Renovate: How to clone private repository with composer
Which Renovate are you using?
WhiteSource Renovate App
Which platform are you using?
GitHub.com
Have you checked the logs? Don't forget to include them if relevant
Yes. They contain more or less the same info as below.
What would you like to do?
We configured Renovate for a PHP/Composer project which contains packages from a private GitHub repository.
Renovate can't run composer to update the lockfile, as composer can't clone the private repository.
This is the full comment on the Renovate PR:
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.♻️ Renovate will retry this branch, including artifacts, only when one of the following happens:
any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you check the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:File name: composer.lock
Command failed: docker run --rm -v "/mnt/renovate/gh/[redacted]":"/mnt/renovate/gh/[redacted]" -v "/tmp/renovate-cache":"/tmp/renovate-cache" -e COMPOSER_CACHE_DIR -w "/mnt/renovate/gh/[redacted]" renovate/composer bash -l -c "composer update [list of package names, redacted] --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader"
Loading composer repositories with package information
������������������������������������������������������Reading composer.json of [list goes on and on, redacted][RuntimeException]
Failed to execute git clone --mirror 'https://redacted:*@github.com/[redacted].git' >'/tmp/renovate-cache/others/composer/vcs/git-github.com-[redacted].git/'Cloning into bare repository '/tmp/renovate-cache/others/composer/vcs/git-github.com-[redacted].git'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://redacted:*@github.com/[redacted].git/'update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom->installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [-->with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap->authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|-->interactive] [--root-reqs] [--] [
]...
Our composer.json contains this fragment:
"repositories": [
{
"name": "[redacted]",
"type": "git",
"url": "[email protected]:[redacted].git"
}
],
"require": {
"[redacted]": "^3.0",
// ...
}
Note: added the name as suggested by https://github.com/renovatebot/renovate/issues/4924, which didn't seem to change the error.
Note: I tried pinning the dependency in the require object, also without luck.
Renovate has been granted access (through the GitHub app) to the private dependency referenced in the repositories field.
The renovate.json contains:
{
"extends": [
"config:base"
],
"ignoreDeps": ["[redacted]"]
}
However, adding the ignoreDeps didn't seem to change the error either.
Is this use-case supported, and if so, how can I configure Renovate so composer can read private repositories?
hongaar
All 22 comments
As the error states, renovate / composer has no access to the repo.
Can you please provide some more debug log from the renovate dashboard. You can find the link in pr footer.
viceice
on 27 Feb 2020
@viceice not sure what is relevant to you, so simply copy-pasting a full redacted log from the dashboard here. I trimmed all our public (non-failing) dependencies, and kept references to the failing private dependency.
Let me know if you need anything else.
full log
INFO: Repository started
{
"renovateVersion": "19.148.2"
}
DEBUG: Using localDir: /mnt/renovate/gh/[redacted]
DEBUG: initRepo("[redacted]")
DEBUG: [redacted] owner = exivity
DEBUG: [redacted] default branch = develop
DEBUG: Using app token for git init
DEBUG: Initializing git repository into /mnt/renovate/gh/[redacted]
DEBUG: git clone completed
{
"seconds": 1.2
}
DEBUG: latest commit
{
"latestCommitDate": "2020-02-26 20:44:01 +0100"
}
DEBUG: Git private key configured, but not being set
DEBUG: Setting git author
{
"gitAuthor": {
"name": "Renovate Bot",
"email": "[email protected]"
}
}
DEBUG: resetMemCache()
DEBUG: detectSemanticCommits()
DEBUG: getCommitMessages
DEBUG: Semantic commits detection: angular
DEBUG: angular semantic commits detected
DEBUG: checkOnboarding()
DEBUG: isOnboarded()
DEBUG: findFile(renovate.json)
DEBUG: config file exists
DEBUG: ensureIssueClosing(Action required: Add a Renovate config)
DEBUG: Retrieving issueList
DEBUG: Retrieved 0 issues
DEBUG: Repo is onboarded
DEBUG: Found renovate.json config file
DEBUG: Repository config
{
"configFile": "renovate.json",
"config": {
"extends": [
"config:base"
],
"ignoreDeps": [
"[private github repo, redacted]"
]
}
}
DEBUG: migrateAndValidate()
DEBUG: No config migration necessary
DEBUG: massaged config
{
"config": {
"extends": [
"config:base"
],
"ignoreDeps": [
"[private github repo, redacted]"
]
}
}
DEBUG: migrated config
{
"config": {
"extends": [
"config:base"
],
"ignoreDeps": [
"[private github repo, redacted]"
]
}
}
DEBUG: Found repo ignorePaths
{
"ignorePaths": [
"**/node_modules/**",
"**/bower_components/**",
"**/vendor/**",
"**/examples/**",
"**/__tests__/**",
"**/test/**",
"**/tests/**"
]
}
DEBUG: checkBaseBranch()
DEBUG: config.repoIsOnboarded=true
DEBUG: Setting baseBranch to develop
DEBUG: latest commit
{
"branchName": "develop",
"latestCommitDate": "2020-02-26 20:44:01 +0100"
}
DEBUG: Setting branchPrefix: renovate/
DEBUG: No vulnerability alerts found
DEBUG: processRepo()
DEBUG: No baseBranches
DEBUG: extractAndUpdate()
DEBUG: Using file match: (^|/)tasks/[^/]+\.ya?ml$ for manager ansible
DEBUG: Using file match: (^|/)requirements.ya?ml$ for manager ansible-galaxy
DEBUG: Using file match: (^|/)WORKSPACE$ for manager bazel
DEBUG: Using file match: \.bzl$ for manager bazel
DEBUG: Using file match: buildkite\.ya?ml for manager buildkite
DEBUG: Using file match: \.buildkite/.+\.ya?ml$ for manager buildkite
DEBUG: Using file match: (^|/)Gemfile$ for manager bundler
DEBUG: cargo is disabled
DEBUG: Using file match: (^|/).circleci/config.yml$ for manager circleci
DEBUG: Using file match: (^|/)([\w-]*)composer.json$ for manager composer
DEBUG: Matched 1 file(s) for manager composer: composer.json
DEBUG: Found composer lock file(packageFile="composer.json")
DEBUG: Found composer package files
DEBUG: Using file match: (^|/)deps\.edn$ for manager deps-edn
DEBUG: Using file match: (^|/)docker-compose[^/]*\.ya?ml$ for manager docker-compose
DEBUG: Using file match: (^|/)Dockerfile$ for manager dockerfile
DEBUG: Using file match: (^|/)Dockerfile\.[^/]*$ for manager dockerfile
DEBUG: Using file match: (^|/).drone.yml$ for manager droneci
DEBUG: git-submodules is disabled
DEBUG: github-actions is disabled
DEBUG: Using file match: ^\.gitlab-ci\.yml$ for manager gitlabci
DEBUG: Using file match: ^\.gitlab-ci\.yml$ for manager gitlabci-include
DEBUG: Using file match: (^|/)go.mod$ for manager gomod
DEBUG: Using file match: \.gradle(\.kts)?$ for manager gradle
DEBUG: Using file match: (^|/)gradle.properties$ for manager gradle
DEBUG: Using file match: (^|/)gradle/wrapper/gradle-wrapper.properties$ for manager gradle-wrapper
DEBUG: Using file match: (^|/)requirements.yaml$ for manager helm-requirements
DEBUG: Using file match: (^|/)values.yaml$ for manager helm-values
DEBUG: Using file match: (^|/)helmfile.yaml$ for manager helmfile
DEBUG: Using file match: ^Formula/[^/]+[.]rb$ for manager homebrew
DEBUG: Using file match: \.html?$ for manager html
DEBUG: Matched 2 file(s) for manager html: resources/views/error.html, resources/views/home.html
DEBUG: Found html package files
DEBUG: Using file match: (^|/)project\.clj$ for manager leiningen
DEBUG: Using file match: \.pom\.xml$ for manager maven
DEBUG: Using file match: (^|/)pom\.xml$ for manager maven
DEBUG: Using file match: (^|/)package.js$ for manager meteor
DEBUG: Using file match: (^|/)mix\.exs$ for manager mix
DEBUG: Using file match: (^|/)package.json$ for manager npm
DEBUG: Using file match: \.(?:cs|fs|vb)proj$ for manager nuget
DEBUG: Using file match: ^.nvmrc$ for manager nvm
DEBUG: Using file match: (^|/)([\w-]*)requirements.(txt|pip)$ for manager pip_requirements
DEBUG: Using file match: (^|/)setup.py$ for manager pip_setup
DEBUG: pipenv is disabled
DEBUG: Using file match: (^|/)pyproject\.toml$ for manager poetry
DEBUG: Using file match: (^|/)pubspec\.ya?ml$ for manager pub
DEBUG: Using file match: (^|/)\.ruby-version$ for manager ruby-version
DEBUG: Using file match: \.sbt$ for manager sbt
