feat(composer): bearer token authentication (#6901) (#11856)

Co-authored-by: Rhys Arkins <rhys@arkins.net>

docs/usage/php.md

@@ -31,6 +31,11 @@ If you are using a [privately hosted Composer package](https://getcomposer.org/d
       "hostType": "packagist",
       "username": "<your-username>",
       "password": "<your-password>"
+    },
+    {
+      "matchHost": "bearer-auth.for.vendor.com",
+      "hostType": "packagist",
+      "token": "abcdef0123456789"
     }
   ]
 }
@@ -49,8 +54,15 @@ You may encrypt your `password` only, but you can encrypt your `username` as wel
       "matchHost": "some.vendor.com",
       "hostType": "packagist",
       "encrypted": {
-        "username": "<your-encrypted-password",
-        "password": "<your-encrypted-password"
+        "username": "<your-encrypted-password>",
+        "password": "<your-encrypted-password>"
+      }
+    },
+    {
+      "matchHost": "bearer-auth.for.vendor.com",
+      "hostType": "packagist",
+      "encrypted": {
+        "token": "<your-encrypted-token>"
       }
     }
   ]

lib/manager/composer/__snapshots__/artifacts.spec.ts.snap

@@ -234,7 +234,7 @@ Array [
       "cwd": "/tmp/github/some/repo",
       "encoding": "utf-8",
       "env": Object {
-        "COMPOSER_AUTH": "{\\"github-oauth\\":{\\"github.com\\":\\"github-token\\"},\\"gitlab-token\\":{\\"gitlab.com\\":\\"gitlab-token\\"},\\"gitlab-domains\\":[\\"gitlab.com\\"],\\"http-basic\\":{\\"packagist.renovatebot.com\\":{\\"username\\":\\"some-username\\",\\"password\\":\\"some-password\\"},\\"artifactory.yyyyyyy.com\\":{\\"username\\":\\"some-other-username\\",\\"password\\":\\"some-other-password\\"}}}",
+        "COMPOSER_AUTH": "{\\"github-oauth\\":{\\"github.com\\":\\"github-token\\"},\\"gitlab-token\\":{\\"gitlab.com\\":\\"gitlab-token\\"},\\"gitlab-domains\\":[\\"gitlab.com\\"],\\"http-basic\\":{\\"packagist.renovatebot.com\\":{\\"username\\":\\"some-username\\",\\"password\\":\\"some-password\\"},\\"artifactory.yyyyyyy.com\\":{\\"username\\":\\"some-other-username\\",\\"password\\":\\"some-other-password\\"}},\\"bearer\\":{\\"packages-bearer.example.com\\":\\"abcdef0123456789\\"}}",
         "COMPOSER_CACHE_DIR": "/tmp/renovate/cache/others/composer",
         "HOME": "/home/user",
         "HTTPS_PROXY": "https://example.com",

lib/manager/composer/artifacts.spec.ts

@@ -123,6 +123,11 @@ describe('manager/composer/artifacts', () => {
       username: 'some-other-username',
       password: 'some-other-password',
     });
+    hostRules.add({
+      hostType: datasourcePackagist.id,
+      matchHost: 'https://packages-bearer.example.com/',
+      token: 'abcdef0123456789',
+    });
     fs.readLocalFile.mockResolvedValueOnce('{}');
     const execSnapshots = mockExecAll(exec);
     fs.readLocalFile.mockResolvedValueOnce('{}');

lib/manager/composer/artifacts.ts

@@ -63,10 +63,13 @@ function getAuthJson(): string | null {
   hostRules
     .findAll({ hostType: datasourcePackagist.id })
     ?.forEach((hostRule) => {
-      const { resolvedHost, username, password } = hostRule;
+      const { resolvedHost, username, password, token } = hostRule;
       if (resolvedHost && username && password) {
         authJson['http-basic'] = authJson['http-basic'] || {};
         authJson['http-basic'][resolvedHost] = { username, password };
+      } else if (resolvedHost && token) {
+        authJson.bearer = authJson.bearer || {};
+        authJson.bearer[resolvedHost] = token;
       }
     });
 

lib/manager/composer/types.ts

@@ -41,6 +41,7 @@ export interface UserPass {
 }
 
 export interface AuthJson {
+  bearer?: Record<string, string>;
   'github-oauth'?: Record<string, string>;
   'gitlab-token'?: Record<string, string>;
   'gitlab-domains'?: string[];