Module: Dependabot::Cargo::Helpers

Extended by:
T::Sig
Defined in:
lib/dependabot/cargo/helpers.rb

Class Method Summary collapse

Class Method Details

.setup_credentials_in_environment(credentials) ⇒ Object 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/dependabot/cargo/helpers.rb', line 12

def self.setup_credentials_in_environment(credentials)
  credentials.each do |cred|
    next if cred["type"] != "cargo_registry"

    # If there is a 'token' property, then apply it.
    # If there is not, it probably means we are running under dependabot-cli which stripped
    # all tokens. So in that case, we assume that the dependabot proxy will re-inject the
    # actual correct token, and we just use 'token' as a placeholder at this point.
    # (We must add these environment variables here, or 'cargo update' will not think it is
    # configured properly for the private registries.)

    token_env_var = "CARGO_REGISTRIES_#{T.must(cred['registry']).upcase.tr('-', '_')}_TOKEN"

    token = "placeholder_token"
    if cred["token"].nil?
      Dependabot.logger.info("No token found for #{cred['registry']}, dependabot-cli proxy will inject it")
    else
      token = cred["token"]
      Dependabot.logger.info(
        "Token found for #{cred['registry']}, setting #{token_env_var} to provided token value"
      )
    end

    ENV[token_env_var] ||= token
  end

  # And set CARGO_REGISTRY_GLOBAL_CREDENTIAL_PROVIDERS here as well, so Cargo will expect tokens
  ENV["CARGO_REGISTRY_GLOBAL_CREDENTIAL_PROVIDERS"] ||= "cargo:token"
end