feat(docker): add insecureRegistry hostRule (#4590)

2025-01-11 22:46:27 +00:00 · 2019-10-08 02:19:11 -05:00 · 2019-10-08 02:19:11 -05:00 · 9d9d7ec84e
commit 9d9d7ec84e
parent 8e238ef129
6 changed files with 46 additions and 1 deletions
--- a/docs/usage/configuration-options.md
+++ b/docs/usage/configuration-options.md
@ -378,6 +378,23 @@ Renovate will match against all baseUrls. It does not do a "longest match" algor

 ### hostType

+### insecureRegistry
+
+Enable this option to allow Renovate to connect to an [insecure docker registry](https://docs.docker.com/registry/insecure/) that is http only.
+Warning: This is insecure and is not recommended.
+Example:
+
+```json
+{
+  "hostRules": [
+    {
+      "hostName": "reg.insecure.com",
+      "insecureRegistry": true
+    }
+  ]
+}
+```
+
 ### timeout

 Use this figure to adjust the timeout for queries. The default is 60s, which is quite high. To adjust it down to 10s for all queries, do this:
--- a/lib/config/definitions.ts
+++ b/lib/config/definitions.ts
@ -1942,6 +1942,15 @@ const options: RenovateOptions[] = [
    cli: false,
    env: false,
  },
+  {
+    name: 'insecureRegistry',
+    description: 'explicity turn on insecure docker registry access (http)',
+    type: 'boolean',
+    stage: 'repository',
+    parent: 'hostRules',
+    cli: false,
+    env: false,
+  },
  {
    name: 'prBodyDefinitions',
    description: 'Table column definitions for use in PR tables',
--- a/lib/datasource/docker/index.ts
+++ b/lib/datasource/docker/index.ts
@ -32,6 +32,10 @@ function getRegistryRepository(lookupName: string, registryUrls: string[]) {
  if (!registry.match('^https?://')) {
    registry = `https://${registry}`;
  }
+  const opts = hostRules.find({ url: registry });
+  if (opts.insecureRegistry) {
+    registry = registry.replace('https', 'http');
+  }
  if (registry.endsWith('.docker.io') && !repository.includes('/')) {
    repository = 'library/' + repository;
  }
--- a/lib/util/host-rules.ts
+++ b/lib/util/host-rules.ts
@ -12,7 +12,7 @@ export interface HostRule {
  token?: string;
  username?: string;
  password?: string;
-
+  insecureRegistry?: boolean;
  timeout?: number;
 }

--- a/renovate-schema.json
+++ b/renovate-schema.json
@ -1283,6 +1283,10 @@
              "timeout": {
                "description": "timeout (in milliseconds) for queries to external endpoints",
                "type": "integer"
+              },
+              "insecureRegistry": {
+                "description": "explicity turn on insecure docker registry access (http)",
+                "type": "boolean"
              }
            }
          }
--- a/test/datasource/docker.spec.ts
+++ b/test/datasource/docker.spec.ts
@ -91,6 +91,17 @@ describe('api/docker', () => {
        'sha256:b3d6068234f3a18ebeedd2dab81e67b6a192e81192a099df4112ecfc7c3be84f'
      );
    });
+    it('supports docker insecure registry', async () => {
+      got.mockReturnValueOnce({
+        headers: {},
+      });
+      got.mockReturnValueOnce({
+        headers: { 'docker-content-digest': 'some-digest' },
+      });
+      hostRules.find.mockReturnValueOnce({ insecureRegistry: true });
+      const res = await docker.getDigest({ lookupName: 'some-dep' });
+      expect(res).toBe('some-digest');
+    });
    it('supports basic authentication', async () => {
      got.mockReturnValueOnce({
        headers: {