fix: fail on ddev start for docker-rootless w/o no-bind-mounts, don't test with latest rootless

[stasadev]

The Issue

We see intermittent fails for docker builds in docker-rootless

https://github.com/ddev/ddev/actions/runs/20281804435/job/58245516314
https://github.com/ddev/ddev/actions/runs/20283152764/job/58265709576

target web: failed to solve: failed to prepare extraction snapshot "extract-723956080-but9 sha256:98aadc33b4c66175f497b2a2afa364ffa6c162909f6a0bc15692ab9691ad2236": parent snapshot sha256:67e8265291254656ea4f112f6d4ebe594b2cd4a73b6b50e50e46640b4fb5f8d4 does not exist: not found

It always installs the latest version:

+ curl -fsSL https://get.docker.com/rootless
+ sh
# Installing stable version 29.1.3

When Rootless was merged:

+ curl -fsSL https://get.docker.com/rootless
+ sh
# Installing stable version 29.1.2

---

Also, Docker Rootless does not work without no-bind-mounts, but I didn't add a check for this because I was thinking about a flexible configuration, but our users will not read the setup instructions very carefully, and we will get support requests why it does not work:

$ ddev ssh
stas@l12-web:/var/www/html$ touch test-file
touch: cannot touch 'test-file': Permission denied

How This PR Solves The Issue

• Trying to fix intermittent fails in tests by installing the same rootless docker version as we use in rootful mode.
• Adds an error on ddev start if no-bind-mounts is not enabled.

Manual Testing Instructions

Check docker-rootless test in GitHub Actions, confirm the installed docker version is not the latest 29.1.3 https://github.com/ddev/ddev/actions/runs/20302539723/job/58311490118?pr=7952#step:8:165

$ docker context use rootless

$ ddev start
Starting l12... 
Failed to start l12: bind mounts can't be used with Docker Rootless.
Run `ddev config global --no-bind-mounts` and try again

$ ddev config global --no-bind-mounts

$ ddev start
Starting l12... 
Mutagen is enabled because `no_bind_mounts: true` is set.
`ddev config global --no-bind-mounts=false` if you do not intend that. 
97.44 MiB / 97.44 MiB [-----------------------------] 100.00% 91.89 MiB p/s 1.3s
Download complete. 
 Container ddev-ssh-agent  Created 
 Container ddev-ssh-agent  Started
...

Automated Testing Overview

Release/Deployment Notes

[github-actions]

Download the artifacts for this pull request:

• all-ddev-executables.zip
• ddev-macos-amd64.zip
• ddev-macos-arm64.zip
• ddev-linux-arm64.zip
• ddev-linux-amd64.zip
• ddev-windows-amd64.zip
• ddev-windows-amd64-installer.zip
• ddev-windows-arm64.zip
• ddev-windows-arm64-installer.zip

See Testing a PR.

[rfay]

Thanks for exploring this!

[rfay]

It seems fine, there's just the question of whether we should keep up with upstream releases.

[rfay]

A lot of times we profit from not wiring the specific versions of things, so we find out early when things go wrong. I know you know that. It also would be nice to not have this fail intermittently, and of course it may be a result of the current version we're getting.

[stasadev]

We don't test against the latest Docker rootful. GitHub Actions comes with a preinstalled Docker version (28.0.4 on Ubuntu 24.04), and we don't update it, so in practice we are already wired to a specific Docker version. This change just aligns our setup with what we already use.

I'm not sure whether this change actually helps with Docker rootless. One successful test doesn't say much. I'd like to see how it behaves after being in the main branch for a while. If it doesn't help, then we can think about a different strategy.

[rfay]

It works for me anyway.