actions/renovatebot-github
1
0
Fork 0
mirror of https://github.com/renovatebot/github-action.git synced 2025-12-16 17:02:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

feat: use slim image (#61)

Browse source 
- mount docker.sock and /tmp to renovate
- use slim image

Co-authored-by: Jeroen de Bruijn <vidavidorra+jdbruijn@gmail.com>
Co-authored-by: Jeroen de Bruijn <62570005+jdbruijn@users.noreply.github.com>
This commit is contained in:
Michael Kriese 2020-05-08 06:55:32 +02:00 committed by GitHub
parent ea9e7f263f
commit 9b8645713e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/docker.ts
View file

@ -1,7 +1,7 @@
class Docker {
readonly repository = 'renovate/renovate';
// renovate: datasource=docker depName=renovate/renovate versioning=docker
readonly tag = '19.231.12';
readonly tag = '19.231.12-slim';
image(): string {
return `${this.repository}:${this.tag}`;

26
src/renovate.ts
View file

@ -20,11 +20,16 @@ class Renovate {
}
async runDockerContainer(): Promise<void> {
const renovateDockerUser = 'ubuntu';
const githubActionsDockerGroupId = this.getDockerGroupId();
const commandArguments = [
'--rm',
`--env ${this.configFileEnv}=${this.configFileMountPath()}`,
`--env ${this.tokenEnv}=${this.token}`,
`--volume ${this.configFile}:${this.configFileMountPath()}`,
`--volume /var/run/docker.sock:/var/run/docker.sock`,
`--volume /tmp:/tmp`,
`--user ${renovateDockerUser}:${githubActionsDockerGroupId}`,
this.docker.image(),
];
const command = `docker run ${commandArguments.join(' ')}`;
@ -35,6 +40,27 @@ class Renovate {
}
}
/**
* Fetch the host docker group of the GitHub Action runner.
*
* The Renovate container needs access to this group in order to have the
* required permissions on the Docker socket.
*/
private getDockerGroupId(): string {
const groups = fs.readFileSync('/etc/group', {
encoding: 'utf-8',
});
/**
* The group file has `groupname:group-password:GID:username-list` as
* structure and we're interested in the `GID` (the group ID).
*
* Source: https://www.thegeekdiary.com/etcgroup-file-explained/
*/
const [, group] = /^docker:x:([1-9][0-9]*):$/m.exec(groups);
return group;
}
private validateArguments(): void {
if (!fs.existsSync(this.configFile)) {
throw new Error(