Skip to content

Commit 3b2e6fa

Browse files
authored
Merge branch 'main' into renovate-external-fixes
2 parents bfc9f1f + 9456b7c commit 3b2e6fa

10 files changed

Lines changed: 84 additions & 13 deletions

File tree

packages/spacecat-shared-cloud-manager-client/CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
## [@adobe/spacecat-shared-cloud-manager-client-v1.1.4](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-cloud-manager-client-v1.1.3...@adobe/spacecat-shared-cloud-manager-client-v1.1.4) (2026-04-18)
2+
3+
### Bug Fixes
4+
5+
* clone functionality to include submodules ([#1413](https://github.com/adobe/spacecat-shared/issues/1413)) ([a5c0016](https://github.com/adobe/spacecat-shared/commit/a5c0016987f6ebb8235493f877f1a681326192ec))
6+
17
## [@adobe/spacecat-shared-cloud-manager-client-v1.1.3](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-cloud-manager-client-v1.1.2...@adobe/spacecat-shared-cloud-manager-client-v1.1.3) (2026-04-15)
28

39
### Bug Fixes

packages/spacecat-shared-cloud-manager-client/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@adobe/spacecat-shared-cloud-manager-client",
3-
"version": "1.1.3",
3+
"version": "1.1.4",
44
"description": "Shared modules of the Spacecat Services - Cloud Manager Client",
55
"type": "module",
66
"engines": {

packages/spacecat-shared-cloud-manager-client/src/index.js

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -260,7 +260,9 @@ export default class CloudManagerClient {
260260
* Builds authenticated git arguments for a remote command (clone, push, or pull).
261261
*
262262
* Both repo types use http.extraheader for authentication:
263-
* - Standard repos: Basic auth header via extraheader on the repo URL
263+
* - Standard repos: Basic auth header via extraheader scoped to the org prefix
264+
* (scheme + host + '/' + orgName + '/'), so the header covers all repos and submodules
265+
* belonging to that customer org without granting access to other orgs on the same host
264266
* - BYOG repos: Bearer token + API key + IMS org ID via extraheader on the CM Repo URL
265267
*
266268
* @param {string} command - The git command ('clone', 'push', or 'pull')
@@ -276,8 +278,11 @@ export default class CloudManagerClient {
276278
if (repoType === CM_REPO_TYPE.STANDARD) {
277279
const credentials = this.#getStandardRepoCredentials(programId);
278280
const basicAuth = Buffer.from(credentials).toString('base64');
281+
const parsedUrl = new URL(repoUrl);
282+
const orgName = parsedUrl.pathname.split('/')[1];
283+
const repoOrgPrefix = `${parsedUrl.origin}/${orgName}/`;
279284
return [
280-
'-c', `http.${repoUrl}.extraheader=Authorization: Basic ${basicAuth}`,
285+
'-c', `http.${repoOrgPrefix}.extraheader=Authorization: Basic ${basicAuth}`,
281286
command, repoUrl,
282287
];
283288
}
@@ -316,7 +321,7 @@ export default class CloudManagerClient {
316321
this.log.info(`Cloning CM repository: program=${programId}, repo=${repositoryId}, type=${repoType}`);
317322

318323
const args = await this.#buildAuthGitArgs('clone', programId, repositoryId, { imsOrgId, repoType, repoUrl });
319-
this.#execGit([...args, clonePath]);
324+
this.#execGit([...args, '--recurse-submodules', clonePath]);
320325
this.log.info(`Repository cloned to ${clonePath}`);
321326
this.#logTmpDiskUsage('clone');
322327

packages/spacecat-shared-cloud-manager-client/test/cloud-manager-client.test.js

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -278,14 +278,27 @@ describe('CloudManagerClient', () => {
278278
const cloneArgs = getGitArgs(execFileSyncStub.firstCall);
279279
const cloneArgsStr = getGitArgsStr(execFileSyncStub.firstCall);
280280
expect(cloneArgs).to.include('clone');
281-
expect(cloneArgsStr).to.include(`http.${TEST_STANDARD_REPO_URL}.extraheader=Authorization: Basic c3RkdXNlcjpzdGR0b2tlbjEyMw==`);
281+
expect(cloneArgsStr).to.include('http.https://git.cloudmanager.adobe.com/myorg/.extraheader=Authorization: Basic c3RkdXNlcjpzdGR0b2tlbjEyMw==');
282282
expect(cloneArgsStr).to.include(TEST_STANDARD_REPO_URL);
283283
expect(cloneArgs).to.include(EXPECTED_CLONE_PATH);
284284
// No credentials in the URL itself
285285
expect(cloneArgsStr).to.not.include('stduser:stdtoken123@');
286286
expect(cloneArgsStr).to.not.include('Bearer');
287287
});
288288

289+
it('includes --recurse-submodules in the clone arguments', async () => {
290+
const client = CloudManagerClient.createFrom(createContext());
291+
292+
await client.clone(
293+
TEST_PROGRAM_ID,
294+
TEST_REPO_ID,
295+
{ imsOrgId: TEST_IMS_ORG_ID },
296+
);
297+
298+
const gitArgs = getGitArgs(execFileSyncStub.firstCall);
299+
expect(gitArgs).to.include('--recurse-submodules');
300+
});
301+
289302
it('throws when standard credentials not found for programId', async () => {
290303
const client = CloudManagerClient.createFrom(
291304
createContext({ CM_STANDARD_REPO_CREDENTIALS: TEST_STANDARD_CREDENTIALS }),
@@ -784,7 +797,7 @@ describe('CloudManagerClient', () => {
784797
const pushArgs = getGitArgs(execFileSyncStub.firstCall);
785798
const pushArgStr = getGitArgsStr(execFileSyncStub.firstCall);
786799
expect(pushArgStr).to.include('push');
787-
expect(pushArgStr).to.include(`http.${TEST_STANDARD_REPO_URL}.extraheader=Authorization: Basic c3RkdXNlcjpzdGR0b2tlbjEyMw==`);
800+
expect(pushArgStr).to.include('http.https://git.cloudmanager.adobe.com/myorg/.extraheader=Authorization: Basic c3RkdXNlcjpzdGR0b2tlbjEyMw==');
788801
expect(pushArgStr).to.include(TEST_STANDARD_REPO_URL);
789802
expect(pushArgStr).to.not.include('stduser:stdtoken123@');
790803
expect(pushArgStr).to.not.include('Bearer');
@@ -846,7 +859,7 @@ describe('CloudManagerClient', () => {
846859

847860
const pullArgStr = getGitArgsStr(execFileSyncStub.firstCall);
848861
expect(pullArgStr).to.include('pull');
849-
expect(pullArgStr).to.include(`http.${TEST_STANDARD_REPO_URL}.extraheader=Authorization: Basic c3RkdXNlcjpzdGR0b2tlbjEyMw==`);
862+
expect(pullArgStr).to.include('http.https://git.cloudmanager.adobe.com/myorg/.extraheader=Authorization: Basic c3RkdXNlcjpzdGR0b2tlbjEyMw==');
850863
expect(pullArgStr).to.include(TEST_STANDARD_REPO_URL);
851864
expect(pullArgStr).to.not.include('stduser:stdtoken123@');
852865
expect(pullArgStr).to.not.include('Bearer');

packages/spacecat-shared-vault-secrets/CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
## [@adobe/spacecat-shared-vault-secrets-v1.3.4](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-vault-secrets-v1.3.3...@adobe/spacecat-shared-vault-secrets-v1.3.4) (2026-04-15)
2+
3+
### Bug Fixes
4+
5+
* **vault-secrets:** revert to dedicated noCache() fetch context ([#1543](https://github.com/adobe/spacecat-shared/issues/1543)) ([ca25526](https://github.com/adobe/spacecat-shared/commit/ca255260a513109fcbf2284e613eaa48bc57a789)), closes [#1538](https://github.com/adobe/spacecat-shared/issues/1538) [#1538](https://github.com/adobe/spacecat-shared/issues/1538)
6+
17
## [@adobe/spacecat-shared-vault-secrets-v1.3.3](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-vault-secrets-v1.3.2...@adobe/spacecat-shared-vault-secrets-v1.3.3) (2026-04-15)
28

