From 878e3c5cd400d9e6e07e9528f1d0a0664250d328 Mon Sep 17 00:00:00 2001
From: Maxime Brunet <max@brnt.mx>
Date: Tue, 15 Aug 2023 22:05:01 -0700
Subject: [PATCH] fix(nix): trim `x-access-token:` prefix from Github token
 (#23884)

---
 lib/modules/manager/nix/artifacts.spec.ts | 30 +++++++++++++++++++++++
 lib/modules/manager/nix/artifacts.ts      | 11 ++++++---
 2 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/lib/modules/manager/nix/artifacts.spec.ts b/lib/modules/manager/nix/artifacts.spec.ts
index c3fe645e9b..779513f29c 100644
--- a/lib/modules/manager/nix/artifacts.spec.ts
+++ b/lib/modules/manager/nix/artifacts.spec.ts
@@ -155,6 +155,36 @@ describe('modules/manager/nix/artifacts', () => {
     expect(execSnapshots).toMatchObject([{ cmd: updateInputTokenCmd }]);
   });
 
+  it('trims "x-access-token:" prefix from GitHub token', async () => {
+    fs.readLocalFile.mockResolvedValueOnce('current flake.lock');
+    const execSnapshots = mockExecAll();
+    git.getRepoStatus.mockResolvedValue(
+      partial<StatusResult>({
+        modified: ['flake.lock'],
+      })
+    );
+    fs.readLocalFile.mockResolvedValueOnce('new flake.lock');
+    hostRules.find.mockReturnValueOnce({ token: 'x-access-token:token' });
+
+    const res = await updateArtifacts({
+      packageFileName: 'flake.nix',
+      updatedDeps: [{ depName: 'nixpkgs' }],
+      newPackageFileContent: 'some new content',
+      config: { ...config, constraints: { python: '3.7' } },
+    });
+
+    expect(res).toEqual([
+      {
+        file: {
+          contents: 'new flake.lock',
+          path: 'flake.lock',
+          type: 'addition',
+        },
+      },
+    ]);
+    expect(execSnapshots).toMatchObject([{ cmd: updateInputTokenCmd }]);
+  });
+
   it('supports docker mode', async () => {
     GlobalConfig.set(dockerAdminConfig);
     const execSnapshots = mockExecAll();
diff --git a/lib/modules/manager/nix/artifacts.ts b/lib/modules/manager/nix/artifacts.ts
index a563b84efb..236004dffc 100644
--- a/lib/modules/manager/nix/artifacts.ts
+++ b/lib/modules/manager/nix/artifacts.ts
@@ -1,6 +1,7 @@
 import is from '@sindresorhus/is';
 import { quote } from 'shlex';
 import { logger } from '../../../logger';
+import { findGithubToken } from '../../../util/check-token';
 import { exec } from '../../../util/exec';
 import type { ExecOptions } from '../../../util/exec/types';
 import { readLocalFile } from '../../../util/fs';
@@ -25,10 +26,12 @@ export async function updateArtifacts({
     --extra-experimental-features nix-command \
     --extra-experimental-features flakes `;
 
-  const { token } = hostRules.find({
-    hostType: 'github',
-    url: 'https://api.github.com/',
-  });
+  const token = findGithubToken(
+    hostRules.find({
+      hostType: 'github',
+      url: 'https://api.github.com/',
+    })
+  );
 
   if (token) {
     cmd += `--extra-access-tokens github.com=${token} `;
-- 
GitLab