-
Notifications
You must be signed in to change notification settings - Fork 2.1k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker datasource registryUrls #10135
Comments
Gitlab supports multiple nested groups, so an image repo can be have more that three parts, eg I think we should treat this image as GitLab also supports a dependency proxy for docker hub images. If i configure a hub proxy within harbor a image looks like Those registry are pull through proxies, so you can pill any known tag or digest, but the So we need a way to allow users to override the registry host and prefix, so renovate will lookup:
But we need to make sure renovate can also lookup (private or public) images from:
|
And the others should work "as is" so long as the |
OK, then i'm fine with it. So we extract
And when combined with What about |
Close, not sure if it was a typo but it's:
And it would resolve the same as you expect. I think we can add a special rule for |
Yes, was a typo, fixed it |
Something I still need to resolve is:
I think the following will work: if the |
@rarkins Any progress on this issue? Would the following also work to make the override scenarios possible?:
This would fix this issue and would be opt-in.
This would fix the linked issue #9958 and also would be opt-in. |
I got a bit slowed up on this one and started doubting my design decision. I'll try to summarize here. Ultimately, we want maximum flexibility when it comes to controlling which docker registry we look image versions up from. I've seen for example both these cases:
Therefore we can't make any assumptions other than:
The way One challenge we have - and I would appreciate help solving it - is knowing how to split up fully qualified images into the registry and the image name. e.g. So here's the challenge:
We should also keep in mind that Docker images are not the only type of dependency with this format, e.g. Go Modules are like foo.bar/alpha/beta. However we don't have the same need to change the host for them. An advantage to guessing the split in the manager extract process is enabling the user to be able to "fix" it using Stepping back, what if we simply made a breaking change to how our In this scenario we'd never extract |
Don't like that, as I've a lot images who are not availabe on hub, so configure hostrules for all of them is painful. So i would suggest
If the user overrides the registry url, it get's prepended to
So this works for most cases. If someone needs to change the existing prefix too, he can use a regex manager. {
"fileMatch": ["^Dockerfile$"],
"matchStrings": [
"FROM my\\.registry\\.com\\/some\\/sub\\/path\\/(?<depName>[a-z0-9.\\/-]+)(?::(?<currentValue>[a-z0-9.-]+))?(?:@(?<currentDigest>sha256:[a-f0-9]+))?",
],
"datasourceTemplate": "docker",
"versioningTemplate": "docker"
"registryUrlTemplate": "https://docker.io" this will do the special case:
|
I didn't phrase that well. What I meant was that we'd never split |
Ok |
Would it be possible to:
My motivation here is that requests for However, the proxy does not support Result: Therefore, setting the dependency proxy URL as
Is it too hacky to bypass GitLab dependency proxy (= override Ideally, GitLab dependency proxy should add support for |
I think whether it's too hacky or not depends on both:
Right now I'm thinking it's probably too complicated to be justified, but I'm definitely not sure about it. |
I've been wanting to revisit this topic for a while. The use cases we're hoping to cover include:
We could extract Docker dependencies as either:
The challenge with supporting only the separate approach is that we don't always know where the registry stops and the package name begins. e.g. example of Let's say the extracted value is
If we went with the aliases approach then we'd be keeping our existing |
It does sound like a valuable feature. Is there a way to know how many users would benefit from that? |
Hi, I think that it should be assumed that finding the package name from the registry name is not possible. If using aliases, you'd better iterate on each trying to replace if it match. In our case, we are using jFrog artifactory as an on premise registry mirror. It does mirroring with DNS only (so it preserve the original path). But we have mirrors of theses mirrors that is only accessible from the deployment environnement. So, in our config files, we must set the registry name of the deployment environnement but renovate should replace it with the first one. I saw in docker manager that when the dep come from gitlabci manager, the registryAliases are iterated to do a simple replace when it starts with. |
Just to add to this, I've run into a similar situation where I need to set a registryAlias for a docker registry. This mostly works for my use case except that it doesn't work in helm-values b/c helm-values manager doesn't pass along any registryAliases in the call to |
please open a new feature request discussion for this. I'll probably add that next week |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
What would you like Renovate to be able to do?
Improved
registryUrls
support for changing the lookup of images.Did you already have any implementation ideas?
Knowing what is the image name and what is the path is challenging.
DockerHub has a two-part namespace, e.g.
<org>/<image>
. However forlibrary/<image>
, it is also allowed to have simply<image>
.I thought about indexing the list of library images - there are less than 200 - however that doesn't really help because even though
node
is a library image, it's also possible to havefoo/node
too.I think the solution for this is:
registryUrls
for a docker library image then you need to use the fulllibrary/<image>
in the path. e.g.registry.mygitlab.test/jobs/library/node:14
and notregistry.mygitlab.test/jobs/node:14
depName=image,lookupName=library/image
if the extracted depName starts withlibrary/node
The next thing we need to do is within the
docker
datasource: join theregistryUrl
withlookupName
, then treat the origin +/v2
as the "Docker registry" and the rest as the image name. e.g. the Docker registry above would behttps://registry.mygitlab.test
and the image name would bejobs/library/node
.Once agreement is reached, I will resume and update #10118
The text was updated successfully, but these errors were encountered: