diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md
index 670a7cdd6d0a1e9622c38a3371b3d3b98bcb56b6..43c5ca5aa4fdf4c0a285448a83a18207fc02e1c3 100644
--- a/docs/usage/configuration-options.md
+++ b/docs/usage/configuration-options.md
@@ -378,6 +378,23 @@ Renovate will match against all baseUrls. It does not do a "longest match" algor
### hostType
+### insecureRegistry
+
+Enable this option to allow Renovate to connect to an [insecure docker registry](https://docs.docker.com/registry/insecure/) that is http only.
+Warning: This is insecure and is not recommended.
+Example:
+
+```json
+{
+ "hostRules": [
+ {
+ "hostName": "reg.insecure.com",
+ "insecureRegistry": true
+ }
+ ]
+}
+```
+
### timeout
Use this figure to adjust the timeout for queries. The default is 60s, which is quite high. To adjust it down to 10s for all queries, do this:
diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts
index 6913079cb302bd5a17a001de5a83fa4e816ce58e..33e27d5c54808e40302582f1f7042bbe8f6f6b2a 100644
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@@ -1942,6 +1942,15 @@ const options: RenovateOptions[] = [
cli: false,
env: false,
},
+ {
+ name: 'insecureRegistry',
+ description: 'explicity turn on insecure docker registry access (http)',
+ type: 'boolean',
+ stage: 'repository',
+ parent: 'hostRules',
+ cli: false,
+ env: false,
+ },
{
name: 'prBodyDefinitions',
description: 'Table column definitions for use in PR tables',
diff --git a/lib/datasource/docker/index.ts b/lib/datasource/docker/index.ts
index 71b6f86e99a488f86e1d893a7e90d0f5618d0938..c62b5cfc87a8099fcf54ff92f0cf2fce574c23ae 100644
--- a/lib/datasource/docker/index.ts
+++ b/lib/datasource/docker/index.ts
@@ -32,6 +32,10 @@ function getRegistryRepository(lookupName: string, registryUrls: string[]) {
if (!registry.match('^https?://')) {
registry = `https://${registry}`;
}
+ const opts = hostRules.find({ url: registry });
+ if (opts.insecureRegistry) {
+ registry = registry.replace('https', 'http');
+ }
if (registry.endsWith('.docker.io') && !repository.includes('/')) {
repository = 'library/' + repository;
}
diff --git a/lib/util/host-rules.ts b/lib/util/host-rules.ts
index 0e4704a448ae369f5e47a595d14454b2ec679df9..09f02a8a1f38eb702f7577b22546c1d0c6088fe5 100644
--- a/lib/util/host-rules.ts
+++ b/lib/util/host-rules.ts
@@ -12,7 +12,7 @@ export interface HostRule {
token?: string;
username?: string;
password?: string;
-
+ insecureRegistry?: boolean;
timeout?: number;
}
diff --git a/renovate-schema.json b/renovate-schema.json
index 075ad36412d4468fde3a2d4bc630b85f996d2bc9..9bc94c0a251662c5e0153f0d1d54ba23ea39e7fd 100644
--- a/renovate-schema.json
+++ b/renovate-schema.json
@@ -1283,6 +1283,10 @@
"timeout": {
"description": "timeout (in milliseconds) for queries to external endpoints",
"type": "integer"
+ },
+ "insecureRegistry": {
+ "description": "explicity turn on insecure docker registry access (http)",
+ "type": "boolean"
}
}
}
diff --git a/test/datasource/docker.spec.ts b/test/datasource/docker.spec.ts
index b9c4d3b004d2b2fd2c386919ca4f68db94467e99..1140f1e22a82f724bfe0b80f1e6403a20bdc1127 100644
--- a/test/datasource/docker.spec.ts
+++ b/test/datasource/docker.spec.ts
@@ -91,6 +91,17 @@ describe('api/docker', () => {
'sha256:b3d6068234f3a18ebeedd2dab81e67b6a192e81192a099df4112ecfc7c3be84f'
);
});
+ it('supports docker insecure registry', async () => {
+ got.mockReturnValueOnce({
+ headers: {},
+ });
+ got.mockReturnValueOnce({
+ headers: { 'docker-content-digest': 'some-digest' },
+ });
+ hostRules.find.mockReturnValueOnce({ insecureRegistry: true });
+ const res = await docker.getDigest({ lookupName: 'some-dep' });
+ expect(res).toBe('some-digest');
+ });
it('supports basic authentication', async () => {
got.mockReturnValueOnce({
headers: {