diff --git a/lib/modules/datasource/docker/common.ts b/lib/modules/datasource/docker/common.ts
index 891c4bee0ee3cc6b21f1dfd002c9ae002bdbe73d..78845b8ad66c5db39c988caddc1a1c8c03c055a5 100644
--- a/lib/modules/datasource/docker/common.ts
+++ b/lib/modules/datasource/docker/common.ts
@@ -94,6 +94,7 @@ export async function getAuthHeaders(
url: apiCheckUrl,
});
if (ecrRegex.test(registryHost)) {
+ logger.once.debug(`hostRules: ecr auth for ${registryHost}`);
logger.trace(
{ registryHost, dockerRepository },
`Using ecr auth for Docker registry`,
@@ -109,6 +110,7 @@ export async function getAuthHeaders(
typeof opts.password === 'undefined' &&
typeof opts.token === 'undefined'
) {
+ logger.once.debug(`hostRules: google auth for ${registryHost}`);
logger.trace(
{ registryHost, dockerRepository },
`Using google auth for Docker registry`,
@@ -123,6 +125,7 @@ export async function getAuthHeaders(
);
}
} else if (opts.username && opts.password) {
+ logger.once.debug(`hostRules: basic auth for ${registryHost}`);
logger.trace(
{ registryHost, dockerRepository },
`Using basic auth for Docker registry`,
@@ -133,6 +136,9 @@ export async function getAuthHeaders(
opts.headers = { authorization: `Basic ${auth}` };
} else if (opts.token) {
const authType = opts.authType ?? 'Bearer';
+ logger.once.debug(
+ `hostRules: ${authType} token auth for ${registryHost}`,
+ );
logger.trace(
{ registryHost, dockerRepository },
`Using ${authType} token for Docker registry`,
@@ -154,6 +160,7 @@ export async function getAuthHeaders(
!is.string(authenticateHeader.params.realm) ||
parseUrl(authenticateHeader.params.realm) === null
) {
+ logger.once.debug(`hostRules: testing direct auth for ${registryHost}`);
logger.trace(
{ registryHost, dockerRepository, authenticateHeader },
`Invalid realm, testing direct auth`,
diff --git a/lib/util/http/host-rules.ts b/lib/util/http/host-rules.ts
index 45855dd4bf5db79294882565f0d31b8425ae1ac3..7f5b52c293f0dfd63706d2cf14b232db251b80bd 100644
--- a/lib/util/http/host-rules.ts
+++ b/lib/util/http/host-rules.ts
@@ -9,6 +9,7 @@ import { logger } from '../../logger';
import { hasProxy } from '../../proxy';
import type { HostRule } from '../../types';
import * as hostRules from '../host-rules';
+import { parseUrl } from '../url';
import { dnsLookup } from './dns';
import { keepaliveAgents } from './keepalive';
import type { GotOptions } from './types';
@@ -120,6 +121,7 @@ export function applyHostRules<GotOptions extends HostRulesGotOptions>(
const options: GotOptions = { ...inOptions };
const foundRules = findMatchingRules(options, url);
const { username, password, token, enabled, authType } = foundRules;
+ const host = parseUrl(url)?.host;
if (options.noAuth) {
logger.trace({ url }, `Authorization disabled`);
} else if (
@@ -127,17 +129,22 @@ export function applyHostRules<GotOptions extends HostRulesGotOptions>(
is.nonEmptyString(options.password) ||
is.nonEmptyString(options.token)
) {
+ logger.once.debug(`hostRules: authentication already set for ${host}`);
logger.trace({ url }, `Authorization already set`);
} else if (password !== undefined) {
+ logger.once.debug(`hostRules: applying Basic authentication for ${host}`);
logger.trace({ url }, `Applying Basic authentication`);
options.username = username;
options.password = password;
} else if (token) {
+ logger.once.debug(`hostRules: applying Bearer authentication for ${host}`);
logger.trace({ url }, `Applying Bearer authentication`);
options.token = token;
options.context = { ...options.context, authType };
} else if (enabled === false) {
options.enabled = false;
+ } else {
+ logger.once.debug(`hostRules: no authentication for ${host}`);
}
// Apply optional params
if (foundRules.abortOnError) {