Disclaimer:
So we have a auth.json for our projects in the (private) git repository with not-so-secret credentials which are needed to set up a project.
I am copying the argument from here:
It's common practice to add an auth.json for Enterprise software (such as Magento, where you have different auth keys for different projects) in the same directory as the > composer.json just to identify as authorized to download these packages (which an build > and deployment framework needs to be authorized as well), which shouldn't be an issue as those repositories are privately hosted anyways. https://github.com/composer/composer/issues/9920#issuecomment-851901227
Problem:
When running renovate bot on such a project we get a message:
Failed to look up packagist package .....
Files affected: composer.json
I did not find a configuration option on renovate bot to use the credentials from the auth.json in the repository.
Instead we would have to manually define hostRules. This would work.
Is there a better solution to this problem?
X-Post warning:
X-Follow-up to: https://github.com/renovatebot/renovate/discussions/22818
Actually I think https://github.com/renovatebot/renovate/discussions/22818 is the better place for this questions
I currently cannot delete this, because of the bounty.