mirror of
https://github.com/renovatebot/github-action.git
synced 2025-12-16 08:52:35 +00:00
feat: add mount-docker-socket option (#749)
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
This commit is contained in:
Mahé
GitHub
parent
da15a1bb63
commit
7c65b94442
4 changed files with 52 additions and 0 deletions
|
|
@ -73,6 +73,10 @@ class Input {
|
|||
return !!version && version !== '' ? version : null;
|
||||
}
|
||||
|
||||
mountDockerSocket(): boolean {
|
||||
return core.getInput('mount-docker-socket') === 'true';
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert to environment variables.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import fs from 'fs';
|
|||
import path from 'path';
|
||||
|
||||
class Renovate {
|
||||
static dockerGroupRegex = /^docker:x:(?<groupId>[1-9][0-9]*):/m;
|
||||
private configFileMountDir = '/github-action';
|
||||
|
||||
private docker: Docker;
|
||||
|
|
@ -31,6 +32,13 @@ class Renovate {
|
|||
);
|
||||
}
|
||||
|
||||
if (this.input.mountDockerSocket()) {
|
||||
dockerArguments.push(
|
||||
'--volume /var/run/docker.sock:/var/run/docker.sock',
|
||||
`--group-add ${this.getDockerGroupId()}`
|
||||
);
|
||||
}
|
||||
|
||||
dockerArguments.push('--volume /tmp:/tmp', '--rm', this.docker.image());
|
||||
|
||||
const command = `docker run ${dockerArguments.join(' ')}`;
|
||||
|
|
@ -41,6 +49,32 @@ class Renovate {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch the host docker group of the GitHub Action runner.
|
||||
*
|
||||
* The Renovate container needs access to this group in order to have the
|
||||
* required permissions on the Docker socket.
|
||||
*/
|
||||
private getDockerGroupId(): string {
|
||||
const groupFile = '/etc/group';
|
||||
const groups = fs.readFileSync(groupFile, {
|
||||
encoding: 'utf-8',
|
||||
});
|
||||
|
||||
/**
|
||||
* The group file has `groupname:group-password:GID:username-list` as
|
||||
* structure and we're interested in the `GID` (the group ID).
|
||||
*
|
||||
* Source: https://www.thegeekdiary.com/etcgroup-file-explained/
|
||||
*/
|
||||
const match = Renovate.dockerGroupRegex.exec(groups);
|
||||
if (match?.groups?.groupId === undefined) {
|
||||
throw new Error(`Could not find group docker in ${groupFile}`);
|
||||
}
|
||||
|
||||
return match.groups.groupId;
|
||||
}
|
||||
|
||||
private validateArguments(): void {
|
||||
if (/\s/.test(this.input.token.value)) {
|
||||
throw new Error('Token MUST NOT contain whitespace');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue