From 827e51874a2f7544d608b0bd2f70df46ec1bb2d3 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Fri, 10 Mar 2023 13:18:34 +0100 Subject: [PATCH 1/3] feat!: remove docker socket and change to current user (#700) --- src/renovate.ts | 35 +---------------------------------- 1 file changed, 1 insertion(+), 34 deletions(-) diff --git a/src/renovate.ts b/src/renovate.ts index 8bf7a22b..2370b1fe 100644 --- a/src/renovate.ts +++ b/src/renovate.ts @@ -5,7 +5,6 @@ import fs from 'fs'; import path from 'path'; class Renovate { - private dockerGroupName = 'docker'; private configFileMountDir = '/github-action'; private docker: Docker; @@ -17,8 +16,6 @@ class Renovate { } async runDockerContainer(): Promise { - const renovateDockerUser = '1000'; - const dockerArguments = this.input .toEnvironmentVariables() .map((e) => `--env ${e.key}`) @@ -34,9 +31,8 @@ class Renovate { } dockerArguments.push( - '--volume /var/run/docker.sock:/var/run/docker.sock', '--volume /tmp:/tmp', - `--user ${renovateDockerUser}:${this.getDockerGroupId()}`, + `--user ${process.env.UID}:0}`, '--rm', this.docker.image() ); @@ -49,35 +45,6 @@ class Renovate { } } - /** - * Fetch the host docker group of the GitHub Action runner. - * - * The Renovate container needs access to this group in order to have the - * required permissions on the Docker socket. - */ - private getDockerGroupId(): string { - const groupFile = '/etc/group'; - const groups = fs.readFileSync(groupFile, { - encoding: 'utf-8', - }); - - /** - * The group file has `groupname:group-password:GID:username-list` as - * structure and we're interested in the `GID` (the group ID). - * - * Source: https://www.thegeekdiary.com/etcgroup-file-explained/ - */ - const re = new RegExp(`^${this.dockerGroupName}:x:([1-9][0-9]*):`, 'm'); - const match = re.exec(groups); - if (!match || match.length < 2) { - throw new Error( - `Could not find group '${this.dockerGroupName}' in ${groupFile}` - ); - } - - return match[1]; - } - private validateArguments(): void { if (/\s/.test(this.input.token.value)) { throw new Error('Token MUST NOT contain whitespace'); From fedfacb882fd7868a046812a437c6175928bcfd3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Mar 2023 13:08:08 +0000 Subject: [PATCH 2/3] fix(deps)!: update renovate/renovate docker tag to v35 (#702) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Michael Kriese --- src/docker.ts | 2 +- src/renovate.ts | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/docker.ts b/src/docker.ts index adb6bb78..5a812ecb 100644 --- a/src/docker.ts +++ b/src/docker.ts @@ -1,7 +1,7 @@ import type { Input } from './input'; // renovate: datasource=docker depName=renovate/renovate versioning=docker -const tag = '34.159.2-slim'; +const tag = '35.0.0-slim'; class Docker { private static readonly repository = 'renovate/renovate'; diff --git a/src/renovate.ts b/src/renovate.ts index 2370b1fe..aed10203 100644 --- a/src/renovate.ts +++ b/src/renovate.ts @@ -2,6 +2,7 @@ import Docker from './docker'; import { Input } from './input'; import { exec } from '@actions/exec'; import fs from 'fs'; +import os from 'os'; import path from 'path'; class Renovate { @@ -30,9 +31,11 @@ class Renovate { ); } + const user = os.userInfo(); + dockerArguments.push( '--volume /tmp:/tmp', - `--user ${process.env.UID}:0}`, + `--user ${user.uid}:0`, '--rm', this.docker.image() ); From 27aefbbfa2b7dcce9d2e84276caf6724a193d23f Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Fri, 10 Mar 2023 14:12:28 +0100 Subject: [PATCH 3/3] chore: migrate sample (#703) --- example/renovate.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/renovate.json b/example/renovate.json index 6f754950..c6adad3c 100644 --- a/example/renovate.json +++ b/example/renovate.json @@ -1,6 +1,6 @@ { "branchPrefix": "test-renovate/", - "dryRun": true, + "dryRun": "full", "username": "renovate-release", "gitAuthor": "Renovate Bot ", "onboarding": false,