mirror of https://github.com/renovatebot/renovate
184 lines
5.7 KiB
TypeScript
184 lines
5.7 KiB
TypeScript
import {
|
|
CONFIG_SECRETS_INVALID,
|
|
CONFIG_VALIDATION,
|
|
} from '../constants/error-messages';
|
|
import { getConfig } from './defaults';
|
|
import { applySecretsToConfig, validateConfigSecrets } from './secrets';
|
|
|
|
describe('config/secrets', () => {
|
|
describe('validateConfigSecrets(config)', () => {
|
|
it('works with default config', () => {
|
|
expect(() => validateConfigSecrets(getConfig())).not.toThrow();
|
|
});
|
|
|
|
it('returns if no secrets', () => {
|
|
expect(validateConfigSecrets({})).toBeUndefined();
|
|
});
|
|
|
|
it('throws if secrets is not an object', () => {
|
|
expect(() => validateConfigSecrets({ secrets: 'hello' } as any)).toThrow(
|
|
CONFIG_SECRETS_INVALID,
|
|
);
|
|
});
|
|
|
|
it('throws for invalid secret names', () => {
|
|
expect(() =>
|
|
validateConfigSecrets({ secrets: { '123': 'abc' } }),
|
|
).toThrow(CONFIG_SECRETS_INVALID);
|
|
});
|
|
|
|
it('throws for non-string secret', () => {
|
|
expect(() =>
|
|
validateConfigSecrets({ secrets: { abc: 123 } } as any),
|
|
).toThrow(CONFIG_SECRETS_INVALID);
|
|
});
|
|
|
|
it('throws for secrets inside repositories', () => {
|
|
expect(() =>
|
|
validateConfigSecrets({
|
|
repositories: [
|
|
{ repository: 'abc/def', secrets: { abc: 123 } },
|
|
] as any,
|
|
}),
|
|
).toThrow(CONFIG_SECRETS_INVALID);
|
|
});
|
|
});
|
|
|
|
describe('applySecretsToConfig(config)', () => {
|
|
it('works with default config', () => {
|
|
expect(() => applySecretsToConfig(getConfig())).not.toThrow();
|
|
});
|
|
|
|
it('throws if disallowed field is used', () => {
|
|
const config = {
|
|
prTitle: '{{ secrets.ARTIFACTORY_TOKEN }}',
|
|
secrets: {
|
|
ARTIFACTORY_TOKEN: '123test==',
|
|
},
|
|
};
|
|
expect(() => applySecretsToConfig(config)).toThrow(CONFIG_VALIDATION);
|
|
});
|
|
|
|
it('throws if an unknown secret is used', () => {
|
|
const config = {
|
|
npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}',
|
|
};
|
|
expect(() => applySecretsToConfig(config)).toThrow(CONFIG_VALIDATION);
|
|
});
|
|
|
|
it('replaces secrets in the top level', () => {
|
|
const config = {
|
|
secrets: { ARTIFACTORY_TOKEN: '123test==' },
|
|
npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}',
|
|
};
|
|
const res = applySecretsToConfig(config);
|
|
expect(res).toStrictEqual({
|
|
npmToken: '123test==',
|
|
});
|
|
expect(Object.keys(res)).not.toContain('secrets');
|
|
});
|
|
|
|
it('replaces secrets in a subobject', () => {
|
|
const config = {
|
|
secrets: { ARTIFACTORY_TOKEN: '123test==' },
|
|
npm: { npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}' },
|
|
};
|
|
const res = applySecretsToConfig(config);
|
|
expect(res).toStrictEqual({
|
|
npm: {
|
|
npmToken: '123test==',
|
|
},
|
|
});
|
|
expect(Object.keys(res)).not.toContain('secrets');
|
|
});
|
|
|
|
it('replaces secrets in a array of objects', () => {
|
|
const config = {
|
|
secrets: { ARTIFACTORY_TOKEN: '123test==' },
|
|
hostRules: [
|
|
{ hostType: 'npm', token: '{{ secrets.ARTIFACTORY_TOKEN }}' },
|
|
],
|
|
};
|
|
const res = applySecretsToConfig(config);
|
|
expect(res).toStrictEqual({
|
|
hostRules: [{ hostType: 'npm', token: '123test==' }],
|
|
});
|
|
expect(Object.keys(res)).not.toContain('secrets');
|
|
});
|
|
|
|
it('replaces secrets in a array of strings', () => {
|
|
const config = {
|
|
secrets: { SECRET_MANAGER: 'npm' },
|
|
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
|
|
};
|
|
const res = applySecretsToConfig(config);
|
|
expect(res).toStrictEqual({
|
|
allowedManagers: ['npm'],
|
|
});
|
|
expect(Object.keys(res)).not.toContain('secrets');
|
|
});
|
|
|
|
it('replaces secrets in a array of objects without deleting them', () => {
|
|
const config = {
|
|
secrets: { ARTIFACTORY_TOKEN: '123test==' },
|
|
hostRules: [
|
|
{ hostType: 'npm', token: '{{ secrets.ARTIFACTORY_TOKEN }}' },
|
|
],
|
|
};
|
|
const res = applySecretsToConfig(config, config.secrets, false);
|
|
expect(res).toStrictEqual({
|
|
secrets: { ARTIFACTORY_TOKEN: '123test==' },
|
|
hostRules: [{ hostType: 'npm', token: '123test==' }],
|
|
});
|
|
expect(Object.keys(res)).toContain('secrets');
|
|
});
|
|
|
|
it('replaces secrets in a array of strings without deleting them', () => {
|
|
const config = {
|
|
secrets: { SECRET_MANAGER: 'npm' },
|
|
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
|
|
};
|
|
const res = applySecretsToConfig(config, config.secrets, false);
|
|
expect(res).toStrictEqual({
|
|
secrets: { SECRET_MANAGER: 'npm' },
|
|
allowedManagers: ['npm'],
|
|
});
|
|
expect(Object.keys(res)).toContain('secrets');
|
|
});
|
|
|
|
it('{} as secrets will result in an error', () => {
|
|
const config = {
|
|
secrets: { SECRET_MANAGER: 'npm' },
|
|
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
|
|
};
|
|
expect(() => applySecretsToConfig(config, {}, false)).toThrow(
|
|
CONFIG_VALIDATION,
|
|
);
|
|
});
|
|
|
|
it('undefined as secrets will result replace the secret', () => {
|
|
const config = {
|
|
secrets: { SECRET_MANAGER: 'npm' },
|
|
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
|
|
};
|
|
const res = applySecretsToConfig(config, undefined, false);
|
|
expect(res).toStrictEqual({
|
|
secrets: { SECRET_MANAGER: 'npm' },
|
|
allowedManagers: ['npm'],
|
|
});
|
|
expect(Object.keys(res)).toContain('secrets');
|
|
});
|
|
|
|
it('null as secrets will result in an error', () => {
|
|
const config = {
|
|
secrets: { SECRET_MANAGER: 'npm' },
|
|
allowedManagers: ['{{ secrets.SECRET_MANAGER }}'],
|
|
};
|
|
// TODO fix me? #22198
|
|
expect(() => applySecretsToConfig(config, null as never, false)).toThrow(
|
|
CONFIG_VALIDATION,
|
|
);
|
|
});
|
|
});
|
|
});
|