From 49b5e9e33ea3927832e35adccf354be64da50d83 Mon Sep 17 00:00:00 2001 From: "Brett V. Forsgren" Date: Wed, 10 Jun 2026 10:24:55 -0600 Subject: [PATCH] Use url and token fields for cargo Azure Artifacts credentials When the package manager is cargo, Azure Artifacts credentials now use 'url' (https://) and 'token' fields instead of 'host', 'username', and 'password'. This matches the expected credential format for cargo registries. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- cmd/dependabot/internal/cmd/update.go | 21 +++++++++++++++------ cmd/dependabot/internal/cmd/update_test.go | 8 ++++---- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/cmd/dependabot/internal/cmd/update.go b/cmd/dependabot/internal/cmd/update.go index 96283442..dc90ae5a 100644 --- a/cmd/dependabot/internal/cmd/update.go +++ b/cmd/dependabot/internal/cmd/update.go @@ -410,12 +410,21 @@ func processInput(input *model.Input, flags *UpdateFlags) { fmt.Sprintf("%s.pkgs.visualstudio.com", azureRepo.Org), } for _, host := range azureArtifactsHosts { - input.Credentials = append(input.Credentials, model.Credential{ - "type": azureArtifactsPackageManagerCredentialType[input.Job.PackageManager], - "host": host, - "username": "x-access-token", - "password": "$LOCAL_AZURE_ACCESS_TOKEN", - }) + credType := azureArtifactsPackageManagerCredentialType[input.Job.PackageManager] + if input.Job.PackageManager == "cargo" { + input.Credentials = append(input.Credentials, model.Credential{ + "type": credType, + "url": fmt.Sprintf("https://%s", host), + "token": "$LOCAL_AZURE_ACCESS_TOKEN", + }) + } else { + input.Credentials = append(input.Credentials, model.Credential{ + "type": credType, + "host": host, + "username": "x-access-token", + "password": "$LOCAL_AZURE_ACCESS_TOKEN", + }) + } } } else { log.Printf("Skipping Azure Artifacts credentials for %s package manager.", input.Job.PackageManager) diff --git a/cmd/dependabot/internal/cmd/update_test.go b/cmd/dependabot/internal/cmd/update_test.go index 1eb79ed7..b500da45 100644 --- a/cmd/dependabot/internal/cmd/update_test.go +++ b/cmd/dependabot/internal/cmd/update_test.go @@ -223,17 +223,17 @@ func Test_processInput(t *testing.T) { processInput(&input, &flags) - // Ensure cargo_registry credentials are added for Azure Artifacts hosts + // Ensure cargo_registry credentials are added for Azure Artifacts hosts with url and token actualCargoRegistryStrings := []string{} for _, cred := range input.Credentials { if cred["type"] == "cargo_registry" { - actualCargoRegistryStrings = append(actualCargoRegistryStrings, fmt.Sprintf("%s|%s", cred["host"], cred["password"])) + actualCargoRegistryStrings = append(actualCargoRegistryStrings, fmt.Sprintf("%s|%s", cred["url"], cred["token"])) } } expectedCargoRegistries := []string{ - "org.pkgs.visualstudio.com|$LOCAL_AZURE_ACCESS_TOKEN", - "pkgs.dev.azure.com|$LOCAL_AZURE_ACCESS_TOKEN", + "https://org.pkgs.visualstudio.com|$LOCAL_AZURE_ACCESS_TOKEN", + "https://pkgs.dev.azure.com|$LOCAL_AZURE_ACCESS_TOKEN", } assertStringArraysEqual(t, expectedCargoRegistries, actualCargoRegistryStrings)