What would you like Renovate to be able to do?

I'm trying to run Cargo against a codebase with private rust dependencies hosted on github.

  • If my Cargo.toml files use ssh urls, then I get the issue in https://github.com/renovatebot/renovate/issues/14939
  • If my Cargo.toml files use https urls then Cargo doesn't use the github tokens:
    Caused by:
      failed to authenticate when downloading repository
      * attempted to find username/password via git's `credential.helper` support, but failed
      if the git CLI succeeds then `net.git-fetch-with-cli` may help here
    Caused by:
      failed to acquire username/password from local configuration
  • As I'm using the hosted renovate, I don't think I have a way to set CARGO_NET_GIT_FETCH_WITH_CLI=true in e.g. customEnvVariables?

If you have any ideas on how this should be implemented, please tell us here.

Possibly CARGO_NET_GIT_FETCH_WITH_CLI=true could be set by default?

Is this a feature you are interested in implementing yourself?



Currently there is no hostRules awareness in Cargo artifacts logic: https://github.com/renovatebot/renovate/blob/main/lib/modules/manager/cargo/artifacts.ts

This means either:

  • We need to add specific cargo logic (e.g. reading hostRules, writing credentials to a specific file or env), or
  • #11470 (if Cargo uses git over https)
  • #14955 (including for hosted users)

@james-callahan how could Renovate use github tokens when or before calling cargo? e.g. should they be put in a file, in env, or CLI params?


@james-callahan how could Renovate use github tokens when or before calling cargo? e.g. should they be put in a file, in env, or CLI params?

If you set CARGO_NET_GIT_FETCH_WITH_CLI=true then Cargo will use the git cli, which will follow all the normal rules for git configuration. i.e. you can set git config via a .gitconfig file; or env vars such as GIT_CONFIG_PARAMETERS or GIT_CONFIG_COUNT+GIT_CONFIG_KEY_<n>+GIT_CONFIG_VALUE_<n>

Now, to get git to inject the github token, you could use e.g. the git config field http.https://github.com/.extraheader and set it to AUTHORIZATION: basic $(base64 <<< x-access-token:$GITHUB_TOKEN)

You can see an example of this in action over at https://github.com/actions/checkout/blob/bf085276cecdb0cc76fbbe0687a5a0e786646936/src/git-auth-helper.ts#L56-L63

Alternatively, I think you could implement a git credential helper. https://git-scm.com/docs/gitcredentials e.g. by adding the following git config variables:

  • credential.https://github.com.username=x-access-token
  • credential.https://github.com.helper=!f() { test "$1" = get && echo password="$GITHUB_TOKEN"; }; f
© 2022 pullanswer.com - All rights reserved.