greenkeeper icon indicating copy to clipboard operation
greenkeeper copied to clipboard

Published 20 hours ago verified publisher icon greenkeeperio

Feature: add support for other registries

Open ronderksen opened this issue 6 years ago • 5 comments

We use jfrog.io as our registry for our private packages, but Greenkeeper only supports npmjs.org for private packages. Even though Greenkeeper still has value for us because of all the third party packages, we still would like to have support for our private packages too.

I think that JFrog offers the same API as npmjs, so I hope that implementing this would be fairly straightforward. If the API is standardized, you could even expand it to allow other registries as well?

ronderksen avatar Mar 05 '18 07:03 ronderksen

If you can provide some hints on where to start, I can try to convince my manager to invest some time for a PR.

ronderksen avatar Mar 05 '18 07:03 ronderksen

Hi @ronderksen, this is a very generous offer, thank you very much :)

For the support of alternative registries, we already have some infrastructure in place, so it is feasible to add this feature.

These are some of the considerations that have to go into this from our end:

  • [ ] The registry needs to emit events for package publishes, ideally as web hooks.
  • [ ] The registry needs to authenticate web hooks with an API key.
  • [ ] It must be easy for end-users to configure the API key with Greenkeeper.
    • this currently works by Greenkeeper supplying a webhook secret to the initial PR
    • If JFrog emits the same web hooks as npm, the same secret can already be used to send package updates.

Let us know if you have any questions :)

janl avatar Mar 05 '18 10:03 janl

@ronderksen heya, any updates on this? :)

janl avatar Jul 10 '18 14:07 janl

@janl Sorry, we've decided that greenkeeper doesn't work for us (devs were basically ignoring GK PRs), so I haven't invested any time in this issue anymore.

ronderksen avatar Jul 18 '18 10:07 ronderksen

I'm also using JFrog as private npm registry. They have some kind of hooks, but I'm trying to send the notification to Greenkeeper directly from my continous integration pipeline (after publishing the new NPM module), with a script.

For that, I'm trying to reuse the npm hook on https://hooks.greenkeeper.io/npm, sending to it a HTTP POST request with this payload:

const payload = JSON.stringify({
        payload: {
                name: '@my_scope/my_package_name',
                'dist-tags': {
                        latest: "my_version"
                },
                versions: {
                        "my_version": { 
                                gitHead: "git_commit_of_tagged_version",
                                repository: {
                                        type: "git",
                                        url: "github_repository_url"
                                }
                        }
                }
        }
});

The server response is 202: {ok:true}, so I suppose that the hmac is right. But I don't see any PR (or any other kind of activity) from greenkeeper in my GH repository after the POST (greenkeeper is configured, I'm getting PR's for public modules).

Should this integration work? What else would I need?

chechu avatar Oct 04 '18 11:10 chechu