.ts
@@ -3,6 +3,7 @@ import nock from 'nock';
import _registryAuthToken from 'registry-auth-token';
import { getPkgReleases } from '..';
import { getName } from '../../../test/util';
+import { setAdminConfig } from '../../config/admin';
import { EXTERNAL_HOST_ERROR } from '../../constants/error-messages';
import * as hostRules from '../../util/host-rules';
import { id as datasource, getNpmrc, resetCache, setNpmrc } from '.';
@@ -17,7 +18,7 @@ describe(getName(__filename), () => {
delete process.env.NPM_TOKEN;
beforeEach(() => {
jest.resetAllMocks();
- global.trustLevel = 'low';
+ setAdminConfig();
resetCache();
setNpmrc();
npmResponse = {
@@ -283,14 +284,14 @@ describe(getName(__filename), () => {
.reply(200, npmResponse);
process.env.REGISTRY = 'https://registry.from-env.com';
process.env.RENOVATE_CACHE_NPM_MINUTES = '15';
- global.trustLevel = 'high';
+ setAdminConfig({ trustLevel: 'high' });
// eslint-disable-next-line no-template-curly-in-string
const npmrc = 'registry=${REGISTRY}';
const res = await getPkgReleases({ datasource, depName: 'foobar', npmrc });
expect(res).toMatchSnapshot();
});
it('should throw error if necessary env var is not present', () => {
- global.trustLevel = 'high';
+ setAdminConfig({ trustLevel: 'high' });
// eslint-disable-next-line no-template-curly-in-string
expect(() => setNpmrc('registry=${REGISTRY_MISSING}')).toThrow(
Error('env-replace')
diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts
index 0c8260a261399a2e9507105610503cd0dd7ec038..d340093435907f251e001b94587b61c3794fbb6e 100644
--- a/lib/datasource/npm/npmrc.spec.ts
+++ b/lib/datasource/npm/npmrc.spec.ts
@@ -1,4 +1,5 @@
import { getName, mocked } from '../../../test/util';
+import { setAdminConfig } from '../../config/admin';
import * as _sanitize from '../../util/sanitize';
import { getNpmrc, setNpmrc } from './npmrc';
@@ -9,8 +10,8 @@ const sanitize = mocked(_sanitize);
describe(getName(__filename), () => {
beforeEach(() => {
delete process.env.NPM_TOKEN;
- delete global.trustLevel;
setNpmrc('');
+ setAdminConfig();
jest.resetAllMocks();
});
@@ -38,7 +39,7 @@ describe(getName(__filename), () => {
});
it('sanitize _authtoken with high trust', () => {
- global.trustLevel = 'high';
+ setAdminConfig({ trustLevel: 'high' });
process.env.TEST_TOKEN = 'test';
setNpmrc(
// eslint-disable-next-line no-template-curly-in-string
diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts
index dcc7e28c17d54270f64da43d009c979b2ef00b6d..7c7e4edd953b1e2a2ef624a20d0ea26950052400 100644
--- a/lib/datasource/npm/npmrc.ts
+++ b/lib/datasource/npm/npmrc.ts
@@ -1,5 +1,6 @@
import is from '@sindresorhus/is';
import ini from 'ini';
+import { getAdminConfig } from '../../config/admin';
import { logger } from '../../logger';
import { add } from '../../util/sanitize';
@@ -53,12 +54,13 @@ export function setNpmrc(input?: string): void {
npmrcRaw = input;
logger.debug('Setting npmrc');
npmrc = ini.parse(input.replace(/\\n/g, '\n'));
+ const { trustLevel } = getAdminConfig();
for (const [key, val] of Object.entries(npmrc)) {
- if (global.trustLevel !== 'high') {
+ if (trustLevel !== 'high') {
sanitize(key, val);
}
if (
- global.trustLevel !== 'high' &&
+ trustLevel !== 'high' &&
key.endsWith('registry') &&
val &&
val.includes('localhost')
@@ -71,7 +73,7 @@ export function setNpmrc(input?: string): void {
return;
}
}
- if (global.trustLevel !== 'high') {
+ if (trustLevel !== 'high') {
return;
}
for (const key of Object.keys(npmrc)) {
