I am trying to setup renovate bot in an Azure Devops environment. It generally works, meaning it can check most dependencies and create pull requests etc.
However in PRs, I see a warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information
In the pipeline log I see errors like
Dependency lookup unauthorized. Please add authentication with a hostRule for.....
... artifacts in the Azure feed. The build user has contributor privileges setup for the feed.
The current config.js looks like this:
module.exports = {
platform: 'azure',
endpoint: 'https://dev.azure.com/{org}',
hostRules: [
{
hostType: 'maven',
matchHost: '{org}.pkgs.visualstudio.com',
username: '' // tried a lot of options like 'apikey' etc.,
password: process.env.RENOVATE_TOKEN,
},
],
repositories: ['{projectName}/{repoName}'],
};
CI:
steps:
- bash: |
git config --global user.email 'renovate@mail.com'
git config --global user.name 'Renovate Bot'
npx renovate
env:
RENOVATE_PLATFORM: azure
RENOVATE_ENDPOINT: $(System.CollectionUri)
RENOVATE_CONFIG_FILE: $(Build.SourcesDirectory)/config.js
RENOVATE_TOKEN: $(System.AccessToken)
RENOVATE_GITHUB_COM_TOKEN: $(github-token)
LOG_LEVEL: debug
I am not sure how to properly set it up, as I can't find specific documentation for that use case. I found lots of older posts using empty usernames, 'apikey' as username etc. but as of now nothing seems to work for me.
In our case, we had to give the user Project Collection Build Service Feed reader rights in the artifacts feed.
The following config then works:
hostRules: [
{
hostType: 'maven',
matchHost: '{org}.pkgs.visualstudio.com',
authType: 'Basic',
username: '{org}',
password: process.env.RENOVATE_TOKEN,
},
{
hostType: 'maven',
matchHost: 'pkgs.dev.azure.com',
authType: 'Basic',
username: '{org}',
password: process.env.RENOVATE_TOKEN,
},
],
steps:
- bash: |
npx renovate
env:
RENOVATE_PLATFORM: azure
RENOVATE_ENDPOINT: $(System.CollectionUri)
RENOVATE_TOKEN: $(System.AccessToken)
LOG_LEVEL: debug