DEBUG: Using file match: project/[^/]*.scala$ for manager sbt
DEBUG: Using file match: (^|/)Package\.swift for manager swift
DEBUG: Using file match: \.tf$ for manager terraform
DEBUG: Using file match: ^.travis.yml$ for manager travis
DEBUG: Found 3 package file(s)
DEBUG: manager.fetchUpdates()
DEBUG: Dependency is ignored ([private github repo, redacted])(dependency="[private github repo, redacted]")
DEBUG: Error looking up tags in https://github.com/hongaar/fractal.git
DEBUG: Failed to look up dependency league/fractal (league/fractal)(packageFile="composer.json", dependency="league/fractal")
DEBUG: packageFiles with updates
{
"config": {
"composer": [
{
"packageFile": "composer.json",
"manager": "composer",
"deps": [
[dependency list redacted]
{
"depType": "require",
"depName": "[private github repo, redacted]",
"currentValue": "3.0.3",
"datasource": "git-tags",
"lookupName": "[email protected]:[private github repo, redacted].git",
"lockedVersion": "3.0.3",
"updates": [],
"skipReason": "ignored"
},
[dependency list redacted]
],
"registryUrls": [
"https://packagist.org"
],
"managerData": {
"composerJsonType": "project"
}
}
],
"html": [
[redacted]
]
}
}
DEBUG: branchifyUpgrades
DEBUG: 44 flattened updates found: [dependency list redacted]
DEBUG: Using group branchName template
[dependency list redacted]
DEBUG: Returning 13 branch(es)
DEBUG: generateBranchConfig(30)(branch="renovate/pin-dependencies")
DEBUG: hasGroupName: true(branch="renovate/pin-dependencies")
DEBUG: groupEligible: true(branch="renovate/pin-dependencies")
DEBUG: useGroupSettings: true(branch="renovate/pin-dependencies")
[dependency list redacted]
DEBUG: config.repoIsOnboarded=true
DEBUG: Processing 13 branches: [dependency list redacted]
[dependency list redacted]
DEBUG: Calculating hourly PRs remaining
DEBUG: Retrieving PR list
DEBUG: Retrieved 111 Pull Requests
DEBUG: currentHourStart=1582797600000
DEBUG: PR hourly limit remaining: 2
DEBUG: Enforcing prConcurrentLimit (20)
DEBUG: 1 PRs are currently open
DEBUG: PR concurrent limit remaining: 19
DEBUG: processBranch with 30 upgrades(branch="renovate/pin-dependencies")
DEBUG: Setting baseBranch to develop(branch="renovate/pin-dependencies")
DEBUG: latest commit(branch="renovate/pin-dependencies")
{
"branchName": "develop",
"latestCommitDate": "2020-02-26 20:44:01 +0100"
}
DEBUG: getBranchPr(renovate/pin-dependencies)(branch="renovate/pin-dependencies")
DEBUG: findPr(renovate/pin-dependencies, undefined, open)(branch="renovate/pin-dependencies")
DEBUG: Found PR renovatebot/config-help#110(branch="renovate/pin-dependencies")
DEBUG: Returning from graphql open PR list(branch="renovate/pin-dependencies")
DEBUG: branchExists=true(branch="renovate/pin-dependencies")
DEBUG: Branch pr rebase requested: true(branch="renovate/pin-dependencies")
DEBUG: Branch has 30 upgrade(s)(branch="renovate/pin-dependencies")
DEBUG: Checking if PR has been edited(branch="renovate/pin-dependencies")
DEBUG: Found existing branch PR(branch="renovate/pin-dependencies")
DEBUG: Checking schedule(at any time, null)(branch="renovate/pin-dependencies")
DEBUG: No schedule defined(branch="renovate/pin-dependencies")
DEBUG: Branch already exists(branch="renovate/pin-dependencies")
DEBUG: getBranchPr(renovate/pin-dependencies)(branch="renovate/pin-dependencies")
DEBUG: findPr(renovate/pin-dependencies, undefined, open)(branch="renovate/pin-dependencies")
DEBUG: Found PR renovatebot/config-help#110(branch="renovate/pin-dependencies")
DEBUG: Returning from graphql open PR list(branch="renovate/pin-dependencies")
DEBUG: Manual rebase requested via PR checkbox for renovatebot/config-help#110(branch="renovate/pin-dependencies")
DEBUG: Using parentBranch: undefined(branch="renovate/pin-dependencies")
DEBUG: manager.getUpdatedPackageFiles()(branch="renovate/pin-dependencies")
[dependency list redacted]
DEBUG: Updating packageFile content(branch="renovate/pin-dependencies")
DEBUG: composer.updateArtifacts(composer.json)(branch="renovate/pin-dependencies")
DEBUG: Using composer cache /tmp/renovate-cache/others/composer(branch="renovate/pin-dependencies")
DEBUG: No packagist auth found for https://packagist.org(branch="renovate/pin-dependencies")
DEBUG: composer command(branch="renovate/pin-dependencies")
{
"cmd": "composer",
"args": "update [dependency list redacted] --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader"
}
DEBUG: Using docker to execute(branch="renovate/pin-dependencies")
DEBUG: Fetching Docker image: renovate/composer(branch="renovate/pin-dependencies")
DEBUG: Failed to generate composer.lock(branch="renovate/pin-dependencies")
{
"err": {
"killed": false,
"code": 1,
"signal": null,
"cmd": "docker run --rm -v \"/mnt/renovate/gh/[redacted]\":\"/mnt/renovate/gh/[redacted]\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e COMPOSER_CACHE_DIR -w \"/mnt/renovate/gh/[redacted]\" renovate/composer bash -l -c \"composer update [dependency list redacted] --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader\"",
"stdout": "",
"stderr": "Loading composer repositories with package information\n[trimmed]\n [RuntimeException] \n Failed to execute git clone --mirror 'https://**redacted**@github.com/[private github repo, redacted].git' '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git/' \n \n Cloning into bare repository '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git'... \n remote: Invalid username or password. \n fatal: Authentication failed for 'https://**redacted**@github.com/[private github repo, redacted].git/' \n \n\nupdate [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] []...\n\n",
"message": "Command failed: docker run --rm -v \"/mnt/renovate/gh/[redacted]\":\"/mnt/renovate/gh/[redacted]\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e COMPOSER_CACHE_DIR -w \"/mnt/renovate/gh/[redacted]\" renovate/composer bash -l -c \"composer update [dependency list redacted] --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader\"\nLoading composer repositories with package information\n[trimmed]\n [RuntimeException] \n Failed to execute git clone --mirror 'https://**redacted**@github.com/[private github repo, redacted].git' '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git/' \n \n Cloning into bare repository '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git'... \n remote: Invalid username or password. \n fatal: Authentication failed for 'https://**redacted**@github.com/[private github repo, redacted].git/' \n \n\nupdate [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] []...\n\n",
"stack": "Error: Command failed: docker run --rm -v \"/mnt/renovate/gh/[redacted]\":\"/mnt/renovate/gh/[redacted]\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e COMPOSER_CACHE_DIR -w \"/mnt/renovate/gh/[redacted]\" renovate/composer bash -l -c \"composer update [dependency list redacted] --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader\"\nLoading composer repositories with package information\n[trimmed]\n [RuntimeException] \n Failed to execute git clone --mirror 'https://**redacted**@github.com/[private github repo, redacted].git' '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git/' \n \n Cloning into bare repository '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git'... \n remote: Invalid username or password. \n fatal: Authentication failed for 'https://**redacted**@github.com/[private github repo, redacted].git/' \n \n\nupdate [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] []...\n\n\n at ChildProcess.exithandler (child_process.js:295:12)\n at ChildProcess.emit (events.js:210:5)\n at ChildProcess.EventEmitter.emit (domain.js:476:20)\n at maybeClose (internal/child_process.js:1021:16)\n at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)"
}
}
DEBUG: Updated 1 package files(branch="renovate/pin-dependencies")
DEBUG: No updated lock files in branch(branch="renovate/pin-dependencies")
DEBUG: PR has no releaseTimestamp(branch="renovate/pin-dependencies")
DEBUG: 1 file(s) to commit(branch="renovate/pin-dependencies")
DEBUG: Committing files to branch renovate/pin-dependencies(branch="renovate/pin-dependencies")
DEBUG: No file changes detected. Skipping commit(branch="renovate/pin-dependencies")
{
"branchName": "renovate/pin-dependencies",
"fileNames": [
"composer.json"
]
}