diff --git a/lib/globals.d.ts b/lib/globals.d.ts
index c37e0594e8e5c14fc98284482022f0d87fac5f3f..eab1af51b3754c523d5c64d620194e918b97e225 100644
--- a/lib/globals.d.ts
+++ b/lib/globals.d.ts
@@ -12,8 +12,6 @@ declare interface Error {
declare namespace NodeJS {
interface Global {
gitAuthor?: { name: string; email: string };
-
- trustLevel?: string;
}
}
diff --git a/lib/manager/composer/artifacts.spec.ts b/lib/manager/composer/artifacts.spec.ts
index 74dc9458f11764b31d63ba312de5e65e74f32612..d7798754387c6cd7fbebd66796998bfb2c001c49 100644
--- a/lib/manager/composer/artifacts.spec.ts
+++ b/lib/manager/composer/artifacts.spec.ts
@@ -2,6 +2,7 @@ import { exec as _exec } from 'child_process';
import { join } from 'upath';
import { envMock, mockExecAll } from '../../../test/exec-util';
import { env, fs, git, mocked, partial } from '../../../test/util';
+import { setAdminConfig } from '../../config/admin';
import {
PLATFORM_TYPE_GITHUB,
PLATFORM_TYPE_GITLAB,
@@ -45,7 +46,7 @@ describe('.updateArtifacts()', () => {
await setUtilConfig(config);
docker.resetPrefetchedImages();
hostRules.clear();
- delete global.trustLevel;
+ setAdminConfig();
});
it('returns if no composer.lock found', async () => {
expect(
@@ -62,7 +63,7 @@ describe('.updateArtifacts()', () => {
const execSnapshots = mockExecAll(exec);
fs.readLocalFile.mockReturnValueOnce('Current composer.lock' as any);
git.getRepoStatus.mockResolvedValue(repoStatus);
- global.trustLevel = 'high';
+ setAdminConfig({ trustLevel: 'high' });
expect(
await composer.updateArtifacts({
packageFileName: 'composer.json',
diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts
index 293ff1e226effa7898d9aa255998062db2df9796..7306e98cee95941c9c911f9688e84ba7beff558f 100644
--- a/lib/manager/composer/artifacts.ts
+++ b/lib/manager/composer/artifacts.ts
@@ -2,6 +2,7 @@ import url from 'url';
import is from '@sindresorhus/is';
import { quote } from 'shlex';
import upath from 'upath';
+import { getAdminConfig } from '../../config/admin';
import { SYSTEM_INSUFFICIENT_DISK_SPACE } from '../../constants/error-messages';
import {
PLATFORM_TYPE_GITHUB,
@@ -147,7 +148,7 @@ export async function updateArtifacts({
args += ' --ignore-platform-reqs';
}
args += ' --no-ansi --no-interaction';
- if (global.trustLevel !== 'high' || config.ignoreScripts) {
+ if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) {
args += ' --no-scripts --no-autoloader';
}
logger.debug({ cmd, args }, 'composer command');
diff --git a/lib/manager/npm/extract/index.ts b/lib/manager/npm/extract/index.ts
index de6ee9d5c51a71c72dfcf86a906b2c70d722b26a..34515967b4834345b5b1bc7413d5bfdb32370e9a 100644
--- a/lib/manager/npm/extract/index.ts
+++ b/lib/manager/npm/extract/index.ts
@@ -1,6 +1,7 @@
import is from '@sindresorhus/is';
import { dirname } from 'upath';
import validateNpmPackageName from 'validate-npm-package-name';
+import { getAdminConfig } from '../../../config/admin';
import { CONFIG_VALIDATION } from '../../../constants/error-messages';
import * as datasourceGithubTags from '../../../datasource/github-tags';
import * as datasourceNpm from '../../../datasource/npm';
@@ -107,7 +108,7 @@ export async function extractPackageFile(
npmrc = npmrc.replace(/(^|\n)package-lock.*?(\n|$)/g, '\n');
}
if (npmrc) {
- if (npmrc.includes('=${') && !(global.trustLevel === 'high')) {
+ if (npmrc.includes('=${') && getAdminConfig().trustLevel !== 'high') {
logger.debug('Discarding .npmrc file with variables');
