-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default to binarySource=install #14531
Comments
@viceice do you think this makes most sense in Renovate itself, or in the Docker image? Maybe it's best to have our docs showing the actual defaults in our image, which would mean doing it here. Then we just need to make sure that it gracefully downgrades to global if in non-buildpack. |
I think we should do it here in a major bump. We should also extend the docs to explain the different settings a little bit more. |
Hi @rarkins and @viceice, |
Yes, it's safe, but the list of supported managers so far is short (npm, yarn, composer). Not yet to language level like node and python |
Just wanted to add that we used |
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
The release notes should indicate that Renovate will not work with a read-only filesystem anymore (including the container-base image). Otherwise, this could surprise some users, I have run it with that extra security setting myself |
@maxbrunet could you suggest the wording for this? I guess users can still switch back to binarySource=global if so too? |
Maybe
(verbose version) |
I think we can simplify a bit, and fix the styling as well: Renovate now needs a writable root filesystem to install binaries at runtime.
For example, in Kubernetes, if you still wish to use container `securityContext` options like `readOnlyRootFilesystem: true` or a GID different from `0` (root) via `runAsGroup`, you can set `binarySource=global` to restore the old behavior. |
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
🎉 This issue has been resolved in version 33.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
What would you like Renovate to be able to do?
Default to binarySource=install behavior, mainly for the flow-on benefit in the
renovate/renovate
image.If you have any ideas on how this should be implemented, please tell us here.
Change the default in a major release. Make sure that non-buildpack users don't get confusing warnings.
Is this a feature you are interested in implementing yourself?
Maybe
The text was updated successfully, but these errors were encountered: