Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(poetry): support GCloud credentials for Google Artifact Registry when locking #32586

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat(poetry): support GCloud credentials for Google Artifact Registry when locking #32586

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
61e0ef2
feat(poetry): support GCloud credentials for Google Artifact Registry…
maxbrunet Nov 17, 2024
96630e2
Add an invalid URL to fixtures
maxbrunet Nov 17, 2024
9410925
Separate fixture for GAR
maxbrunet Nov 20, 2024
2320159
Log packageFileName
maxbrunet Nov 20, 2024
6e7248e
Inline fixture
maxbrunet Nov 22, 2024
d3dc8a1
Actually fix filename usage
maxbrunet Nov 29, 2024
109be0f
Adjust debug logs
maxbrunet Dec 18, 2024
b1b1635
typo
maxbrunet Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions lib/modules/manager/poetry/__fixtures__/pyproject.10.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,14 @@ url = "last.url"
[[tool.poetry.source]]
name = "five"

[[tool.poetry.source]]
name = "some-gar-repo"
url = "https://someregion-python.pkg.dev/some-project/some-repo/simple/"

[[tool.poetry.source]]
name = "invalid-url"
url = "invalid-url"

[build-system]
requires = ["poetry_core>=1.0", "wheel"]
build-backend = "poetry.masonry.api"
92 changes: 90 additions & 2 deletions lib/modules/manager/poetry/artifacts.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { codeBlock } from 'common-tags';
import { GoogleAuth as _googleAuth } from 'google-auth-library';
import { mockDeep } from 'jest-mock-extended';
import { join } from 'upath';
import { envMock, mockExecAll } from '../../../../test/exec-util';
Expand All @@ -20,11 +21,13 @@ jest.mock('../../../util/exec/env');
jest.mock('../../../util/fs');
jest.mock('../../datasource', () => mockDeep());
jest.mock('../../../util/host-rules', () => mockDeep());
jest.mock('google-auth-library');

process.env.CONTAINERBASE = 'true';

const datasource = mocked(_datasource);
const hostRules = mocked(_hostRules);
const googleAuth = mocked(_googleAuth);

const adminConfig: RepoGlobalConfig = {
localDir: join('/tmp/github/some/repo'),
Expand Down Expand Up @@ -181,6 +184,11 @@ describe('modules/manager/poetry/artifacts', () => {
hostRules.find.mockReturnValueOnce({ username: 'usernameTwo' });
hostRules.find.mockReturnValueOnce({});
hostRules.find.mockReturnValueOnce({ password: 'passwordFour' });
googleAuth.mockImplementationOnce(
jest.fn().mockImplementationOnce(() => ({
getAccessToken: jest.fn().mockResolvedValue('some-token'),
})),
);
const updatedDeps = [{ depName: 'dep1' }];
expect(
await updateArtifacts({
Expand All @@ -198,9 +206,89 @@ describe('modules/manager/poetry/artifacts', () => {
},
},
]);
expect(hostRules.find.mock.calls).toHaveLength(5);
expect(hostRules.find.mock.calls).toHaveLength(9);
expect(execSnapshots).toMatchObject([
{ cmd: 'poetry update --lock --no-interaction dep1' },
{
cmd: 'poetry update --lock --no-interaction dep1',
options: {
env: {
HOME: '/home/user',
HTTPS_PROXY: 'https://example.com',
HTTP_PROXY: 'http://example.com',
LANG: 'en_US.UTF-8',
LC_ALL: 'en_US',
NO_PROXY: 'localhost',
PATH: '/tmp/path',
POETRY_HTTP_BASIC_FOUR_OH_FOUR_PASSWORD: 'passwordFour',
POETRY_HTTP_BASIC_ONE_PASSWORD: 'passwordOne',
POETRY_HTTP_BASIC_ONE_USERNAME: 'usernameOne',
POETRY_HTTP_BASIC_TWO_USERNAME: 'usernameTwo',
POETRY_HTTP_BASIC_SOME_GAR_REPO_USERNAME: 'oauth2accesstoken',
POETRY_HTTP_BASIC_SOME_GAR_REPO_PASSWORD: 'some-token',
},
},
},
]);
});