ignoreNpmrcFile = true;
npmrc = undefined;
diff --git a/lib/manager/npm/post-update/lerna.spec.ts b/lib/manager/npm/post-update/lerna.spec.ts
index 6abc4c3fb5d4c4d48a1f45e57ab947bb9ccea47e..0dddb7c585fe5de571e16d0aae9da790e6451d41 100644
--- a/lib/manager/npm/post-update/lerna.spec.ts
+++ b/lib/manager/npm/post-update/lerna.spec.ts
@@ -1,6 +1,7 @@
import { exec as _exec } from 'child_process';
import { envMock, mockExecAll } from '../../../../test/exec-util';
import { getName, mocked } from '../../../../test/util';
+import { setAdminConfig } from '../../../config/admin';
import * as _env from '../../../util/exec/env';
import * as _lernaHelper from './lerna';
@@ -108,14 +109,13 @@ describe(getName(__filename), () => {
});
it('allows scripts for trust level high', async () => {
const execSnapshots = mockExecAll(exec);
- global.trustLevel = 'high';
+ setAdminConfig({ trustLevel: 'high' });
const res = await lernaHelper.generateLockFiles(
lernaPkgFile('npm'),
'some-dir',
{},
{}
);
- delete global.trustLevel;
expect(res.error).toBe(false);
expect(execSnapshots).toMatchSnapshot();
});
diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts
index bbb95de91afda5cc76decc3b668c84348d775cc2..dd6634a294cb91ab092474fb9e853ce69b25a4e2 100644
--- a/lib/manager/npm/post-update/lerna.ts
+++ b/lib/manager/npm/post-update/lerna.ts
@@ -1,6 +1,7 @@
import semver, { validRange } from 'semver';
import { quote } from 'shlex';
import { join } from 'upath';
+import { getAdminConfig } from '../../../config/admin';
import { logger } from '../../../logger';
import { ExecOptions, exec } from '../../../util/exec';
import { PackageFile, PostUpdateConfig } from '../../common';
@@ -70,7 +71,10 @@ export async function generateLockFiles(
return { error: false };
}
let lernaCommand = `lerna bootstrap --no-ci --ignore-scripts -- `;
- if (global.trustLevel === 'high' && config.ignoreScripts !== false) {
+ if (
+ getAdminConfig().trustLevel === 'high' &&
+ config.ignoreScripts !== false
+ ) {
cmdOptions = cmdOptions.replace('--ignore-scripts ', '');
lernaCommand = lernaCommand.replace('--ignore-scripts ', '');
}
@@ -90,7 +94,7 @@ export async function generateLockFiles(
},
};
// istanbul ignore if
- if (global.trustLevel === 'high') {
+ if (getAdminConfig().trustLevel === 'high') {
execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
index ff442d980d8041163c770295284282ea78c366cb..388a2185e15e3d9d0fcd988dda3d93fa6692f8e1 100644
--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -1,6 +1,7 @@
import { validRange } from 'semver';
import { quote } from 'shlex';
import { join } from 'upath';
+import { getAdminConfig } from '../../../config/admin';
import { SYSTEM_INSUFFICIENT_DISK_SPACE } from '../../../constants/error-messages';
import { logger } from '../../../logger';
import { ExecOptions, exec } from '../../../util/exec';
@@ -67,7 +68,7 @@ export async function generateLockFile(
},
};
// istanbul ignore if
- if (global.trustLevel === 'high') {
+ if (getAdminConfig().trustLevel === 'high') {
execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts
index efcca417127338447e0e432d82bc8165be171c08..ad79529d3b741d74d74106c7ad022e487e703789 100644
--- a/lib/manager/npm/post-update/pnpm.ts
+++ b/lib/manager/npm/post-update/pnpm.ts
@@ -1,6 +1,7 @@
import { validRange } from 'semver';
import { quote } from 'shlex';
import { join } from 'upath';
+import { getAdminConfig } from '../../../config/admin';
import { logger } from '../../../logger';
