Closed micheelengronne closed 3 years ago
How would you propose to do this? e.g. would you completely mirror the entire image set, or you would manually mirror them as-needed, etc?
I think I would create a method that gives back the image name to use and eventually authenticate on a private registry.
It will look in the config.js
if an image is configured to replace it by looking at the key in a subarray, the key being the original image name.
smthg like that in config:
dockerimages: {
'renovate/ruby': 'ownimage/ruby'
}
Here, ownimage/ruby
replaces renovate/ruby
.
And a dirty skeleton of the method (just the algo, not in js):
arg='renovate/ruby'
methodskeleton(arg) {
currentimage=arg
if isset( config(arg) ) {
currentimage=config(arg)
}
if getHost(currentimage) has an entry in hostRules {
authenticate
}
}
Would you need to support multiple tags per image, e.g. to support multiple versions of Ruby, Python, Yarn, etc?
For my usecase not really.
Would it be an acceptable solution to add a config option, something like dockerBase
or dockerUser
. It would default to renovate
, but could be overridden to be myuser
, and we would fetch docker images like ${config.dockerBase}/ruby
?
You wouldn't need to provide a full mirror of our Docker images and tags, only the ones you use.
Not really for me. As I would like the possibility to completely override the images and use my own.
As a side note, AFAIK, the side images are not called with a tag and a hash. I would like to call mines with them to keep the immutability on my whole renovate install.
If you don't need multiple versions of each tool, wouldn't an easier solution be if you had a prebuilt monolithic image assuming you can get the right tools installed?
I used to do that.
The problem is that solution finally created conflicts between environments and made the whole thing harder to maintain.
@micheelengronne When we finished the buildpack stuff, you can easily build and maintain your own renovate docker image
ref: renovatebot/docker-renovate#9, renovatebot/docker-renovate#15
https://github.com/renovatebot/docker-renovate/blob/feat/buildpack/Dockerfile
I already build mine. Easily. That's not an install question. The problem is that I begin to have a lot of different tests environments and their configurations start to conflict with each other.
The docker (waiting for podman :) ) way is far cleaner. It creates truly separate environments and a capacity to correctly clean them. The only thing that bother me is the fact that I canno't override the ones embedded in code.
What aboud simply build a renovate image for every environment, see out new full image as example
So you can easily add the required tool for every environment separatly
I run my renovate image with a loop, making it a daemon that fetch every 10 minutes all repositories.
What you are proposing adds far more complexity. Is it complicated to add the possibility to override the current side images ? Genuine question, I did not dig enough into the code.
Currently it is not possible to override the images. It's also no easy to implement, because some side-containers have specific versioning requirements. So you would be required to fulfill those your own.
Is it not possible to have the possibility to override their call in code and leave the burden of maintaining them to those (like me) that choose this option ?
As I said, it's not yet
possible, maybe in future. For this feature we need to finish the docker centralized handling first. Then we can think of implementing this.
ok. I will wait for it then :)
Would it be an acceptable solution to add a config option, something like
dockerBase
ordockerUser
. It would default torenovate
, but could be overridden to bemyuser
, and we would fetch docker images like${config.dockerBase}/ruby
?
For my use case, yes, it would be nice to be able to drop a prefix in front of the image names. We proxy via Artifactory.
To use renovate for example, I adjust the image name like so:
artifactory.example.net:6555/renovate/renovate:19
Idea for prefix:
dockerImagePrefix
setUtilConfig
> setExecConfig
> setDockerConfig
taggedImage
@rarkins @JamieMagee Other suggestions?
@micheelengronne You would then need to push matching tags to your local docker repository
@viceice no problem. Does it also solve the possible auth on the local docker registry or should this registry be auth-less ?
In a first iteration it would be auth-less, we would need to support docker login and logout for this.
So we should open a different issue to support this, or you simply do the login before running renovate.
I can work on this issue
Please don’t start yet. Our internal handling of this is still being worked on so we’re not ready to make it configurable yet.
@rarkins What is the current status of this issue? I see that we ping-ponged around a bit with the labels from blocked to in-progress, back to blocked.
Is there something we're still waiting on? Or did we manage to get ourselves unblocked in the meantime?
Already implemented: dockerImagePrefix
What would you like Renovate to be able to do? Currently, side docker images for the
binarySource: Docker
are hardcoded to those made by the renovate team.It poses a problem with closed (nearly air-gaped) networks as it maintains a link with docker-hub.
Some security policies forbid to link directly to an external registry and to use unsigned images.
Is it possible to define these images in the configuration ?