diff --git a/cmd/dependabot/internal/cmd/update.go b/cmd/dependabot/internal/cmd/update.go index cdd494b..3dadfe4 100644 --- a/cmd/dependabot/internal/cmd/update.go +++ b/cmd/dependabot/internal/cmd/update.go @@ -343,7 +343,27 @@ func processInput(input *model.Input, flags *UpdateFlags) { "host": "dev.azure.com", }) } + } + + // Calculate the credentials-metadata as it cannot be provided by the user anymore. + input.Job.CredentialsMetadata = []model.Credential{} + for _, credential := range input.Credentials { + // If the credential type is not a git_source and only has a host, skip it. + // This avoids issues in the updater where fully qualified registry URLs are required. + if credential["type"] != "git_source" && credential["host"] != "" { + continue + } + entry := make(map[string]any) + for k, v := range credential { + // Updater does not get credentials. + if k != "username" && k != "token" && k != "password" && k != "key" && k != "auth-key" { + entry[k] = v + } + } + input.Job.CredentialsMetadata = append(input.Job.CredentialsMetadata, entry) + } + if hasLocalAzureToken && azureRepo != nil { // Add the Azure Artifacts credentials for each host if the package manager is supported. if _, ok := azureArtifactsPackageManagerCredentialType[input.Job.PackageManager]; ok { // All Azure Artifacts hosts @@ -363,19 +383,6 @@ func processInput(input *model.Input, flags *UpdateFlags) { log.Printf("Skipping Azure Artifacts credentials for %s package manager.", input.Job.PackageManager) } } - - // Calculate the credentials-metadata as it cannot be provided by the user anymore. - input.Job.CredentialsMetadata = []model.Credential{} - for _, credential := range input.Credentials { - entry := make(map[string]any) - for k, v := range credential { - // Updater does not get credentials. - if k != "username" && k != "token" && k != "password" && k != "key" && k != "auth-key" { - entry[k] = v - } - } - input.Job.CredentialsMetadata = append(input.Job.CredentialsMetadata, entry) - } } func doesStdinHaveData() bool {