import { ExecOptions, exec } from '../../../util/exec';
import { readFile, remove } from '../../../util/fs';
@@ -48,7 +49,7 @@ export async function generateLockFile(
},
};
// istanbul ignore if
- if (global.trustLevel === 'high') {
+ if (getAdminConfig().trustLevel === 'high') {
execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
@@ -61,7 +62,7 @@ export async function generateLockFile(
}
cmd = 'pnpm';
let args = 'install --recursive --lockfile-only';
- if (global.trustLevel !== 'high' || config.ignoreScripts) {
+ if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) {
args += ' --ignore-scripts';
args += ' --ignore-pnpmfile';
}
diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts
index addc60925fdc23acbb3a9b949f143dc62e3c6116..e84840ff7b889efd709589f9e0015b00e04ac33f 100644
--- a/lib/manager/npm/post-update/yarn.ts
+++ b/lib/manager/npm/post-update/yarn.ts
@@ -2,6 +2,7 @@ import is from '@sindresorhus/is';
import { gte, minVersion, validRange } from 'semver';
import { quote } from 'shlex';
import { join } from 'upath';
+import { getAdminConfig } from '../../../config/admin';
import { SYSTEM_INSUFFICIENT_DISK_SPACE } from '../../../constants/error-messages';
import { id as npmId } from '../../../datasource/npm';
import { logger } from '../../../logger';
@@ -84,7 +85,7 @@ export async function generateLockFile(
} else {
extraEnv.YARN_HTTP_TIMEOUT = '100000';
}
- if (global.trustLevel !== 'high' || config.ignoreScripts) {
+ if (getAdminConfig().trustLevel !== 'high' || config.ignoreScripts) {
if (isYarn1) {
cmdOptions += ' --ignore-scripts';
} else {
@@ -103,7 +104,7 @@ export async function generateLockFile(
},
};
// istanbul ignore if
- if (global.trustLevel === 'high') {
+ if (getAdminConfig().trustLevel === 'high') {
execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
diff --git a/lib/manager/pip_requirements/extract.spec.ts b/lib/manager/pip_requirements/extract.spec.ts
index 271443a0fa4f57c99209d394a47923d198c023b8..43ead688ceb873f711438e93546f7c5bafb892fa 100644
--- a/lib/manager/pip_requirements/extract.spec.ts
+++ b/lib/manager/pip_requirements/extract.spec.ts
@@ -1,4 +1,5 @@
import { readFileSync } from 'fs';
+import { setAdminConfig } from '../../config/admin';
import { extractPackageFile } from './extract';
const requirements1 = readFileSync(
@@ -37,11 +38,11 @@ const requirements7 = readFileSync(
describe('lib/manager/pip_requirements/extract', () => {
beforeEach(() => {
delete process.env.PIP_TEST_TOKEN;
- global.trustLevel = 'low';
+ setAdminConfig();
});
afterEach(() => {
delete process.env.PIP_TEST_TOKEN;
- global.trustLevel = 'low';
+ setAdminConfig();
});
describe('extractPackageFile()', () => {
let config;
@@ -127,7 +128,7 @@ describe('lib/manager/pip_requirements/extract', () => {
});
it('should replace env vars in high trust mode', () => {
process.env.PIP_TEST_TOKEN = 'its-a-secret';
- global.trustLevel = 'high';
+ setAdminConfig({ trustLevel: 'high' });
const res = extractPackageFile(requirements7, 'unused_file_name', {});
expect(res.registryUrls).toEqual([
'https://pypi.org/pypi/',
diff --git a/lib/manager/pip_requirements/extract.ts b/lib/manager/pip_requirements/extract.ts
index 448d90b4d655b3d89160f83f0b954d624faa8252..23bfd8dd88bde13e51bd0e1d2b53310dfae9d57b 100644
--- a/lib/manager/pip_requirements/extract.ts
+++ b/lib/manager/pip_requirements/extract.ts
@@ -1,5 +1,6 @@
// based on https://www.python.org/dev/peps/pep-0508/#names
