From 7fb2e72281ff49c95309bc6618c3ba6b0aaba09e Mon Sep 17 00:00:00 2001
From: Steven Davidovitz <steved@users.noreply.github.com>
Date: Sun, 21 Aug 2022 05:14:55 -0700
Subject: [PATCH] fix(docker): support nvcr.io tag listing (#17294)

---
 lib/modules/datasource/docker/index.spec.ts | 21 +++++++++++++++++++++
 lib/modules/datasource/docker/index.ts      |  7 +++++--
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/lib/modules/datasource/docker/index.spec.ts b/lib/modules/datasource/docker/index.spec.ts
index 53ca35211d..10a417c0c2 100644
--- a/lib/modules/datasource/docker/index.spec.ts
+++ b/lib/modules/datasource/docker/index.spec.ts
@@ -545,6 +545,27 @@ describe('modules/datasource/docker/index', () => {
       expect(res).toBe('some-digest');
     });
 
+    it('supports token with no service', async () => {
+      httpMock
+        .scope(baseUrl)
+        .get('/')
+        .reply(401, '', {
+          'www-authenticate':
+            'Bearer realm="https://auth.docker.io/token",scope=""',
+        })
+        .head('/library/some-other-dep/manifests/8.0.0-alpine')
+        .reply(200, {}, { 'docker-content-digest': 'some-digest' });
+      httpMock
+        .scope(authUrl)
+        .get('/token?service=&scope=repository:library/some-other-dep:pull')
+        .reply(200, { access_token: 'test' });
+      const res = await getDigest(
+        { datasource: 'docker', depName: 'some-other-dep' },
+        '8.0.0-alpine'
+      );
+      expect(res).toBe('some-digest');
+    });
+
     it('supports scoped names', async () => {
       httpMock
         .scope(baseUrl)
diff --git a/lib/modules/datasource/docker/index.ts b/lib/modules/datasource/docker/index.ts
index cd8b62ea50..c1786ba836 100644
--- a/lib/modules/datasource/docker/index.ts
+++ b/lib/modules/datasource/docker/index.ts
@@ -140,7 +140,6 @@ export async function getAuthHeaders(
     if (
       authenticateHeader.scheme.toUpperCase() !== 'BEARER' ||
       !is.string(authenticateHeader.params.realm) ||
-      !is.string(authenticateHeader.params.service) ||
       parseUrl(authenticateHeader.params.realm) === null
     ) {
       logger.trace(
@@ -159,7 +158,11 @@ export async function getAuthHeaders(
       scope = authenticateHeader.params.scope;
     }
 
-    const authUrl = `${authenticateHeader.params.realm}?service=${authenticateHeader.params.service}&scope=${scope}`;
+    let service = authenticateHeader.params.service;
+    if (!is.string(service)) {
+      service = '';
+    }
+    const authUrl = `${authenticateHeader.params.realm}?service=${service}&scope=${scope}`;
     logger.trace(
       { registryHost, dockerRepository, authUrl },
       `Obtaining docker registry token`
-- 
GitLab