From 24a9e290fdc5da476b3d22652fa111a52f308b63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Dahlgren?= <bjorn@dahlgren.at>
Date: Sat, 5 Oct 2019 13:56:58 +0200
Subject: [PATCH] feat: Allow specifying Docker user (#4578)
---
docs/usage/self-hosted-configuration.md | 5 +++++
lib/config/definitions.ts | 7 +++++++
lib/manager/bundler/artifacts.ts | 4 ++++
lib/manager/cargo/artifacts.ts | 4 ++++
lib/manager/common.ts | 1 +
lib/manager/composer/artifacts.ts | 4 ++++
lib/manager/gomod/artifacts.ts | 4 ++++
lib/manager/gradle/index.ts | 8 +++++++-
lib/manager/npm/post-update/npm.ts | 4 ++++
lib/manager/npm/post-update/pnpm.ts | 4 ++++
lib/manager/pipenv/artifacts.ts | 4 ++++
lib/manager/poetry/artifacts.ts | 4 ++++
renovate-schema.json | 4 ++++
13 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
index cf50822f06..5ba22170f9 100644
--- a/docs/usage/self-hosted-configuration.md
+++ b/docs/usage/self-hosted-configuration.md
@@ -32,6 +32,11 @@ Configure this directory if you want to change which directory Renovate uses for
This is used if you want to map "dotfiles" from your host computer home directory to containers that Renovate creates, e.g. for updating lock files. Currently applicable to `.npmrc` only.
+## dockerUser
+
+Override default user and group used by docker-based binaries. UID and GID should match the user that executes renovate. See [Docker run reference](https://docs.docker.com/engine/reference/run/#user) for more information on user and group syntax.
+Set this to `1001:1002` to use UID 1001 and GID 1002.
+
## dryRun
## endpoint
diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts
index 4a8f82ae75..8bdaae38e8 100644
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@@ -178,6 +178,13 @@ const options: RenovateOptions[] = [
type: 'boolean',
default: false,
},
+ {
+ name: 'dockerUser',
+ description:
+ 'Specify UID and GID for docker-based binaries when binarySource=docker is used.',
+ admin: true,
+ type: 'string',
+ },
// Log options
{
name: 'logLevel',
diff --git a/lib/manager/bundler/artifacts.ts b/lib/manager/bundler/artifacts.ts
index 7dcc27fab4..a7f60c3e56 100644
--- a/lib/manager/bundler/artifacts.ts
+++ b/lib/manager/bundler/artifacts.ts
@@ -93,6 +93,10 @@ export async function updateArtifacts(
bundlerVersion = ' -v ' + bundlerConstraint;
}
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = [];
diff --git a/lib/manager/cargo/artifacts.ts b/lib/manager/cargo/artifacts.ts
index 74a03ce309..b24da15be3 100644
--- a/lib/manager/cargo/artifacts.ts
+++ b/lib/manager/cargo/artifacts.ts
@@ -42,6 +42,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running cargo via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = [];
diff --git a/lib/manager/common.ts b/lib/manager/common.ts
index c7c5f173bb..96fa558974 100644
--- a/lib/manager/common.ts
+++ b/lib/manager/common.ts
@@ -5,6 +5,7 @@ export type Result<T> = T | Promise<T>;
export interface ManagerConfig {
binarySource?: string;
+ dockerUser?: string;
localDir?: string;
registryUrls?: string[];
}
diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts
index 14c79ae42a..f7b6d9ee16 100644
--- a/lib/manager/composer/artifacts.ts
+++ b/lib/manager/composer/artifacts.ts
@@ -101,6 +101,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running composer via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir, process.env.COMPOSER_CACHE_DIR];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = ['COMPOSER_CACHE_DIR'];
diff --git a/lib/manager/gomod/artifacts.ts b/lib/manager/gomod/artifacts.ts
index 6442f23265..0ba2d1fe0b 100644
--- a/lib/manager/gomod/artifacts.ts
+++ b/lib/manager/gomod/artifacts.ts
@@ -45,6 +45,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running go via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir, process.env.GOPATH];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = customEnv;
diff --git a/lib/manager/gradle/index.ts b/lib/manager/gradle/index.ts
index 34964a97f5..b535adec70 100644
--- a/lib/manager/gradle/index.ts
+++ b/lib/manager/gradle/index.ts
@@ -141,7 +141,13 @@ async function getGradleCommandLine(
let cmd: string;
const gradlewExists = await exists(upath.join(cwd, 'gradlew'));
if (config.binarySource === 'docker') {
- cmd = `docker run --rm -v ${cwd}:${cwd} -w ${cwd} renovate/gradle gradle`;
+ cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
+ cmd += `-v ${cwd}:${cwd} -w ${cwd} `;
+ cmd += `renovate/gradle gradle`;
} else if (gradlewExists) {
cmd = 'sh gradlew';
} else {
diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
index 7118fb0653..a343a81059 100644
--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -70,6 +70,10 @@ export async function generateLockFile(
if (config.binarySource === 'docker') {
logger.info('Running npm via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
if (config.cacheDir) {
volumes.push(config.cacheDir);
diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts
index 5cf295d0f8..bf0d9bca64 100644
--- a/lib/manager/npm/post-update/pnpm.ts
+++ b/lib/manager/npm/post-update/pnpm.ts
@@ -67,6 +67,10 @@ export async function generateLockFile(
if (config.binarySource === 'docker') {
logger.info('Running pnpm via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
if (config.cacheDir) {
volumes.push(config.cacheDir);
diff --git a/lib/manager/pipenv/artifacts.ts b/lib/manager/pipenv/artifacts.ts
index 60b4b52878..3d373da822 100644
--- a/lib/manager/pipenv/artifacts.ts
+++ b/lib/manager/pipenv/artifacts.ts
@@ -36,6 +36,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running pipenv via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [config.localDir, process.env.PIPENV_CACHE_DIR];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = ['LC_ALL', 'LANG', 'PIPENV_CACHE_DIR'];
diff --git a/lib/manager/poetry/artifacts.ts b/lib/manager/poetry/artifacts.ts
index 04352134a4..41568bdff6 100644
--- a/lib/manager/poetry/artifacts.ts
+++ b/lib/manager/poetry/artifacts.ts
@@ -48,6 +48,10 @@ export async function updateArtifacts(
if (config.binarySource === 'docker') {
logger.info('Running poetry via docker');
cmd = `docker run --rm `;
+ // istanbul ignore if
+ if (config.dockerUser) {
+ cmd += `--user=${config.dockerUser} `;
+ }
const volumes = [cwd];
cmd += volumes.map(v => `-v ${v}:${v} `).join('');
const envVars = [];
diff --git a/renovate-schema.json b/renovate-schema.json
index 4b92b765db..dc39f719a3 100644
--- a/renovate-schema.json
+++ b/renovate-schema.json
@@ -66,6 +66,10 @@
"type": "boolean",
"default": false
},
+ "dockerUser": {
+ "description": "Specify UID and GID for docker-based binaries when binarySource=docker is used.",
+ "type": "string"
+ },
"logLevel": {
"description": "Logging level",
"type": "string",
--
GitLab