diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
index cf50822f0673b4fabb400920aa8928aa3a2f556a..5ba22170f99294a6cd8cedef3eadaed2744d5b27 100644
--- a/docs/usage/self-hosted-configuration.md
+++ b/docs/usage/self-hosted-configuration.md
@@ -32,6 +32,11 @@ Configure this directory if you want to change which directory Renovate uses for
This is used if you want to map "dotfiles" from your host computer home directory to containers that Renovate creates, e.g. for updating lock files. Currently applicable to `.npmrc` only.
+## dockerUser
+
+Override default user and group used by docker-based binaries. UID and GID should match the user that executes renovate. See [Docker run reference](https://docs.docker.com/engine/reference/run/#user) for more information on user and group syntax.
+Set this to `1001:1002` to use UID 1001 and GID 1002.
+
## dryRun
## endpoint
diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts
index 4a8f82ae75d1eeec9e0f3cb18b9f581e5e24bced..8bdaae38e802863301af649c199afd2346b2d97c 100644
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@@ -178,6 +178,13 @@ const options: RenovateOptions[] = [
type: 'boolean',
default: false,
},
+ {
+ name: 'dockerUser',
+ description:
+ 'Specify UID and GID for docker-based binaries when binarySource=docker is used.',
+ admin: true,
+ type: 'string',
+ },
// Log options
{
name: 'logLevel',
diff --git a/lib/manager/bundler/artifacts.ts b/lib/manager/bundler/artifacts.ts
index 7dcc27fab44847a862880ab5339359f0039eb85d..a7f60c3e56d7072d674c8a4fbc0a07ed1f56ec9b 100644
--- a/lib/manager/bundler/artifacts.ts
+++ b/lib/manager/bundler/artifacts.ts
@@ -93,6 +93,10 @@ export async function updateArtifacts(
bundlerVersion = ' -v ' + bundlerConstraint;
}
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = [];
diff --git a/lib/manager/cargo/artifacts.ts b/lib/manager/cargo/artifacts.ts
index 74a03ce30930fcc69e209be8aa0c4e1b8cf86a0d..b24da15be315f4e45d72d5ab60e98938cccdbb2a 100644
--- a/lib/manager/cargo/artifacts.ts
+++ b/lib/manager/cargo/artifacts.ts
@@ -42,6 +42,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running cargo via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = [];
diff --git a/lib/manager/common.ts b/lib/manager/common.ts
index c7c5f173bbc4025e85bff887e1cdd3bd547bc089..96fa55897464db5fd503415978c3c4b908a66b7c 100644
--- a/lib/manager/common.ts
+++ b/lib/manager/common.ts
@@ -5,6 +5,7 @@ export type Result<T> = T | Promise<T>;
export interface ManagerConfig {
binarySource?: string;
+ dockerUser?: string;
localDir?: string;
registryUrls?: string[];
}
diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts
index 14c79ae42ae79025181f767c72484190297ccfdc..f7b6d9ee162014119bd34a34f994811a2443430a 100644
--- a/lib/manager/composer/artifacts.ts
+++ b/lib/manager/composer/artifacts.ts
@@ -101,6 +101,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running composer via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir, process.env.COMPOSER_CACHE_DIR];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = ['COMPOSER_CACHE_DIR'];
diff --git a/lib/manager/gomod/artifacts.ts b/lib/manager/gomod/artifacts.ts
index 6442f23265a5dcabc5ca196aa43cb431a4411abb..0ba2d1fe0b7682a11b90cd9f8f7c85caa7c96e5b 100644
--- a/lib/manager/gomod/artifacts.ts
+++ b/lib/manager/gomod/artifacts.ts
@@ -45,6 +45,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running go via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir, process.env.GOPATH];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = customEnv;
diff --git a/lib/manager/gradle/index.ts b/lib/manager/gradle/index.ts
index 34964a97f5587ede802a5338426f1c597e59fc68..b535adec707bad68e640fe0be11e0f083954afb9 100644
--- a/lib/manager/gradle/index.ts
+++ b/lib/manager/gradle/index.ts
@@ -141,7 +141,13 @@ async function getGradleCommandLine(
let cmd: string;
const gradlewExists = await exists(upath.join(cwd, 'gradlew'));
if (config.binarySource === 'docker') {
- cmd = `docker run --rm -v ${cwd}:${cwd} -w ${cwd} renovate/gradle gradle`;
+ cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
+ cmd += `-v ${cwd}:${cwd} -w ${cwd} `;
+ cmd += `renovate/gradle gradle`;
} else if (gradlewExists) {
cmd = 'sh gradlew';
} else {
diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
index 7118fb065328b845c3b474cad5495c8e626bcf9e..a343a81059ab0b6b9e57266167a9a14afd9188c8 100644
--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -70,6 +70,10 @@ export async function generateLockFile(
if (config.binarySource === 'docker') {
logger.info('Running npm via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
if (config.cacheDir) {
volumes.push(config.cacheDir);
diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts
index 5cf295d0f825ad7e185a14046587d1f75e46ebec..bf0d9bca643a9b724aeaa77545f67f0a3544175d 100644
--- a/lib/manager/npm/post-update/pnpm.ts
+++ b/lib/manager/npm/post-update/pnpm.ts
@@ -67,6 +67,10 @@ export async function generateLockFile(
if (config.binarySource === 'docker') {
logger.info('Running pnpm via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
if (config.cacheDir) {
volumes.push(config.cacheDir);
diff --git a/lib/manager/pipenv/artifacts.ts b/lib/manager/pipenv/artifacts.ts
index 60b4b528782348200cf0192a3142234afcc73481..3d373da822a65e4de73085659ba59a4ae4200db1 100644
--- a/lib/manager/pipenv/artifacts.ts
+++ b/lib/manager/pipenv/artifacts.ts
@@ -36,6 +36,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running pipenv via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir, process.env.PIPENV_CACHE_DIR];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = ['LC_ALL', 'LANG', 'PIPENV_CACHE_DIR'];
diff --git a/lib/manager/poetry/artifacts.ts b/lib/manager/poetry/artifacts.ts
index 04352134a437a35a2f025481d2e007eff4a8cf70..41568bdff63c4191892f316248ccfd878254df30 100644
--- a/lib/manager/poetry/artifacts.ts
+++ b/lib/manager/poetry/artifacts.ts
@@ -48,6 +48,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running poetry via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = [];
diff --git a/renovate-schema.json b/renovate-schema.json
index 4b92b765db0046dd957424e869ca80071680e840..dc39f719a32021e96f50dea501f5d869b2c3a520 100644
--- a/renovate-schema.json
+++ b/renovate-schema.json
@@ -66,6 +66,10 @@
"type": "boolean",
"default": false
},
+ "dockerUser": {
+ "description": "Specify UID and GID for docker-based binaries when binarySource=docker is used.",
+ "type": "string"
+ },
"logLevel": {
"description": "Logging level",
"type": "string",