import { RANGE_PATTERN } from '@renovate/pep440/lib/specifier';
+import { getAdminConfig } from '../../config/admin';
import * as datasourcePypi from '../../datasource/pypi';
import { logger } from '../../logger';
import { SkipReason } from '../../types';
@@ -83,7 +84,7 @@ export function extractPackageFile(
res.registryUrls = registryUrls.map((url) => {
// handle the optional quotes in eg. `--extra-index-url "https://foo.bar"`
const cleaned = url.replace(/^"/, '').replace(/"$/, '');
- if (global.trustLevel !== 'high') {
+ if (getAdminConfig().trustLevel !== 'high') {
return cleaned;
}
// interpolate any environment variables
diff --git a/lib/util/exec/env.spec.ts b/lib/util/exec/env.spec.ts
index 5bdbff6af90f1bd1567f355122b08b1e4d5d7345..e3a0eabc258ad3e92f1f6bb32ba1eb01386c3c19 100644
--- a/lib/util/exec/env.spec.ts
+++ b/lib/util/exec/env.spec.ts
@@ -1,3 +1,4 @@
+import { setAdminConfig } from '../../config/admin';
import { getChildProcessEnv } from './env';
describe('getChildProcess environment when trustlevel set to low', () => {
@@ -57,9 +58,8 @@ describe('getChildProcess environment when trustlevel set to low', () => {
describe('getChildProcessEnv when trustlevel set to high', () => {
it('returns process.env if trustlevel set to high', () => {
- global.trustLevel = 'high';
+ setAdminConfig({ trustLevel: 'high' });
expect(getChildProcessEnv()).toMatchObject(process.env);
- delete global.trustLevel;
});
});
});
diff --git a/lib/util/exec/env.ts b/lib/util/exec/env.ts
index 453c74abd4819dccad2d0c18d548b2ad0dafc82c..a01d1363052785dda542ad87d7e2ebbe914db806 100644
--- a/lib/util/exec/env.ts
+++ b/lib/util/exec/env.ts
@@ -1,3 +1,5 @@
+import { getAdminConfig } from '../../config/admin';
+
const basicEnvVars = [
'HTTP_PROXY',
'HTTPS_PROXY',
@@ -13,7 +15,7 @@ export function getChildProcessEnv(
customEnvVars: string[] = []
): NodeJS.ProcessEnv {
const env: NodeJS.ProcessEnv = {};
- if (global.trustLevel === 'high') {
+ if (getAdminConfig().trustLevel === 'high') {
return Object.assign(env, process.env);
}
const envVars = [...basicEnvVars, ...customEnvVars];
diff --git a/lib/util/exec/exec.spec.ts b/lib/util/exec/exec.spec.ts
index c118e5cf1f167a780d07a8dc420a6413d585c668..163b64f8a356e98dbf202684184ff4510916e514 100644
--- a/lib/util/exec/exec.spec.ts
+++ b/lib/util/exec/exec.spec.ts
@@ -26,13 +26,11 @@ interface TestInput {
inOpts: ExecOptions;
outCmd: string[];
outOpts: RawExecOptions[];
- trustLevel?: 'high' | 'low';
adminConfig?: RepoAdminConfig;
}
describe(`Child process execution wrapper`, () => {
let processEnvOrig;
- let trustLevelOrig;
const cacheDir = '/tmp/renovate/cache/';
const cwd = '/tmp/renovate/github/some/repo/';
@@ -51,12 +49,12 @@ describe(`Child process execution wrapper`, () => {
jest.restoreAllMocks();
jest.resetModules();
processEnvOrig = process.env;
- trustLevelOrig = global.trustLevel;
+ setAdminConfig();
});
afterEach(() => {
process.env = processEnvOrig;
- global.trustLevel = trustLevelOrig;
+ setAdminConfig();
});
const image = 'renovate/image';
@@ -193,7 +191,7 @@ describe(`Child process execution wrapper`, () => {
maxBuffer: 10485760,
},
],
- trustLevel: 'high',
+ adminConfig: { trustLevel: 'high' },
},
],
@@ -662,14 +660,10 @@ describe(`Child process execution wrapper`, () => {
inOpts,
outCmd: outCommand,
outOpts,
- trustLevel,
- adminConfig = {},
+ adminConfig = {} as any,
} = testOpts;
process.env = procEnv;
- if (trustLevel) {
- global.trustLevel = trustLevel;
