composer-phprenovate

Can renovate bot use the auth.json within the repository for composer packages?


Disclaimer:

So we have a auth.json for our projects in the (private) git repository with not-so-secret credentials which are needed to set up a project.

I am copying the argument from here:

It's common practice to add an auth.json for Enterprise software (such as Magento, where you have different auth keys for different projects) in the same directory as the > composer.json just to identify as authorized to download these packages (which an build > and deployment framework needs to be authorized as well), which shouldn't be an issue as those repositories are privately hosted anyways. https://github.com/composer/composer/issues/9920#issuecomment-851901227

Problem:

When running renovate bot on such a project we get a message:

Failed to look up packagist package .....
Files affected: composer.json

I did not find a configuration option on renovate bot to use the credentials from the auth.json in the repository.

Instead we would have to manually define hostRules. This would work.

Is there a better solution to this problem?


Solution

  • X-Post warning:

    X-Follow-up to: https://github.com/renovatebot/renovate/discussions/22818

    Actually I think https://github.com/renovatebot/renovate/discussions/22818 is the better place for this questions

    I currently cannot delete this, because of the bounty.