fixup! feat(ncu-config): add support for partially encrypted config files

Author: aduh95

lib/auth.js

@@ -105,9 +105,9 @@ async function auth(
     const { username, jenkins_token } = getMergedConfig();
     if (!username || !jenkins_token) {
       errorExit(
-        'Get your Jenkins API token in https://ci.nodejs.org/me/configure ' +
+        'Get your Jenkins API token in https://ci.nodejs.org/me/security ' +
         'and run the following command to add it to your ncu config: ' +
-        'ncu-config --global set jenkins_token TOKEN'
+        'ncu-config --global set -x jenkins_token'
       );
     };
     check(username, jenkins_token);
@@ -121,7 +121,7 @@ async function auth(
         'Get your HackerOne API token in ' +
         'https://docs.hackerone.com/organizations/api-tokens.html ' +
         'and run the following command to add it to your ncu config: ' +
-        'ncu-config --global set h1_token TOKEN or ' +
+        'ncu-config --global set -x h1_token or ' +
         'ncu-config --global set h1_username USERNAME'
       );
     };

lib/config.js

@@ -20,12 +20,12 @@ export function getNcurcPath() {
 }
 
 let mergedConfig;
-export function getMergedConfig(dir, home) {
+export function getMergedConfig(dir, home, additional) {
   if (mergedConfig == null) {
     const globalConfig = getConfig(GLOBAL_CONFIG, home);
     const projectConfig = getConfig(PROJECT_CONFIG, dir);
     const localConfig = getConfig(LOCAL_CONFIG, dir);
-    mergedConfig = Object.assign(globalConfig, projectConfig, localConfig);
+    mergedConfig = Object.assign(globalConfig, projectConfig, localConfig, additional);
   }
   return mergedConfig;
 };
@@ -41,7 +41,7 @@ export async function encryptValue(input) {
     {
       captureStdout: true,
       ignoreFailure: false,
-      spawnArgs: { input }
+      input
     }
   );
 }
@@ -60,7 +60,11 @@ function addEncryptedPropertyGetter(target, key, input) {
       __proto__: null,
       configurable: true,
       get() {
-        console.warn(`The config value for ${key} is encrypted, spawning gpg to decrypt it...`);
+        // Using an error object to get a stack trace in debug mode.
+        const warn = new Error(
+          `The config value for ${key} is encrypted, spawning gpg to decrypt it...`
+        );
+        console.warn(setOwnProperty(warn, 'name', 'Warning'));
         const value = runSync(process.env.GPG_BIN || 'gpg', ['--decrypt'], { input });
         setOwnProperty(target, key, value);
         return value;

lib/session.js

@@ -19,7 +19,7 @@ export default class Session {
     this.cli = cli;
     this.dir = dir;
     this.prid = prid;
-    this.config = { ...getMergedConfig(this.dir), ...argv };
+    this.config = getMergedConfig(this.dir, undefined, argv);
     this.gpgSign = argv?.['gpg-sign']
       ? (argv['gpg-sign'] === true ? ['-S'] : ['-S', argv['gpg-sign']])
       : [];
@@ -126,7 +126,12 @@ export default class Session {
     writeJson(this.sessionPath, {
       state: STARTED,
       prid: this.prid,
-      config: this.config
+      // Filter out getters, those are likely encrypted data we don't need on the session.
+      config: Object.entries(Object.getOwnPropertyDescriptors(this.config))
+        .reduce((pv, [key, desc]) => {
+          if (Object.hasOwn(desc, 'value')) pv[key] = desc.value;
+          return pv;
+        }, { __proto__: null }),
     });
   }