diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md
index da92af6b2318b2745e5685051a9f356711410304..34640c50aa74f2f82102f0c1445d9a50e4a90af0 100644
--- a/docs/usage/configuration-options.md
+++ b/docs/usage/configuration-options.md
@@ -460,6 +460,10 @@ Use this if you are extending a complex preset but won't want to use every "sub
It would take the entire `"config:base"` preset - which contains a lot of sub-presets - but ignore the `":prHourlyLimit2"` rule.
+## ignoreScripts
+
+Applicable for npm and composer only for now. Set this to `true` if running scripts causes problems.
+
## ignoreUnstable
By default, Renovate won't update any package versions to unstable versions (e.g. `4.0.0-rc3`) unless the current version has the same major.minor.patch and was _already_ unstable (e.g. it was already on `4.0.0-rc2`). Renovate will not "jump" unstable versions automatically, e.g. if you are on `4.0.0-rc2` and newer versions `4.0.0` and `4.1.0-alpha.1` exist then Renovate will update you to `4.0.0` only. If you need to force permanent unstable updates for a package, you can add a package rule setting `ignoreUnstable` to `false`.
diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts
index 973c915964248e2fb9f59547806080131e47a620..f531c7d91521d8117cc0f8fa7e157ba15a0f8b0d 100644
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@@ -386,6 +386,14 @@ const options: RenovateOptions[] = [
type: 'string',
default: 'low',
},
+ {
+ name: 'ignoreScripts',
+ description:
+ 'Configure this to true if trustLevel is high but you wish to skip running scripts when updating lock files',
+ stage: 'package',
+ type: 'boolean',
+ default: false,
+ },
{
name: 'platform',
description: 'Platform type of repository',
diff --git a/lib/manager/common.ts b/lib/manager/common.ts
index dfea00da9f22401d6187c48754dd6154c4bf6028..d023298de5c701fd7e5bfa93e3be5f02e0368c33 100644
--- a/lib/manager/common.ts
+++ b/lib/manager/common.ts
@@ -30,6 +30,7 @@ export interface UpdateArtifactsConfig extends ManagerConfig {
compatibility?: Record<string, string>;
cacheDir?: string;
postUpdateOptions?: string[];
+ ignoreScripts?: boolean;
}
export interface PackageUpdateConfig {
diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts
index cf2583dda1edb1e33456cf13bc287e55b073a93d..a6d3025bbe2ff328c87e58f16249e382e43817d1 100644
--- a/lib/manager/composer/artifacts.ts
+++ b/lib/manager/composer/artifacts.ts
@@ -123,7 +123,7 @@ export async function updateArtifacts(
('update ' + updatedDeps.join(' ')).trim() + ' --with-dependencies';
}
args += ' --ignore-platform-reqs --no-ansi --no-interaction';
- if (global.trustLevel !== 'high') {
+ if (global.trustLevel !== 'high' || config.ignoreScripts) {
args += ' --no-scripts --no-autoloader';
}
logger.debug({ cmd, args }, 'composer command');
diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts
index ac60717b7a386279aad2304ff3487f72e464a3fd..f776a3df208a12cddb51d80a8ffdd615f85ee6cf 100644
--- a/lib/manager/npm/post-update/pnpm.ts
+++ b/lib/manager/npm/post-update/pnpm.ts
@@ -91,7 +91,7 @@ export async function generateLockFile(
logger.debug(`Using pnpm: ${cmd}`);
cmd += ' install';
cmd += ' --lockfile-only';
- if (global.trustLevel !== 'high') {
+ if (global.trustLevel !== 'high' || config.ignoreScripts) {
cmd += ' --ignore-scripts';
cmd += ' --ignore-pnpmfile';
}
diff --git a/renovate-schema.json b/renovate-schema.json
index 8c702340b1d76e64a38bb4d95eb0edfd4158b47a..def7970e272241a624edc654bd68e8d2ff169d9b 100644
--- a/renovate-schema.json
+++ b/renovate-schema.json
@@ -200,6 +200,11 @@
"type": "string",
"default": "low"
},
+ "ignoreScripts": {
+ "description": "Configure this to true if trustLevel is high but you wish to skip running scripts when updating lock files",
+ "type": "boolean",
+ "default": false
+ },
"platform": {
"description": "Platform type of repository",
"type": "string",