DEBUG: Checking if we can automerge branch(branch="renovate/pin-dependencies")
DEBUG: mergeStatus=no automerge(branch="renovate/pin-dependencies")
DEBUG: Ensuring PR(branch="renovate/pin-dependencies")
DEBUG: There are 0 errors and 0 warnings(branch="renovate/pin-dependencies")
DEBUG: getBranchPr(renovate/pin-dependencies)(branch="renovate/pin-dependencies")
DEBUG: findPr(renovate/pin-dependencies, undefined, open)(branch="renovate/pin-dependencies")
DEBUG: Found PR renovatebot/config-help#110(branch="renovate/pin-dependencies")
DEBUG: Returning from graphql open PR list(branch="renovate/pin-dependencies")
DEBUG: Found existing PR(branch="renovate/pin-dependencies")
DEBUG: Forcing PR because of artifact errors(branch="renovate/pin-dependencies")
DEBUG: Processing existing PR(branch="renovate/pin-dependencies")
DEBUG: PR body changed(branch="renovate/pin-dependencies")
{
"prTitle": "chore(deps): pin dependencies",
"oldPrBody": "[trimmed]",
"newPrBody": "[trimmed]"
}
DEBUG: updatePr(110, chore(deps): pin dependencies, body)(branch="renovate/pin-dependencies")
DEBUG: PR updated(branch="renovate/pin-dependencies")
{
"pr": 110
}
INFO: PR updated(branch="renovate/pin-dependencies")
{
"pr": 110,
"prTitle": "chore(deps): pin dependencies"
}
WARN: artifactErrors(branch="renovate/pin-dependencies")
{
"artifactErrors": [
{
"lockFile": "composer.lock",
"stderr": "Command failed: docker run --rm -v \"/mnt/renovate/gh/[redacted]\":\"/mnt/renovate/gh/[redacted]\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e COMPOSER_CACHE_DIR -w \"/mnt/renovate/gh/[redacted]\" renovate/composer bash -l -c \"composer update [dependency list redacted] --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader\"\nLoading composer repositories with package information\n[trimmed]\n [RuntimeException] \n Failed to execute git clone --mirror 'https://**redacted**:***@github.com/[private github repo, redacted].git' '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git/' \n \n Cloning into bare repository '/tmp/renovate-cache/others/composer/vcs/git-github.com-[private github repo, redacted].git'... \n remote: Invalid username or password. \n fatal: Authentication failed for 'https://**redacted**:***@github.com/[private github repo, redacted].git/' \n \n\nupdate [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] []...\n\n"
}
]
}
DEBUG: Retrieved closed PR list with graphql(branch="renovate/pin-dependencies")
{
"prNumbers": [
[trimmed]
]
}
DEBUG: Getting comments for renovatebot/config-help#110(branch="renovate/pin-dependencies")
DEBUG: Found 1 comments(branch="renovate/pin-dependencies")
DEBUG: Ensuring comment ":warning: Artifact update problem" in renovatebot/config-help#110(branch="renovate/pin-dependencies")
DEBUG: Comment is already update-to-date(branch="renovate/pin-dependencies")
DEBUG: Ensuring comment ":warning: Lock file problem" in renovatebot/config-help#110 is removed(branch="renovate/pin-dependencies")
DEBUG: Getting comments for renovatebot/config-help#110(branch="renovate/pin-dependencies")
DEBUG: Found 1 comments(branch="renovate/pin-dependencies")
DEBUG: branchPrefix: renovate/
DEBUG: Found 0 Renovate PRs
{
"renovatePrs": []
}
DEBUG: Removing any stale branches
DEBUG: config.repoIsOnboarded=true
DEBUG: Branch lists
{
"branchList": [
"renovate/pin-dependencies",
[dependency list redacted]
],
"renovateBranches": [
"renovate/pin-dependencies"
]
}
DEBUG: remainingBranches=
DEBUG: No branches to clean up
DEBUG: ensureIssueClosing(Action Required: Fix Renovate Configuration)
INFO: Repository finished
@hongaar is it possible for you to reproduce this in a way that we can run debug against? I think:
- Create a simple private composer repository A in your personal account
- Create a simple public composer repository B in your personal account that depends on A
- Install Renovate into both, and verify that the artifact update fails when B needs a PR
- Then, make A public too and send us the links to both
I'm not sure that you need A to have multiple releases or not - you might just need one other normal dependency in B to need updating in order to trigger a PR and the subsequent failure.
