renovate
renovate copied to clipboard
Should ignore publishing registries repositories
How are you running Renovate?
Mend Renovate hosted app on github.com
If you're self-hosting Renovate, tell us what version of Renovate you run.
No response
Please select which platform you are using if self-hosting.
No response
If you're self-hosting Renovate, tell us what version of the platform you run.
No response
Was this something which used to work for you, and then stopped?
I never saw this working
Describe the bug
The bot uses registry urls from publishing config when trying to find updated dependencies. This is a config that is only used when publishing artifacts and is not supposed to be used when resolving dependencies.
An example of a config can look like this in a gradle file eg. build.gradle.kts
publishing {
repositories {
maven {
uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = "USERNAME"
password = "PASSWORD"
}
}
}
}
Example repository: https://github.com/JohNan/renovatebot-bugreport
Relevant debug logs
Logs
DEBUG: Looking up org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin in repository https://repo.maven.apache.org/maven2/
DEBUG: Found 6 new releases for org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin in repository https://repo.maven.apache.org/maven2/
DEBUG: Looking up org.jetbrains.kotlin.jvm:org.jetbrains.kotlin.jvm.gradle.plugin in repository https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/
DEBUG: Dependency lookup unauthorized. Please add authentication with a hostRule
{
"failedUrl": "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/org/jetbrains/kotlin/jvm/org.jetbrains.kotlin.jvm.gradle.plugin/maven-metadata.xml"
}
DEBUG: Content is not found for Maven url
{
"url": "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/org/jetbrains/kotlin/jvm/org.jetbrains.kotlin.jvm.gradle.plugin/maven-metadata.xml"
}
Have you created a minimal reproduction repository?
I have linked to a minimal reproduction repository in the bug description
reproduced, we are parsing it as part of our registry urls
"registryUrls": [
"https://repo.maven.apache.org/maven2",
"https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/",
"https://plugins.gradle.org/m2/"
],
Forked to https://github.com/renovate-reproductions/17067
Does it look like a quick fix, or needs some of our parsing rewritten?
we use tokenizer , i have no idea, the code is here i suppose: https://github.com/renovatebot/renovate/blob/e4dbd4ad491f656aaa7f9da9d4dae2c18622a1e6/lib/modules/manager/gradle/parser.ts#L281-L313
@zharinov do you recall if it's just checking for repositories.maven
at any level and that's why it swallows publishing.repositories.maven
?
the tokenizer is matching specific keywords for multiple cases,
check out the parser
looking at all cases of processCustomRegistryUrl
-
maven("https://repository.mycompany.com/m2/repository")
-
maven { name = "baz"; url = "https://maven.springframework.org/${name}" }
-
maven { url = "https://maven.springframework.org/release"
-
maven { url = uri("https://maven.springframework.org/release")
-
maven { url "https://maven.springframework.org/release"
-
url 'https://repo.spring.io/snapshot/'
-
url('https://repo.spring.io/snapshot/')
the customer input is:
publishing {
repositories {
maven {
uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = "USERNAME"
password = "PASSWORD"
}
}
}
}
in code, only case 7 could have caught this.
here it is: https://github.com/renovatebot/renovate/blob/ca157938580bd4160f5385cb32c03ee7cfbffaa9/lib/modules/manager/gradle/parser.ts#L719-L730
@PhilipAbed thanks for the analysis. Let's hand over to @zharinov
:tada: This issue has been resolved in version 34.32.1 :tada:
The release is available on:
- GitHub release
-
34.32.1
Your semantic-release bot :package::rocket: