From 9d9d7ec84e3cc9df92310f7c2f34b89b814374cf Mon Sep 17 00:00:00 2001
From: Zach Willard <zach.willard@gmail.com>
Date: Tue, 8 Oct 2019 02:19:11 -0500
Subject: [PATCH] feat(docker): add insecureRegistry hostRule (#4590)
---
docs/usage/configuration-options.md | 17 +++++++++++++++++
lib/config/definitions.ts | 9 +++++++++
lib/datasource/docker/index.ts | 4 ++++
lib/util/host-rules.ts | 2 +-
renovate-schema.json | 4 ++++
test/datasource/docker.spec.ts | 11 +++++++++++
6 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/docs/usage/configuration-options.md b/docs/usage/configuration-options.md
index 670a7cdd6d..43c5ca5aa4 100644
--- a/docs/usage/configuration-options.md
+++ b/docs/usage/configuration-options.md
@@ -378,6 +378,23 @@ Renovate will match against all baseUrls. It does not do a "longest match" algor
### hostType
+### insecureRegistry
+
+Enable this option to allow Renovate to connect to an [insecure docker registry](https://docs.docker.com/registry/insecure/) that is http only.
+Warning: This is insecure and is not recommended.
+Example:
+
+```json
+{
+ "hostRules": [
+ {
+ "hostName": "reg.insecure.com",
+ "insecureRegistry": true
+ }
+ ]
+}
+```
+
### timeout
Use this figure to adjust the timeout for queries. The default is 60s, which is quite high. To adjust it down to 10s for all queries, do this:
diff --git a/lib/config/definitions.ts b/lib/config/definitions.ts
index 6913079cb3..33e27d5c54 100644
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@@ -1942,6 +1942,15 @@ const options: RenovateOptions[] = [
cli: false,
env: false,
},
+ {
+ name: 'insecureRegistry',
+ description: 'explicity turn on insecure docker registry access (http)',
+ type: 'boolean',
+ stage: 'repository',
+ parent: 'hostRules',
+ cli: false,
+ env: false,
+ },
{
name: 'prBodyDefinitions',
description: 'Table column definitions for use in PR tables',
diff --git a/lib/datasource/docker/index.ts b/lib/datasource/docker/index.ts
index 71b6f86e99..c62b5cfc87 100644
--- a/lib/datasource/docker/index.ts
+++ b/lib/datasource/docker/index.ts
@@ -32,6 +32,10 @@ function getRegistryRepository(lookupName: string, registryUrls: string[]) {
if (!registry.match('^https?://')) {
registry = `https://${registry}`;
}
+ const opts = hostRules.find({ url: registry });
+ if (opts.insecureRegistry) {
+ registry = registry.replace('https', 'http');
+ }
if (registry.endsWith('.docker.io') && !repository.includes('/')) {
repository = 'library/' + repository;
}
diff --git a/lib/util/host-rules.ts b/lib/util/host-rules.ts
index 0e4704a448..09f02a8a1f 100644
--- a/lib/util/host-rules.ts
+++ b/lib/util/host-rules.ts
@@ -12,7 +12,7 @@ export interface HostRule {
token?: string;
username?: string;
password?: string;
-
+ insecureRegistry?: boolean;
timeout?: number;
}
diff --git a/renovate-schema.json b/renovate-schema.json
index 075ad36412..9bc94c0a25 100644
--- a/renovate-schema.json
+++ b/renovate-schema.json
@@ -1283,6 +1283,10 @@
"timeout": {
"description": "timeout (in milliseconds) for queries to external endpoints",
"type": "integer"
+ },
+ "insecureRegistry": {
+ "description": "explicity turn on insecure docker registry access (http)",
+ "type": "boolean"
}
}
}
diff --git a/test/datasource/docker.spec.ts b/test/datasource/docker.spec.ts
index b9c4d3b004..1140f1e22a 100644
--- a/test/datasource/docker.spec.ts
+++ b/test/datasource/docker.spec.ts
@@ -91,6 +91,17 @@ describe('api/docker', () => {
'sha256:b3d6068234f3a18ebeedd2dab81e67b6a192e81192a099df4112ecfc7c3be84f'
);
});
+ it('supports docker insecure registry', async () => {
+ got.mockReturnValueOnce({
+ headers: {},
+ });
+ got.mockReturnValueOnce({
+ headers: { 'docker-content-digest': 'some-digest' },
+ });
+ hostRules.find.mockReturnValueOnce({ insecureRegistry: true });
+ const res = await docker.getDigest({ lookupName: 'some-dep' });
+ expect(res).toBe('some-digest');
+ });
it('supports basic authentication', async () => {
got.mockReturnValueOnce({
headers: {
--
GitLab