- }
if (config) {
jest
@@ -686,7 +680,7 @@ describe(`Child process execution wrapper`, () => {
callback(null, { stdout: '', stderr: '' });
return undefined;
});
- setAdminConfig(adminConfig as any, Object.keys(adminConfig));
+ setAdminConfig(adminConfig);
await exec(cmd as string, inOpts);
expect(actualCmd).toEqual(outCommand);
diff --git a/lib/workers/branch/index.spec.ts b/lib/workers/branch/index.spec.ts
index aa7e5c1b24c4e0e79abc260de16792a53add1716..3cf0eb187971b2b52fa41a8b60a7e0b6c0a51d63 100644
--- a/lib/workers/branch/index.spec.ts
+++ b/lib/workers/branch/index.spec.ts
@@ -65,13 +65,14 @@ describe('workers/branch', () => {
} as never;
schedule.isScheduledNow.mockReturnValue(true);
commit.commitFilesToBranch.mockResolvedValue('abc123');
- setAdminConfig({}, []);
+ setAdminConfig();
});
afterEach(() => {
platform.ensureComment.mockClear();
platform.ensureCommentRemoval.mockClear();
commit.commitFilesToBranch.mockClear();
jest.resetAllMocks();
+ setAdminConfig();
});
it('skips branch if not scheduled and branch does not exist', async () => {
schedule.isScheduledNow.mockReturnValueOnce(false);
@@ -687,7 +688,6 @@ describe('workers/branch', () => {
not_added: [],
deleted: ['deleted_file'],
} as StatusResult);
- global.trustLevel = 'high';
fs.outputFile.mockReturnValue();
fs.readFile.mockResolvedValueOnce(Buffer.from('modified file content'));
@@ -698,8 +698,9 @@ describe('workers/branch', () => {
const adminConfig = {
allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'],
allowPostUpgradeCommandTemplating: true,
+ trustLevel: 'high',
};
- setAdminConfig(adminConfig, Object.keys(adminConfig));
+ setAdminConfig(adminConfig);
const result = await branchWorker.processBranch({
...config,
@@ -756,7 +757,6 @@ describe('workers/branch', () => {
not_added: [],
deleted: ['deleted_file'],
} as StatusResult);
- global.trustLevel = 'high';
fs.outputFile.mockReturnValue();
fs.readFile.mockResolvedValueOnce(Buffer.from('modified file content'));
@@ -766,8 +766,9 @@ describe('workers/branch', () => {
const adminConfig = {
allowedPostUpgradeCommands: ['^echo {{{versioning}}}$'],
allowPostUpgradeCommandTemplating: false,
+ trustLevel: 'high',
};
- setAdminConfig(adminConfig, Object.keys(adminConfig));
+ setAdminConfig(adminConfig);
const result = await branchWorker.processBranch({
...config,
postUpgradeTasks: {
@@ -829,7 +830,6 @@ describe('workers/branch', () => {
not_added: [],
deleted: ['deleted_file', 'modified_then_deleted_file'],
} as StatusResult);
- global.trustLevel = 'high';
fs.outputFile.mockReturnValue();
fs.readFile
@@ -844,8 +844,9 @@ describe('workers/branch', () => {
const adminConfig = {
allowedPostUpgradeCommands: ['^echo {{{depName}}}$'],
allowPostUpgradeCommandTemplating: true,
+ trustLevel: 'high',
};
- setAdminConfig(adminConfig, Object.keys(adminConfig));
+ setAdminConfig(adminConfig);
const inconfig = {
...config,
diff --git a/lib/workers/branch/index.ts b/lib/workers/branch/index.ts
index 9c3ed2135ec1ec6c61d0a731c32ff846745b5026..5271126c25b92c8bc87ce5de6c2e13a076ec3956 100644
--- a/lib/workers/branch/index.ts
+++ b/lib/workers/branch/index.ts
@@ -336,7 +336,7 @@ export async function processBranch(
(config.updatedPackageFiles?.length > 0 ||
/* ... or changes to artifacts */
config.updatedArtifacts?.length > 0) &&
- global.trustLevel === 'high' &&
+ getAdminConfig().trustLevel === 'high' &&
is.nonEmptyArray(allowedPostUpgradeCommands)
) {
for (const upgrade of config.upgrades) {