it('continues if Google auth is not configured', async () => {
// poetry.lock
fs.getSiblingFileName.mockReturnValueOnce('poetry.lock');
fs.readLocalFile.mockResolvedValueOnce(null);
// pyproject.lock
fs.getSiblingFileName.mockReturnValueOnce('pyproject.lock');
fs.readLocalFile.mockResolvedValueOnce('[metadata]\n');
const execSnapshots = mockExecAll();
fs.readLocalFile.mockResolvedValueOnce('New poetry.lock');
hostRules.find.mockReturnValueOnce({
username: 'usernameOne',
password: 'passwordOne',
});
hostRules.find.mockReturnValueOnce({ username: 'usernameTwo' });
hostRules.find.mockReturnValueOnce({});
hostRules.find.mockReturnValueOnce({ password: 'passwordFour' });
googleAuth.mockImplementation(
jest.fn().mockImplementation(() => ({
getAccessToken: jest.fn().mockResolvedValue(undefined),
})),
);
const updatedDeps = [{ depName: 'dep1' }];
expect(
await updateArtifacts({
packageFileName: 'pyproject.toml',
updatedDeps,
newPackageFileContent: pyproject10toml,
maxbrunet marked this conversation as resolved.
Show resolved Hide resolved
config,
}),
).toEqual([
{
file: {
type: 'addition',
path: 'pyproject.lock',
contents: 'New poetry.lock',
},
},
]);
expect(hostRules.find.mock.calls).toHaveLength(9);
expect(execSnapshots).toMatchObject([
{
cmd: 'poetry update --lock --no-interaction dep1',
options: {
env: {
HOME: '/home/user',
HTTPS_PROXY: 'https://example.com',
HTTP_PROXY: 'http://example.com',
LANG: 'en_US.UTF-8',
LC_ALL: 'en_US',
NO_PROXY: 'localhost',
PATH: '/tmp/path',
POETRY_HTTP_BASIC_FOUR_OH_FOUR_PASSWORD: 'passwordFour',
POETRY_HTTP_BASIC_ONE_PASSWORD: 'passwordOne',
POETRY_HTTP_BASIC_ONE_USERNAME: 'usernameOne',
POETRY_HTTP_BASIC_TWO_USERNAME: 'usernameTwo',
},
},
},
]);
});

Expand Down
41 changes: 32 additions & 9 deletions lib/modules/manager/poetry/artifacts.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ import { find } from '../../../util/host-rules';
import { regEx } from '../../../util/regex';
import { Result } from '../../../util/result';
import { parse as parseToml } from '../../../util/toml';
import { parseUrl } from '../../../util/url';
import { PypiDatasource } from '../../datasource/pypi';
import { getGoogleAuthTokenRaw } from '../../datasource/util';
import type { UpdateArtifact, UpdateArtifactsResult } from '../types';
import { Lockfile, PoetrySchemaToml } from './schema';
import type { PoetryFile, PoetrySource } from './types';
Expand Down Expand Up @@ -92,7 +94,7 @@ export function getPoetryRequirement(
return null;
}

function getPoetrySources(content: string, fileName: string): PoetrySource[] {
maxbrunet marked this conversation as resolved.
Show resolved Hide resolved
function getPoetrySources(content: string): PoetrySource[] {
let pyprojectFile: PoetryFile;
try {
pyprojectFile = parseToml(content) as PoetryFile;
Expand All @@ -115,20 +117,41 @@ function getPoetrySources(content: string, fileName: string): PoetrySource[] {
return sourceArray;
}

function getMatchingHostRule(url: string | undefined): HostRule {
async function getMatchingHostRule(url: string | undefined): Promise<HostRule> {
const scopedMatch = find({ hostType: PypiDatasource.id, url });
return is.nonEmptyObject(scopedMatch) ? scopedMatch : find({ url });
const hostRule = is.nonEmptyObject(scopedMatch) ? scopedMatch : find({ url });
if (hostRule) {
return hostRule;
}

const parsedUrl = parseUrl(url);
if (!parsedUrl) {
logger.once.debug({ url }, 'Failed to parse URL');
maxbrunet marked this conversation as resolved.
Show resolved Hide resolved
return {};
}

if (parsedUrl.hostname.endsWith('.pkg.dev')) {
const accessToken = await getGoogleAuthTokenRaw();
if (accessToken) {
return {
username: 'oauth2accesstoken',
password: accessToken,
};
}
logger.once.debug({ url }, 'Could not get Google access token');
maxbrunet marked this conversation as resolved.
Show resolved Hide resolved
}

return {};
}

function getSourceCredentialVars(
async function getSourceCredentialVars(
pyprojectContent: string,
packageFileName: string,
): NodeJS.ProcessEnv {
const poetrySources = getPoetrySources(pyprojectContent, packageFileName);
): Promise<NodeJS.ProcessEnv> {
const poetrySources = getPoetrySources(pyprojectContent);
const envVars: NodeJS.ProcessEnv = {};

for (const source of poetrySources) {
const matchingHostRule = getMatchingHostRule(source.url);
const matchingHostRule = await getMatchingHostRule(source.url);
const formattedSourceName = source.name
.replace(regEx(/(\.|-)+/g), '_')
.toUpperCase();
Expand Down Expand Up @@ -192,7 +215,7 @@ export async function updateArtifacts({
config.constraints?.poetry ??
getPoetryRequirement(newPackageFileContent, existingLockFileContent);
const extraEnv = {
...getSourceCredentialVars(newPackageFileContent, packageFileName),
...(await getSourceCredentialVars(newPackageFileContent)),
...getGitEnvironmentVariables(['poetry']),
PIP_CACHE_DIR: await ensureCacheDir('pip'),
};
Expand Down