feat(config): make openpgp optional (#28581)

Author: viceice

lib/config/decrypt/openpgp.spec.ts

@@ -12,6 +12,7 @@ describe('config/decrypt/openpgp', () => {
     let config: RenovateConfig;
 
     beforeEach(() => {
+      jest.resetModules();
       config = {};
       GlobalConfig.reset();
     });
@@ -118,5 +119,23 @@ describe('config/decrypt/openpgp', () => {
         CONFIG_VALIDATION,
       );
     });
+
+    it('fails to load openpgp', async () => {
+      jest.doMock('../../expose.cjs', () => ({
+        openpgp: () => {
+          throw new Error('openpgp error');
+        },
+      }));
+      const pgp = await import('./openpgp');
+      const { logger } = await import('../../logger');
+      expect(
+        await pgp.tryDecryptOpenPgp(
+          '',
+          'wcFMAw+4H7SgaqGOAQ/+Lz6RlbEymbnmMhrktuaGiDPWRNPEQFuMRwwYM6/B/r0JMZa9tskAA5RpyYKxGmJJeuRtlA8GkTw02GoZomlJf/KXJZ95FwSbkXMSRJRD8LJ2402Hw2TaOTaSvfamESnm8zhNo8cok627nkKQkyrpk64heVlU5LIbO2+UgYgbiSQjuXZiW+QuJ1hVRjx011FQgEYc59+22yuKYqd8rrni7TrVqhGRlHCAqvNAGjBI4H7uTFh0sP4auunT/JjxTeTkJoNu8KgS/LdrvISpO67TkQziZo9XD5FOzSN7N3e4f8vO4N4fpjgkIDH/9wyEYe0zYz34xMAFlnhZzqrHycRqzBJuMxGqlFQcKWp9IisLMoVJhLrnvbDLuwwcjeqYkhvODjSs7UDKwTE4X4WmvZr0x4kOclOeAAz/pM6oNVnjgWJd9SnYtoa67bZVkne0k6mYjVhosie8v8icijmJ4OyLZUGWnjZCRd/TPkzQUw+B0yvsop9FYGidhCI+4MVx6W5w7SRtCctxVfCjLpmU4kWaBUUJ5YIQ5xm55yxEYuAsQkxOAYDCMFlV8ntWStYwIG1FsBgJX6VPevXuPPMjWiPNedIpJwBH2PLB4blxMfzDYuCeaIqU4daDaEWxxpuFTTK9fLdJKuipwFG6rwE3OuijeSN+2SLszi834DXtUjQdikHSTQG392+oTmZCFPeffLk/OiV2VpdXF3gGL7sr5M9hOWIZ783q0vW1l6nAElZ7UA//kW+L6QRxbnBVTJK5eCmMY6RJmL76zjqC1jQ0FC10',
+        ),
+      ).toBeNull();
+      expect(logger.warn).toHaveBeenCalled();
+      expect(logger.once.warn).toHaveBeenCalled();
+    });
   });
 });

lib/config/decrypt/openpgp.ts

@@ -1,7 +1,9 @@
-import * as openpgp from 'openpgp';
+import { openpgp } from '../../expose.cjs';
 import { logger } from '../../logger';
 import { regEx } from '../../util/regex';
 
+let pgp: typeof import('openpgp') | null | undefined = undefined;
+
 export async function tryDecryptOpenPgp(
   privateKey: string,
   encryptedStr: string,
@@ -10,8 +12,22 @@ export async function tryDecryptOpenPgp(
     // optimization during transition of public key -> pgp
     return null;
   }
+  if (pgp === undefined) {
+    try {
+      pgp = openpgp();
+    } catch (err) {
+      logger.warn({ err }, 'Could load openpgp');
+      pgp = null;
+    }
+  }
+
+  if (pgp === null) {
+    logger.once.warn('Cannot load openpgp, skipping decryption');
+    return null;
+  }
+
   try {
-    const pk = await openpgp.readPrivateKey({
+    const pk = await pgp.readPrivateKey({
       // prettier-ignore
       armoredKey: privateKey.replace(regEx(/\n[ \t]+/g), '\n'), // little massage to help a common problem
     });
@@ -24,10 +40,10 @@ export async function tryDecryptOpenPgp(
     if (!armoredMessage.endsWith(endBlock)) {
       armoredMessage = `${armoredMessage}${endBlock}`;
     }
-    const message = await openpgp.readMessage({
+    const message = await pgp.readMessage({
       armoredMessage,
     });
-    const { data } = await openpgp.decrypt({
+    const { data } = await pgp.decrypt({
       message,
       decryptionKeys: pk,
     });

lib/expose.cjs

@@ -22,4 +22,17 @@ function prettier() {
   return require('prettier');
 }
 
-module.exports = { re2, pkg, prettier };
+/**
+ * return's openpgp
+ * @returns {typeof import('openpgp')}
+ */
+function openpgp() {
+  return require('openpgp');
+}
+
+module.exports = {
+  re2,
+  pkg,
+  openpgp,
+  prettier,
+};

package.json

@@ -222,7 +222,6 @@
     "ms": "2.1.3",
     "nanoid": "3.3.7",
     "node-html-parser": "6.1.13",
-    "openpgp": "5.11.1",
     "p-all": "3.0.0",
     "p-map": "4.0.0",
     "p-queue": "6.6.2",
@@ -251,6 +250,7 @@
     "zod": "3.22.4"
   },
   "optionalDependencies": {
+    "openpgp": "5.11.1",
     "re2": "1.20.10"
   },
   "devDependencies": {
@@ -350,7 +350,9 @@
     "dist",
     "renovate-schema.json"
   ],
-  "pnpm":{
-    "neverBuiltDependencies": ["dtrace-provider"]
+  "pnpm": {
+    "neverBuiltDependencies": [
+      "dtrace-provider"
+    ]
   }
 }