golang dependencies bitbucket url generated incorrectly when using usr and pass

[nicodega]

How are you running Renovate?

Self Hosted

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

39.192.0 (but issue persists on main)

Please tell us more about your question or problem

When trying to update a golang dependency in a bitbucket.org private repository, if authentication is setup using user + password instead of a token, the generated insteadOf environment variables have the form https://x-token-auth:user:[email protected]/" (notice how "x-token-auth:") is added automatically.

Debugging the renovate code, it turns out this happens because in lib/util/git/auth.ts when username and password (and not token) is used, in getAuthenticationRules the url.token variable is set to the value of the token argument that was previously set to "user:password". The problem is, the library git-url-parse used to then render the url using toString, will append "x-token-auth:" if the source is bitbucket.org. (see https://github.com/IonicaBizau/git-url-parse/blob/87a5324fe86898a3eb8de850eee99eca09c3e7a4/lib/index.js#L309)

Of course this results in go module request failing because of authentication issues.

BTW: We need to use user + pass and not a token because we require commits to be signed and bitbucket cannot assign pgp keys to workspace tokens.

Config used:

module.exports = {
    platform: "bitbucket",
    baseDir: `${process.env.BITBUCKET_CLONE_DIR}/renovate`,
    username: process.env.RENOVATE_BITBUCKET_USERNAME,
    password: process.env.RENOVATE_BITBUCKET_PASSWORD,
    baseBranches: ["main"],
    repositories: [
      "company-workspace/common-libs",
    ],
    enabledManagers: ["gomod"],
    constraints: {
      "go": "1.23"
    },
    postUpdateOptions: [
      "gomodUpdateImportPaths",
      "gomodTidy",
      "gomodSkipVendor"
    ],
    "hostRules": [
      {
        "matchHost": "https://bitbucket.org/company-workspace",
        "username": process.env.RENOVATE_BITBUCKET_USERNAME,
        "password": process.env.RENOVATE_BITBUCKET_PASSWORD,
        "hostType": "bitbucket"
      }
    ],
    autodiscover: false,
    onboarding: false,
    customEnvVariables: {
      "GOPRIVATE": "bitbucket.org/company-workspace/common-libs",
      "GONOSUMDB": "bitbucket.org/company-workspace/common-libs",
      "GONOPROXY": "bitbucket.org/company-workspace/common-libs"
    },
    gitAuthor: "Renovate Bot <[email protected]>",
    gitPrivateKey: `${process.env.RENOVATE_BITBUCKET_PRIVATEKEY.replace(/\|/g, '\n')}`,
  };

Logs (if relevant)

Logs

Replace this text with your logs, between the starting and ending triple backticks