rarkins
on 27 Feb 2020
@rarkins why renovate tries to pin the ignored dependency?
viceice
on 27 Feb 2020
@rarkins why renovate tries to pin the ignored dependency?
It's not necessarily, hence why I want to see a reproduction. I might be pinning one dependency but it's a totally different github one that fails in artifacts.
rarkins
on 27 Feb 2020
This issue has been automatically marked as stale because it has not had recent activity. It will be closed soon if no further activity occurs.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 1 Mar 2020
Triggered by a trigger-happy stale bot 😉
@rarkins
Created two repositories as suggested, keeping them as minimal as I could and made sure to include the same mechanism for requiring a private repository as in the original case.
- Private 'library' repo: https://github.com/hongaar/renovate-test-private (now public)
- Public 'project' repo: https://github.com/hongaar/renovate-test-public
- Installed Renovate on both repo's
- Merged the onboarding PR in the public repo (https://github.com/hongaar/renovate-test-public/pull/1)
- This triggered a new renovate job with the exact same error signature as original case:
- Job log (from dashboard): https://app.renovatebot.com/dashboard#github/hongaar/renovate-test-public/147371447
- Associated PR: https://github.com/hongaar/renovate-test-public/pull/2
I've invited you as a collaborator to both repositories, if you need it.
Hope this helps! Let me know if you need anything else.
hongaar
on 1 Mar 2020
I have the exact same issue, with the difference that we use bitbucket server and not github. We actually have an auth.json file (https://getcomposer.org/doc/articles/http-basic-authentication.md) next to composer.json, but this file does not seem to be picked up when renovate bot runs.
The file though usually works, because otherwise our producton servers wouldn't be able to connect to our private git server.
{
"http-basic": {
"git.xxx.xxx": {
"username": "composer",
"password": "abcdefghijklmnopq"
}
},
"github-oauth": {
"github.com": "1234567890"
}
}
danez
on 5 Mar 2020
If I understand the code correctly it looks like it creates it's own auth.json file here: https://github.com/renovatebot/renovate/blob/master/lib/manager/composer/artifacts.ts#L101
Would you accept a PR that instead of overwritting the file, merges it with whatever is already there?
danez
on 5 Mar 2020
Would you accept a PR that instead of overwritting the file, merges it with whatever is already there?
Absolutely!
rarkins
on 5 Mar 2020
For private repos, can release versions be obtained from Github tags? For now I can't figure out if we should rely on tags/branches. Or maybe, there should be some Composer-specific declarations?
zharinov
on 4 Jul 2020
@hongaar we've been testing a scenario today similar to how you originally described, and it now works. Both repos are private to properly replicate it, but the one that was previously failing but now working looks like this:
{
"name": "test",
"description": "",
"repositories": [
{
"name": "zharinov/renovate-composer-dep",
"type": "vcs",
"url": "[email protected]:zharinov/renovate-composer-dep.git"
}
],
"require": {
"zharinov/renovate-composer-dep": "1.0.2",
"justinrainbow/json-schema": "5.2.8"
}
}
Now, a PR to update json-schema works, without Composer complaining that it can't access the github-hosted dep.
Are you able to verify your original use case?
rarkins
on 25 Aug 2020
@rarkins Thanks for looking into this.
