From c9ab14b9ed0855933268f4711a75c85b198481c4 Mon Sep 17 00:00:00 2001 From: Rahul Gautam Singh Date: Mon, 7 Oct 2024 10:15:45 +0530 Subject: [PATCH 1/6] set npmToken in npmrc when not in encrypted --- lib/workers/repository/init/merge.spec.ts | 55 +++++++++++++++++++++++ lib/workers/repository/init/merge.ts | 37 +++++++++++++++ 2 files changed, 92 insertions(+) diff --git a/lib/workers/repository/init/merge.spec.ts b/lib/workers/repository/init/merge.spec.ts index 23e1a27d14534d..d1094b46752f2c 100644 --- a/lib/workers/repository/init/merge.spec.ts +++ b/lib/workers/repository/init/merge.spec.ts @@ -20,6 +20,7 @@ import { checkForRepoConfigError, detectRepoFileConfig, mergeRenovateConfig, + setNpmTokenInNpmrc, } from './merge'; jest.mock('../../../util/fs'); @@ -385,5 +386,59 @@ describe('workers/repository/init/merge', () => { }), ).toBeDefined(); }); + + it('sets npmToken to npmrc when it is not inside encrypted', async () => { + scm.getFileList.mockResolvedValue(['package.json', '.renovaterc.json']); + fs.readLocalFile.mockResolvedValue( + '{"npmToken": "{{ secrets.NPM_TOKEN }}", "npmrc": "something_authToken=${NPM_TOKEN}"}', + ); + migrateAndValidate.migrateAndValidate.mockResolvedValue({ + ...config, + npmToken: '{{ secrets.NPM_TOKEN }}', + npmrc: 'something_authToken=${NPM_TOKEN}', + warnings: [], + errors: [], + }); + migrate.migrateConfig.mockImplementation((c) => ({ + isMigrated: true, + migratedConfig: c, + })); + config.secrets = { + NPM_TOKEN: 'confidential', + }; + const res = await mergeRenovateConfig(config); + expect(res.npmrc).toBe('something_authToken=confidential'); + }); + }); + + describe('setNpmTokenInNpmrc', () => { + it('skips in no npmToken found', () => { + const config = {}; + setNpmTokenInNpmrc(config); + expect(config).toMatchObject({}); + }); + + it('adds default npmrc registry if it does not exist', () => { + const config = { npmToken: 'token' }; + setNpmTokenInNpmrc(config); + expect(config).toMatchObject({ + npmrc: '//registry.npmjs.org/:_authToken=token\n', + }); + }); + + it('adds npmToken at end of npmrc string if ${NPM_TOKEN} string not found', () => { + const config = { npmToken: 'token', npmrc: 'something\n' }; + setNpmTokenInNpmrc(config); + expect(config).toMatchObject({ npmrc: 'something\n_authToken=token\n' }); + }); + + it('replaces ${NPM_TOKEN} with npmToken value', () => { + const config = { + npmToken: 'token', + npmrc: 'something_auth=${NPM_TOKEN}\n', + }; + setNpmTokenInNpmrc(config); + expect(config).toMatchObject({ npmrc: 'something_auth=token\n' }); + }); }); }); diff --git a/lib/workers/repository/init/merge.ts b/lib/workers/repository/init/merge.ts index dd3683331f9047..ef53045085494c 100644 --- a/lib/workers/repository/init/merge.ts +++ b/lib/workers/repository/init/merge.ts @@ -23,6 +23,7 @@ import { readLocalFile } from '../../../util/fs'; import * as hostRules from '../../../util/host-rules'; import * as queue from '../../../util/http/queue'; import * as throttle from '../../../util/http/throttle'; +import { regEx } from '../../../util/regex'; import { getOnboardingConfig } from '../onboarding/branch/config'; import { getDefaultConfigFileName } from '../onboarding/branch/create'; import { @@ -216,6 +217,7 @@ export async function mergeRenovateConfig( const repository = config.repository!; // Decrypt before resolving in case we need npm authentication for any presets const decryptedConfig = await decryptConfig(migratedConfig, repository); + setNpmTokenInNpmrc(decryptedConfig); // istanbul ignore if if (is.string(decryptedConfig.npmrc)) { logger.debug('Found npmrc in decrypted config - setting'); @@ -237,6 +239,7 @@ export async function mergeRenovateConfig( logger.trace({ config: resolvedConfig }, 'resolved config after migrating'); resolvedConfig = migrationResult.migratedConfig; } + setNpmTokenInNpmrc(resolvedConfig); // istanbul ignore if if (is.string(resolvedConfig.npmrc)) { logger.debug( @@ -278,3 +281,37 @@ export async function mergeRenovateConfig( } return returnConfig; } + +// needed when using portal secrets for npmToken +export function setNpmTokenInNpmrc(config: RenovateConfig): void { + if (!is.string(config.npmToken)) { + return; + } + + const token = config.npmToken; + + if (!is.string(config.npmrc)) { + logger.debug('Adding npmrc to config'); + config.npmrc = `//registry.npmjs.org/:_authToken=${token}\n`; + delete config.npmToken; + return; + } + + /* eslint-disable no-template-curly-in-string */ + if (config.npmrc.includes('${NPM_TOKEN}')) { + logger.debug('Replacing ${NPM_TOKEN} with decrypted token'); + config.npmrc = config.npmrc.replace( + /* eslint-enable no-template-curly-in-string */ + regEx(/\${NPM_TOKEN}/g), + token, + ); + } else { + logger.debug('Appending _authToken= to end of existing npmrc'); + config.npmrc = config.npmrc.replace( + regEx(/\n?$/), + `\n_authToken=${token}\n`, + ); + } + + delete config.npmToken; +} From 60f4f54eabfe338399d66d474537aba10f59f8b3 Mon Sep 17 00:00:00 2001 From: Rahul Gautam Singh Date: Mon, 7 Oct 2024 13:11:41 +0530 Subject: [PATCH 2/6] apply suggestions --- lib/workers/repository/init/merge.ts | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/lib/workers/repository/init/merge.ts b/lib/workers/repository/init/merge.ts index ef53045085494c..ce938beaf13503 100644 --- a/lib/workers/repository/init/merge.ts +++ b/lib/workers/repository/init/merge.ts @@ -282,7 +282,7 @@ export async function mergeRenovateConfig( return returnConfig; } -// needed when using portal secrets for npmToken +/** needed when using portal secrets for npmToken */ export function setNpmTokenInNpmrc(config: RenovateConfig): void { if (!is.string(config.npmToken)) { return; @@ -297,14 +297,9 @@ export function setNpmTokenInNpmrc(config: RenovateConfig): void { return; } - /* eslint-disable no-template-curly-in-string */ - if (config.npmrc.includes('${NPM_TOKEN}')) { - logger.debug('Replacing ${NPM_TOKEN} with decrypted token'); - config.npmrc = config.npmrc.replace( - /* eslint-enable no-template-curly-in-string */ - regEx(/\${NPM_TOKEN}/g), - token, - ); + if (config.npmrc.includes(`\${NPM_TOKEN}`)) { + logger.debug(`Replacing \${NPM_TOKEN} with decrypted token`); + config.npmrc = config.npmrc.replace(regEx(/\${NPM_TOKEN}/g), token); } else { logger.debug('Appending _authToken= to end of existing npmrc'); config.npmrc = config.npmrc.replace( From ab56e41847f005cc9668f7bf8024eca9d3ad4b64 Mon Sep 17 00:00:00 2001 From: Rahul Gautam Singh Date: Tue, 8 Oct 2024 04:11:14 +0530 Subject: [PATCH 3/6] move npmToken migration to npmrc logic at one place --- lib/config/decrypt.ts | 25 -------------------- lib/workers/repository/init/merge.spec.ts | 28 +++++++++++++++++++++++ lib/workers/repository/init/merge.ts | 5 ++++ 3 files changed, 33 insertions(+), 25 deletions(-) diff --git a/lib/config/decrypt.ts b/lib/config/decrypt.ts index 09443ad5f4c835..34ac84bdac415d 100644 --- a/lib/config/decrypt.ts +++ b/lib/config/decrypt.ts @@ -1,6 +1,5 @@ import is from '@sindresorhus/is'; import { logger } from '../logger'; -import { maskToken } from '../util/mask'; import { regEx } from '../util/regex'; import { addSecretForSanitizing } from '../util/sanitize'; import { ensureTrailingSlash } from '../util/url'; @@ -167,30 +166,6 @@ export async function decryptConfig( if (eKey === 'npmToken') { const token = decryptedStr.replace(regEx(/\n$/), ''); addSecretForSanitizing(token); - logger.debug( - { decryptedToken: maskToken(token) }, - 'Migrating npmToken to npmrc', - ); - if (is.string(decryptedConfig.npmrc)) { - /* eslint-disable no-template-curly-in-string */ - if (decryptedConfig.npmrc.includes('${NPM_TOKEN}')) { - logger.debug('Replacing ${NPM_TOKEN} with decrypted token'); - decryptedConfig.npmrc = decryptedConfig.npmrc.replace( - regEx(/\${NPM_TOKEN}/g), - token, - ); - } else { - logger.debug('Appending _authToken= to end of existing npmrc'); - decryptedConfig.npmrc = decryptedConfig.npmrc.replace( - regEx(/\n?$/), - `\n_authToken=${token}\n`, - ); - } - /* eslint-enable no-template-curly-in-string */ - } else { - logger.debug('Adding npmrc to config'); - decryptedConfig.npmrc = `//registry.npmjs.org/:_authToken=${token}\n`; - } } else { decryptedConfig[eKey] = decryptedStr; addSecretForSanitizing(decryptedStr); diff --git a/lib/workers/repository/init/merge.spec.ts b/lib/workers/repository/init/merge.spec.ts index d1094b46752f2c..00ee13353d132f 100644 --- a/lib/workers/repository/init/merge.spec.ts +++ b/lib/workers/repository/init/merge.spec.ts @@ -7,6 +7,7 @@ import { platform, scm, } from '../../../../test/util'; +import * as decrypt from '../../../config/decrypt'; import { getConfig } from '../../../config/defaults'; import * as _migrateAndValidate from '../../../config/migrate-validate'; import * as _migrate from '../../../config/migration'; @@ -409,6 +410,33 @@ describe('workers/repository/init/merge', () => { const res = await mergeRenovateConfig(config); expect(res.npmrc).toBe('something_authToken=confidential'); }); + + it('sets npmToken to npmrc when it is inside encrypted', async () => { + scm.getFileList.mockResolvedValue(['package.json', '.renovaterc.json']); + fs.readLocalFile.mockResolvedValue( + '{"encrypted": { "npmToken": "encrypted-token" }, "npmrc": "something_authToken=${NPM_TOKEN}"}', + ); + migrateAndValidate.migrateAndValidate.mockResolvedValue({ + ...config, + npmrc: 'something_authToken=${NPM_TOKEN}', + encrypted: { + npmToken: 'encrypted-token', + }, + warnings: [], + errors: [], + }); + migrate.migrateConfig.mockImplementation((c) => ({ + isMigrated: true, + migratedConfig: c, + })); + jest.spyOn(decrypt, 'decryptConfig').mockResolvedValueOnce({ + ...config, + npmrc: 'something_authToken=${NPM_TOKEN}', + npmToken: 'token', + }); + const res = await mergeRenovateConfig(config); + expect(res.npmrc).toBe('something_authToken=token'); + }); }); describe('setNpmTokenInNpmrc', () => { diff --git a/lib/workers/repository/init/merge.ts b/lib/workers/repository/init/merge.ts index ce938beaf13503..e262f613ebf5f5 100644 --- a/lib/workers/repository/init/merge.ts +++ b/lib/workers/repository/init/merge.ts @@ -23,6 +23,7 @@ import { readLocalFile } from '../../../util/fs'; import * as hostRules from '../../../util/host-rules'; import * as queue from '../../../util/http/queue'; import * as throttle from '../../../util/http/throttle'; +import { maskToken } from '../../../util/mask'; import { regEx } from '../../../util/regex'; import { getOnboardingConfig } from '../onboarding/branch/config'; import { getDefaultConfigFileName } from '../onboarding/branch/create'; @@ -289,6 +290,10 @@ export function setNpmTokenInNpmrc(config: RenovateConfig): void { } const token = config.npmToken; + logger.debug( + { decryptedToken: maskToken(token) }, + 'Migrating npmToken to npmrc', + ); if (!is.string(config.npmrc)) { logger.debug('Adding npmrc to config'); From c9fb0898a7672c7cbe78c48f2e78fc57e598aff0 Mon Sep 17 00:00:00 2001 From: Rahul Gautam Singh Date: Tue, 8 Oct 2024 04:42:46 +0530 Subject: [PATCH 4/6] fix tests --- lib/config/decrypt/legacy.spec.ts | 40 ------------------------------- 1 file changed, 40 deletions(-) diff --git a/lib/config/decrypt/legacy.spec.ts b/lib/config/decrypt/legacy.spec.ts index c36943526e319c..b881abcd5beaf3 100644 --- a/lib/config/decrypt/legacy.spec.ts +++ b/lib/config/decrypt/legacy.spec.ts @@ -31,40 +31,6 @@ describe('config/decrypt/legacy', () => { ); }); - it('replaces npm token placeholder in npmrc', async () => { - GlobalConfig.set({ - privateKey: 'invalid-key', - privateKeyOld: privateKey, - }); // test old key failover - config.npmrc = - '//registry.npmjs.org/:_authToken=${NPM_TOKEN}\n//registry.npmjs.org/:_authToken=${NPM_TOKEN}\n'; - config.encrypted = { - npmToken: - 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', - }; - const res = await decryptConfig(config, repository); - expect(res.encrypted).toBeUndefined(); - expect(res.npmToken).toBeUndefined(); - expect(res.npmrc).toBe( - '//registry.npmjs.org/:_authToken=abcdef-ghijklm-nopqf-stuvwxyz\n//registry.npmjs.org/:_authToken=abcdef-ghijklm-nopqf-stuvwxyz\n', - ); - }); - - it('appends npm token in npmrc', async () => { - GlobalConfig.set({ privateKey }); - config.npmrc = 'foo=bar\n'; - config.encrypted = { - npmToken: - 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', - }; - const res = await decryptConfig(config, repository); - expect(res.encrypted).toBeUndefined(); - expect(res.npmToken).toBeUndefined(); - expect(res.npmrc).toBe( - `foo=bar\n_authToken=abcdef-ghijklm-nopqf-stuvwxyz\n`, - ); - }); - it('decrypts nested', async () => { GlobalConfig.set({ privateKey }); config.packageFiles = [ @@ -74,8 +40,6 @@ describe('config/decrypt/legacy', () => { encrypted: { branchPrefix: 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', - npmToken: - 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', }, }, }, @@ -88,10 +52,6 @@ describe('config/decrypt/legacy', () => { expect(res.packageFiles[0].devDependencies.branchPrefix).toBe( 'abcdef-ghijklm-nopqf-stuvwxyz', ); - expect(res.packageFiles[0].devDependencies.npmToken).toBeUndefined(); - expect(res.packageFiles[0].devDependencies.npmrc).toBe( - '//registry.npmjs.org/:_authToken=abcdef-ghijklm-nopqf-stuvwxyz\n', - ); }); }); }); From 136ea31b09942084df3378a5d13cfeafed4562d5 Mon Sep 17 00:00:00 2001 From: Rahul Gautam Singh Date: Wed, 9 Oct 2024 16:55:01 +0530 Subject: [PATCH 5/6] fix coverage --- lib/config/decrypt.ts | 1 + lib/config/decrypt/legacy.spec.ts | 33 +++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/lib/config/decrypt.ts b/lib/config/decrypt.ts index 34ac84bdac415d..ac560c4d456a45 100644 --- a/lib/config/decrypt.ts +++ b/lib/config/decrypt.ts @@ -165,6 +165,7 @@ export async function decryptConfig( logger.debug(`Decrypted ${eKey}`); if (eKey === 'npmToken') { const token = decryptedStr.replace(regEx(/\n$/), ''); + decryptedConfig[eKey] = token; addSecretForSanitizing(token); } else { decryptedConfig[eKey] = decryptedStr; diff --git a/lib/config/decrypt/legacy.spec.ts b/lib/config/decrypt/legacy.spec.ts index b881abcd5beaf3..936cd1c369ff56 100644 --- a/lib/config/decrypt/legacy.spec.ts +++ b/lib/config/decrypt/legacy.spec.ts @@ -31,6 +31,34 @@ describe('config/decrypt/legacy', () => { ); }); + it('replaces npm token placeholder in npmrc', async () => { + GlobalConfig.set({ + privateKey: 'invalid-key', + privateKeyOld: privateKey, + }); // test old key failover + config.npmrc = + '//registry.npmjs.org/:_authToken=${NPM_TOKEN}\n//registry.npmjs.org/:_authToken=${NPM_TOKEN}\n'; + config.encrypted = { + npmToken: + 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', + }; + const res = await decryptConfig(config, repository); + expect(res.encrypted).toBeUndefined(); + expect(res.npmToken).toBe('abcdef-ghijklm-nopqf-stuvwxyz'); + }); + + it('appends npm token in npmrc', async () => { + GlobalConfig.set({ privateKey }); + config.npmrc = 'foo=bar\n'; + config.encrypted = { + npmToken: + 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', + }; + const res = await decryptConfig(config, repository); + expect(res.encrypted).toBeUndefined(); + expect(res.npmToken).toBe('abcdef-ghijklm-nopqf-stuvwxyz'); + }); + it('decrypts nested', async () => { GlobalConfig.set({ privateKey }); config.packageFiles = [ @@ -40,6 +68,8 @@ describe('config/decrypt/legacy', () => { encrypted: { branchPrefix: 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', + npmToken: + 'FLA9YHIzpE7YetAg/P0X46npGRCMqn7hgyzwX5ZQ9wYgu9BRRbTiBVsUIFTyM5BuP1Q22slT2GkWvFvum7GU236Y6QiT7Nr8SLvtsJn2XUuq8H7REFKzdy3+wqyyWbCErYTFyY1dcPM7Ht+CaGDWdd8u/FsoX7AdMRs/X1jNUo6iSmlUiyGlYDKF+QMnCJom1VPVgZXWsGKdjI2MLny991QMaiv0VajmFIh4ENv4CtXOl/1twvIl/6XTXAaqpJJKDTPZEuydi+PHDZmal2RAOfrkH4m0UURa7SlfpUlIg+EaqbNGp85hCYXLwRcEET1OnYr3rH1oYkcYJ40any1tvQ==', }, }, }, @@ -52,6 +82,9 @@ describe('config/decrypt/legacy', () => { expect(res.packageFiles[0].devDependencies.branchPrefix).toBe( 'abcdef-ghijklm-nopqf-stuvwxyz', ); + expect(res.packageFiles[0].devDependencies.npmToken).toBe( + 'abcdef-ghijklm-nopqf-stuvwxyz', + ); }); }); }); From 984354ca5b9ea0dcf363732e25b1cb2404a65ce3 Mon Sep 17 00:00:00 2001 From: Rahul Gautam Singh Date: Fri, 8 Nov 2024 13:33:48 +0530 Subject: [PATCH 6/6] improve log messages --- lib/workers/repository/init/merge.ts | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/workers/repository/init/merge.ts b/lib/workers/repository/init/merge.ts index e262f613ebf5f5..4cf53b1395c3e5 100644 --- a/lib/workers/repository/init/merge.ts +++ b/lib/workers/repository/init/merge.ts @@ -290,10 +290,7 @@ export function setNpmTokenInNpmrc(config: RenovateConfig): void { } const token = config.npmToken; - logger.debug( - { decryptedToken: maskToken(token) }, - 'Migrating npmToken to npmrc', - ); + logger.debug({ npmToken: maskToken(token) }, 'Migrating npmToken to npmrc'); if (!is.string(config.npmrc)) { logger.debug('Adding npmrc to config'); @@ -303,7 +300,7 @@ export function setNpmTokenInNpmrc(config: RenovateConfig): void { } if (config.npmrc.includes(`\${NPM_TOKEN}`)) { - logger.debug(`Replacing \${NPM_TOKEN} with decrypted token`); + logger.debug(`Replacing \${NPM_TOKEN} with npmToken`); config.npmrc = config.npmrc.replace(regEx(/\${NPM_TOKEN}/g), token); } else { logger.debug('Appending _authToken= to end of existing npmrc');