Skip to content

feat: support forwarding list of env vars to renovate container #1032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
justfalter wants to merge 1 commit into
base: main
Choose a base branch
from
+51 −5
Open

feat: support forwarding list of env vars to renovate container #1032

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 34 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ GitHub Action to run Renovate self-hosted.

- [Badges](#badges)
- [Options](#options)
- [`additional-env-list`](#additional-env-list)
- [`configurationFile`](#configurationfile)
- [`docker-cmd-file`](#docker-cmd-file)
- [`docker-network`](#docker-network)
Expand Down Expand Up @@ -44,6 +45,11 @@ Options can be passed using the inputs of this action or the corresponding envir
When both are passed, the input takes precedence over the environment variable.
For the available environment variables, see the Renovate [Self-Hosted Configuration](https://docs.renovatebot.com/self-hosted-configuration/) docs.

### `additional-env-list`

A newline-separated list of environment variable names to pass through to the Renovate container, in addition to those already matched by [`env-regex`](#env-regex).
See [Passing other environment variables](#passing-other-environment-variables) section for more details.

### `configurationFile`

Configuration file to configure Renovate ("global" config) in JavaScript or JSON format.
Expand Down Expand Up @@ -409,9 +415,35 @@ For example if you wish to pass through some credentials for a [host rule](https

### Passing other environment variables

If you want to pass other variables to the Docker container use the `env-regex` input to override the regular expression that is used to allow environment variables.
There are two ways to pass additional variables through to the Renovate container:

1. **Recommended:** use [`additional-env-list`](#additional-env-list) to list the names of the variables you want forwarded. This keeps the action's default `env-regex` in effect, so you'll continue to receive any future additions to the default allow-list. Variable names that are not present in the environment are silently ignored.
2. Override [`env-regex`](#env-regex) with a custom regular expression. This gives you full control but also full ownership: if the action's default pattern changes, your override will not pick up those changes, and a typo in the regex can silently drop variables (including `RENOVATE_*` ones).

Example using `additional-env-list` (recommended):

```yml
....
jobs:
renovate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6.0.2
- name: Self-hosted Renovate
uses: renovatebot/github-action@v46.1.14
with:
configurationFile: example/renovate-config.js
token: ${{ secrets.RENOVATE_TOKEN }}
additional-env-list: |
AWS_TOKEN
MY_OTHER_SECRET
env:
AWS_TOKEN: ${{ secrets.AWS_TOKEN }}
MY_OTHER_SECRET: ${{ secrets.MY_OTHER_SECRET }}
```

In your workflow pass the environment variable and whitelist it by specifying the `env-regex`:
Example using `env-regex` (full override):

```yml
....
Expand Down
6 changes: 5 additions & 1 deletion action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,13 @@ inputs:
required: false
env-regex:
description: |
Override the environment variables which will be passsed into the renovate container.
Override the environment variables which will be passed into the renovate container.
Defaults to `^(?:RENOVATE_\\w+|LOG_LEVEL|GITHUB_COM_TOKEN|NODE_OPTIONS|NO_COLOR|(?:HTTPS?|NO)_PROXY|(?:https?|no)_proxy)$`
required: false
additional-env-list:
description: |
A newline-separated list of environment variable names to pass through to the Renovate container, in addition to those already matched by env-regex.
required: false
renovate-version:
description: |
Renovate version to use.
Expand Down
14 changes: 12 additions & 2 deletions src/input.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { getInput } from '@actions/core';
import { getInput, getMultilineInput, warning } from '@actions/core';
import path from 'node:path';

export interface EnvironmentVariable {
Expand Down Expand Up @@ -31,11 +31,21 @@ export class Input {
const envRegex = envRegexInput
? new RegExp(envRegexInput)
: this.options.envRegex;
const additionalEnvVarNames = getMultilineInput('additional-env-list');
this._environmentVariables = new Map(
Object.entries(process.env)
.filter(([key]) => envRegex.test(key))
.filter(
([key]) => envRegex.test(key) || additionalEnvVarNames.includes(key),
)
.filter((pair): pair is [string, string] => pair[1] !== undefined),
);
for (const name of additionalEnvVarNames) {
if (!this._environmentVariables.has(name)) {
warning(
`Environment variable '${name}' listed in 'additional-env-list' was not found in the parent process environment; it will not be passed to the renovate container.`,
);
}
}

this.token = this.get(
this.options.token.input,
Expand Down