39
### Bug Fixes

packages/spacecat-shared-vault-secrets/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@adobe/spacecat-shared-vault-secrets",
3-
"version": "1.3.3",
3+
"version": "1.3.4",
44
"description": "Shared modules of the Spacecat Services - Vault secrets wrapper",
55
"type": "module",
66
"engines": {
@@ -33,7 +33,7 @@
3333
"access": "public"
3434
},
3535
"dependencies": {
36-
"@adobe/spacecat-shared-utils": "1.112.5",
36+
"@adobe/fetch": "4.3.0",
3737
"aws4": "1.13.2"
3838
},
3939
"devDependencies": {

packages/spacecat-shared-vault-secrets/src/bootstrap.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,11 @@
1010
* governing permissions and limitations under the License.
1111
*/
1212

13-
import { tracingFetch as fetch } from '@adobe/spacecat-shared-utils';
13+
import { noCache, h1NoCache } from '@adobe/fetch';
1414
import aws4 from 'aws4';
1515

16+
const { fetch } = process.env.HELIX_FETCH_FORCE_HTTP1 ? h1NoCache() : noCache();
17+
1618
/**
1719
* Loads Vault AppRole bootstrap credentials from AWS Secrets Manager.
1820
* This is the only AWS call in the entire package.

packages/spacecat-shared-vault-secrets/src/vault-client.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,9 @@
1010
* governing permissions and limitations under the License.
1111
*/
1212

13-
import { tracingFetch as fetch } from '@adobe/spacecat-shared-utils';
13+
import { noCache, h1NoCache } from '@adobe/fetch';
14+
15+
const { fetch } = process.env.HELIX_FETCH_FORCE_HTTP1 ? h1NoCache() : noCache();
1416

1517
const TOKEN_RENEW_BUFFER = 5 * 60 * 1000;
1618

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
/*
2+
* Copyright 2026 Adobe. All rights reserved.
3+
* This file is licensed to you under the Apache License, Version 2.0 (the "License");
4+
* you may not use this file except in compliance with the License. You may obtain a copy
5+
* of the License at http://www.apache.org/licenses/LICENSE-2.0
6+
*
7+
* Unless required by applicable law or agreed to in writing, software distributed under
8+
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
9+
* OF ANY KIND, either express or implied. See the License for the specific language
10+
* governing permissions and limitations under the License.
11+
*/
12+
13+
import { expect } from 'chai';
14+
15+
/**
16+
* Covers the noCache() branch of the HELIX_FETCH_FORCE_HTTP1 ternary
17+
* in vault-client.js and bootstrap.js. The default test setup forces
18+
* HTTP/1 for nock compatibility, so this test re-imports the modules
19+
* with the env var unset to exercise the HTTP/2 noCache() path.
20+
*/
21+
describe('fetch context selection', () => {
22+
const originalValue = process.env.HELIX_FETCH_FORCE_HTTP1;
23+
24+
after(() => {
25+
process.env.HELIX_FETCH_FORCE_HTTP1 = originalValue;
26+
});
27+
28+
it('vault-client uses noCache() when HELIX_FETCH_FORCE_HTTP1 is unset', async () => {
29+
delete process.env.HELIX_FETCH_FORCE_HTTP1;
30+
const mod = await import(`../src/vault-client.js?ctx=${Date.now()}`);
31+
expect(mod.default).to.be.a('function');
32+
});
33+
34+
it('bootstrap uses noCache() when HELIX_FETCH_FORCE_HTTP1 is unset', async () => {
35+
delete process.env.HELIX_FETCH_FORCE_HTTP1;
36+
const mod = await import(`../src/bootstrap.js?ctx=${Date.now()}`);
37+
expect(mod.loadBootstrapConfig).to.be.a('function');
38+
});
39+
});

packages/spacecat-shared-vault-secrets/test/vault-secrets-wrapper.test.js

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@ import { expect, use } from 'chai';
1414
import chaiAsPromised from 'chai-as-promised';
1515
import nock from 'nock';
1616
import sinon from 'sinon';
17-
import { clearFetchCache } from '@adobe/spacecat-shared-utils';
1817
import vaultSecrets, { loadSecrets, reset } from '../src/vault-secrets-wrapper.js';
1918

2019
use(chaiAsPromised);
@@ -109,7 +108,6 @@ describe('vaultSecrets wrapper', () => {
109108

110109
afterEach(() => {
111110
reset();
112-
clearFetchCache();
113111
sinon.restore();
114112
nock.cleanAll();
115113

0 commit comments

Comments
 (0)