Default to binarySource=install #14531
Comments
rarkins
added
type:feature
rarkins
added
status:requirements
|
@viceice do you think this makes most sense in Renovate itself, or in the Docker image? Maybe it's best to have our docs showing the actual defaults in our image, which would mean doing it here. Then we just need to make sure that it gracefully downgrades to global if in non-buildpack. |
|
I think we should do it here in a major bump. We should also extend the docs to explain the different settings a little bit more. |
rarkins
added
status:ready
and removed
status:requirements
|
Hi @rarkins and @viceice, |
|
Yes, it's safe, but the list of supported managers so far is short (npm, yarn, composer). Not yet to language level like node and python |
|
Just wanted to add that we used |
rarkins
added
status:in-progress
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
|
The release notes should indicate that Renovate will not work with a read-only filesystem anymore (including the container-base image). Otherwise, this could surprise some users, I have run it with that extra security setting myself |
|
@maxbrunet could you suggest the wording for this? I guess users can still switch back to binarySource=global if so too? |
|
Maybe
(verbose version) |
|
I think we can simplify a bit, and fix the styling as well: Renovate now needs a writable root filesystem to install binaries at runtime.
For example, in Kubernetes, if you still wish to use container `securityContext` options like `readOnlyRootFilesystem: true` or a GID different from `0` (root) via `runAsGroup`, you can set `binarySource=global` to restore the old behavior. |
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
Changes binarySource default value from global to install. Closes #14531 BREAKING CHANGE: Users of containerbase images (such as official Renovate images) will now have dynamic package manager installs enabled by default.
|
🎉 This issue has been resolved in version 33.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
What would you like Renovate to be able to do?
Default to binarySource=install behavior, mainly for the flow-on benefit in the
renovate/renovateimage.If you have any ideas on how this should be implemented, please tell us here.
Change the default in a major release. Make sure that non-buildpack users don't get confusing warnings.
Is this a feature you are interested in implementing yourself?
Maybe
The text was updated successfully, but these errors were encountered: