feat: use podman for embedded containers

.azure/docker.macos.yml

@@ -0,0 +1,27 @@
+# https://github.com/Microsoft/azure-pipelines-image-generation/issues/738
+steps:
+  - script: |
+      retries=0
+      brew cask install https://raw.githubusercontent.com/Homebrew/homebrew-cask/8ce4e89d10716666743b28c5a46cd54af59a9cc2/Casks/docker.rb
+      sudo /Applications/Docker.app/Contents/MacOS/Docker --quit-after-install --unattended
+      /Applications/Docker.app/Contents/MacOS/Docker --unattended &
+      while ! docker info 2>/dev/null ; do
+        sleep 5
+        retries=`expr $retries + 1`
+        if pgrep -xq -- "Docker"; then
+            echo 'docker still running'
+        else
+            echo 'docker not running, restart'
+            /Applications/Docker.app/Contents/MacOS/Docker --unattended &
+        fi
+        if [ $retries -gt 30 ]; then
+            >&2 echo 'Failed to run docker'
+            exit 1
+        fi;
+
+        echo 'Waiting for docker service to be in the running state'
+      done
+    displayName: Install docker
+
+  - script: docker run --privileged --rm -v /:/host alpine chmod o=rw /host/dev/net/tun
+    displayName: Fix MobyLinux permission

.azure/docker.yml

@@ -0,0 +1,15 @@
+steps:
+  - checkout: self
+    fetchDepth: 5
+    path: renovate
+
+  - script: |
+      export DOCKER_BUILDKIT=1
+      docker build -t renovate-test -f Dockerfile.slim .
+    displayName: Build slim renovate image
+
+  - script: |
+      docker run --rm renovate-test --version
+      docker run --rm --entrypoint="" renovate-test uname -a
+      docker run --rm --entrypoint="podman" --privileged renovate-test --log-level info run docker/whalesay cowsay renovate
+    displayName: Test slim renovate image

Dockerfile.slim

@@ -50,22 +50,23 @@ FROM base as final
 # required for install
 USER root
 
-# Docker client and group
-
-RUN groupadd -g 999 docker
-RUN usermod -aG docker ubuntu
-
-ENV DOCKER_VERSION=19.03.1
-
-RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
-  && tar xzvf docker-${DOCKER_VERSION}.tgz --strip 1 \
-  -C /usr/local/bin docker/docker \
-  && rm docker-${DOCKER_VERSION}.tgz
+# Podman
+RUN echo "deb http://ppa.launchpad.net/projectatomic/ppa/ubuntu bionic main" > /etc/apt/sources.list.d/projectatomic-ubuntu-ppa-bionic.list \
+  && apt-key adv --keyserver keyserver.ubuntu.com --recv 018ba5ad9df57a4448f0e6cf8becf1637ad8c79d \
+  && apt-get update \
+  && apt-get -y install podman \
+  && rm -rf /var/lib/apt/lists/*
 
+RUN ln -s /usr/bin/podman /usr/bin/docker \
+  && echo "[registries.search]\n  registries = ['docker.io']" | tee /etc/containers/registries.conf
 
 # and back to normal
 USER ubuntu
 
+# creating initial podman config to suppress event errors
+RUN podman --events-backend=file info 2> /dev/null || echo \
+  && sed -i '/^\s*crun =/ d' /home/ubuntu/.config/containers/libpod.conf
+
 COPY package.json .
 
 COPY --from=tsbuild /usr/src/app/dist dist

azure-pipelines.yml

@@ -56,20 +56,17 @@ jobs:
     steps:
       - template: .azure/steps.yml
 
-  - job: 'DockerSlim'
+  - job: 'Linux_DockerSlim'
     pool:
       vmImage: ubuntu-16.04
 
     steps:
-      - script: |
-          docker pull renovate/renovate:slim
-        displayName: Pull old slim renovate image as cache
+      - template: .azure/docker.yml
 
-      - script: |
-          export DOCKER_BUILDKIT=1
-          docker build --cache-from renovate/renovate:slim -t renovate-test -f Dockerfile.slim .
-        displayName: Build slim renovate image
+  - job: 'MacOS_DockerSlim'
+    pool:
+      vmImage: macOS-10.14
 
-      - script: |
-          docker run --rm -t renovate-test --version
-        displayName: Test slim renovate image
+    steps:
+      - template: .azure/docker.macos.yml
+      - template: .azure/docker.yml

docs/development/self-hosting.md

@@ -23,6 +23,19 @@ $ docker run renovate/renovate:13.1
 $ docker run renovate/renovate:13
 ```
 
+We also have a `slim` image, which doesn't include the third party binaries (eg Python, Java ...).
+The `slim` image can use [podman](https://podman.io) to start child containers to use these third party tools.
+For this to work you have to start the container with the `--privileged` argument.
+
+Here are some working tags for the `slim` image.
+
+```
+$ docker run renovate/renovate:slim
+$ docker run renovate/renovate:19.34.5-slim
+$ docker run renovate/renovate:19.34-slim
+$ docker run renovate/renovate:19-slim
+```
+
 (Please look up what the latest actual tags are though, do not use the above literally).
 
 If you wish to configure Renovate using a `config.js` file then map it to `/usr/src/app/config.js` using Docker volumes.

readme.md

@@ -56,6 +56,8 @@ If you are not on github.com or gitlab.com, or you prefer to run your own instan
 - Run the `renovate/renovate` Docker Hub image (same content/versions as the CLI tool), run it on a schedule
 - Run the `renovate/renovate:slim` Docker Hub image if you only use package managers that don't need third party binaries (e.g. JS, Docker, Nuget, pip)
 
+See [self-hosting](docs/self-hosting.md) docs for more details
+
 ## Contributing
 
 If you would like to contribute to Renovate or get a local copy running for some other reason, please see the instructions in [.github/contributing.md](.github/contributing.md).