I am using self hosted renovate and want to use postUpgradeTasks to run an update script only one the name of renovate branch matches an specific branch name pattern (upgrade/template-*), for other case the update script need not be called. I am using an if condition but getting error message
Post-upgrade command 'if ["{{{branchName}}}" == "upgrade/template-*"]; then ./bootstrap/.helper/upgrade.sh {{{newVersion}}} {{{branchName}}}; fi' has not been added to the allowed list in allowedPostUpgradeCommands
My renoavte.json file looks like this and allowedPostUpgradeCommands allows everything. I am not getting a clue why this error pops up all the time.
renovate.json -
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [],
"branchPrefix": "upgrade/",
"regexManagers": [
{
"fileMatch": ["^VERSION$"],
"matchStrings": [
"(?<currentValue>.*)"
],
"datasourceTemplate": "gitlab-releases",
"depNameTemplate": "lmn/pqr/template",
"registryUrlTemplate": "https://abc.xyz.com"
}
],
"forkProcessing": "enabled",
"allowedPostUpgradeCommands": [".*"],
"postUpgradeTasks": {
"commands": ["if [\"{{{branchName}}}\" == \"upgrade/template-*\"]; then ./bootstrap/.helper/upgrade.sh {{{newVersion}}} {{{branchName}}}; fi"],
"executionMode": "branch",
"fileFilters": ["**/*", "**/.*"]
},
"enabledManagers": ["regex", "flux"],
"flux": {
"fileMatch": [
"(^|/)flux-system/(?:.+/)?gotk-components\\.(ya?ml)$",
"(^|/)infrastructure/.*?/.*\\.ya?ml$",
"(^|/)bootstrap/crossplane/.*?/.*\\.ya?ml$"
]
}
}
The problem was though I was explicitly allowing all command by
"allowedPostUpgradeCommands": [".*"]This was a misconception for the case of self hosted agent. This configuration must be done at global renovate config and not at renovate.json level.