I'm still getting an error unfortunately:
[RuntimeException]
Failed to execute git clone --mirror 'https://**redacted**:***@github.com/exivity/octopus.git' '/tmp/renovate-cache/others/composer/vcs/git-github.com-exivity-octopus.git/'
Cloning into bare repository '/tmp/renovate-cache/others/composer/vcs/git-github.com-exivity-octopus.git'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/exivity/octopus.git/'
The relevant sections in composer.json:
{
"repositories": [
{
"name": "exivity/octopus",
"type": "git",
"url": "[email protected]:exivity/octopus.git"
}
],
"require": {
"exivity/octopus": "^4.0"
}
}
We have validated an almost identical scenario as working:
{
"name": "test",
"description": "",
"repositories": [
{
"name": "zharinov/renovate-composer-dep",
"type": "vcs",
"url": "[email protected]:zharinov/renovate-composer-dep.git"
}
],
"require": {
"zharinov/renovate-composer-dep": "1.0.2",
"justinrainbow/json-schema": "5.2.8"
}
}
I don't know if the git/vcs makes a difference. Also, do these two repos fall under the same org, and they're both private?
rarkins
on 28 Aug 2020
I don't know if the git/vcs makes a difference.
Will test now.
Also, do these two repos fall under the same org, and they're both private?
That's correct.
hongaar
on 28 Aug 2020
Also, both repos need to have Renovate installed, otherwise it has no authorisation to access the second one
rarkins
on 28 Aug 2020
@rarkins changing git to vcs seems to have fixed the problem! 🎉
Problem solved for us, but maybe others will run into this as well. The vcs is a catch-all type and can be narrowed down by the user. These are valid sub-types (don't know how they translate to renovate's internal logic):
git-bitbucket, hg-bitbucket, github, gitlab, perforce, fossil, git, svn, hg
hongaar
on 28 Aug 2020
Lowering this to normal priority. @zharinov can you try to work out if it's something we're doing differently, or is it Composer? e.g. if it's vcs does it auto-detect that it's github and use the github oauth we provide it, while if it's git then it does not? and if the latter, is there some other auth field we should put our github token so that it does work?
rarkins
on 28 Aug 2020
I am facing the same auth issue as stated above while trying to use private repo as composer dependency. I am running Renovate using official Github Action v23.40.0 and the access rights seems ok, since if I define the same repository in renovate.json the Renovate manages to run in the same (private) dependency repo as I try to require with composer - only composer fails to access:
DEBUG: Datasource unknown error (repository=[org]/[reponame])
"datasource": "git-tags",
"lookupName": "[email protected]:[org]/[reponame].git",
"err": {
"task": {
"commands": [
"ls-remote",
"[email protected]:[org]/[reponame].git"
],
"format": "utf-8"
},
"message": "Host key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n",
"stack": "Error: Host key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n\n at GitExecutorChain.onFatalException (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.ts:66:77)\n at GitExecutorChain.<anonymous> (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.ts:58:21)\n at Generator.throw (<anonymous>)\n at rejected (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.js:6:65)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (internal/process/task_queues.js:97:5)"
Any suggestions how to fix this? The problem persist even if using the Renovate App on Github.
(Org and reponames hidden).
@rarkins on which version did you make it work on your tests so that I could try the same version using Github Actions?
jaska120
on 4 Oct 2020
It won't work if the repo is accessed using git/ssh instead of https, because that requires an ssh key to work and neither the app or actions have ssh keys.
rarkins
on 4 Oct 2020
Thanks for the reply,
I understand the problem. However, on your example you have used [email protected] domain successfully (which will use ssh?).
I did try to use https protocol for the dependency but then I am getting error:
"message": "fatal: could not read Username for 'https://github.com': No such device or address\n",
Should I define username and password in renovate.json and inject those while running Action or how one could make composer use token instead of ssh or username password combo while requiring dep from Github?
jaska120
on 4 Oct 2020
The action's automatic token has only permissions for its own repo. To access another repo you'll need to use a PAT and add it with hostRules for hostName=api.gitHub.com and hostType=composer.
rarkins
on 4 Oct 2020
Related issues
ghost
·
3Comments
hutson
·
3Comments
kogai
·
3Comments
Flydiverny
·
4Comments
amilajack
·
3Comments