renovate
renovate copied to clipboard
renovatebot
Should ignore publishing registries repositories
How are you running Renovate?
Mend Renovate hosted app on github.com
If you're self-hosting Renovate, tell us what version of Renovate you run.
No response
Please select which platform you are using if self-hosting.
No response
If you're self-hosting Renovate, tell us what version of the platform you run.
No response
Was this something which used to work for you, and then stopped?
I never saw this working
Describe the bug
The bot uses registry urls from publishing config when trying to find updated dependencies. This is a config that is only used when publishing artifacts and is not supposed to be used when resolving dependencies.
An example of a config can look like this in a gradle file eg. build.gradle.kts
publishing {
repositories {
maven {
uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = "USERNAME"
password = "PASSWORD"
}
}
}
}
Example repository: https://github.com/JohNan/renovatebot-bugreport
Relevant debug logs
Logs
DEBUG: Looking up org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin in repository https://repo.maven.apache.org/maven2/
DEBUG: Found 6 new releases for org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin in repository https://repo.maven.apache.org/maven2/
DEBUG: Looking up org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin in repository https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
DEBUG: Dependency lookup unauthorized. Please add authentication with a hostRule
{
"failedUrl": "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/org/jetbrains/kotlin/jvm/org.jetbrains.kotlin.jvm.gradle.plugin/maven-metadata.xml"
}
DEBUG: Content is not found for Maven url
{
"url": "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/org/jetbrains/kotlin/jvm/org.jetbrains.kotlin.jvm.gradle.plugin/maven-metadata.xml"
}
Have you created a minimal reproduction repository?
I have linked to a minimal reproduction repository in the bug description
reproduced, we are parsing it as part of our registry urls
"registryUrls": [
"https://repo.maven.apache.org/maven2",
"https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/",
"https://plugins.gradle.org/m2/"
],
Forked to https://github.com/renovate-reproductions/17067
Does it look like a quick fix, or needs some of our parsing rewritten?
we use tokenizer , i have no idea, the code is here i suppose: https://github.com/renovatebot/renovate/blob/e4dbd4ad491f656aaa7f9da9d4dae2c18622a1e6/lib/modules/manager/gradle/parser.ts#L281-L313
@zharinov do you recall if it's just checking for repositories.maven at any level and that's why it swallows publishing.repositories.maven?
the tokenizer is matching specific keywords for multiple cases,
check out the parser
looking at all cases of processCustomRegistryUrl
-
maven("https://repository.mycompany.com/m2/repository") -
maven { name = "baz"; url = "https://maven.springframework.org/${name}" } -
maven { url = "https://maven.springframework.org/release" -
maven { url = uri("https://maven.springframework.org/release") -
maven { url "https://maven.springframework.org/release" -
url 'https://repo.spring.io/snapshot/' -
url('https://repo.spring.io/snapshot/')
the customer input is:
publishing {
repositories {
maven {
uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = "USERNAME"
password = "PASSWORD"
}
}
}
}
in code, only case 7 could have caught this.
here it is: https://github.com/renovatebot/renovate/blob/ca157938580bd4160f5385cb32c03ee7cfbffaa9/lib/modules/manager/gradle/parser.ts#L719-L730
:tada: This issue has been resolved in version 34.32.1 :tada:
The release is available on:
- GitHub release
-
34.32.1
Your semantic-release bot :package::rocket:
