Renovate: Docker images v14.x doesn't work in gitlab

Please try with the latest 14.x and not 14.0.0, let me know if there's any difference to the logs

Actually this is non-standard:

renovate:
  stage: renovate
  image:
    name: renovate/renovate:14.0.0
    entrypoint: ["/bin/sh", "-c"]
  script:
    - node /usr/src/app/lib/renovate.js --log-level debug # Overwrite entrypoint as it doesnt work if not overwriting.

Please revert back to the normal way of running Renovate and post logs from that.

I tried latest and other version (14.2.0, 14.1.0) and got the same result.

What's the normal way ?

The normal way is not to override the image's entrypoint. Doing so is the docker equivalent of monkey patching code. Please remove that and post the new logs.

I did that a while ago because gitlab requires the script attribute and if I remember that using ["node", "/usr/src/app/lib/renovate.js"] as entrypoint didn't work (I can't remember why) and I also got issues passing down variables.

There is also no way (AFAIK) to pass extra parameters to the entrypoint without redefining it in the stage.

I will try without overriding the entrypoint to see if it runs at least

renovate:
  stage: renovate
  image: 
    name: renovate/renovate
  script:
    - echo "Hello world"

With this, renovate is run twice, and I don't know how to pass down parameters.

I found another way to override docker entrypoint from https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#overriding-the-entrypoint-of-an-image:

renovate:
  stage: renovate
  image: 
    name: renovate/renovate
    entrypoint: [""]    
  script:
    - node /usr/src/app/lib/renovate.js --token $GITLAB_TOKEN

This works, anyway as you pointed out this is not a good way. As I was able to fix my issue, I think the issue can be closed. If anyone knows a better way to run renovate images in gitlab, please let me know :pray:

What if you just use environment parameters to configure Renovate instead of CLI parameters? That way I'd hope you don't need to override entrypoint. Is script even needed?

e.g. RENOVATE_PLATFORM, RENOVATE_TOKEN, RENOVATE_AUTODISCOVER, etc.

I could (I was actually looking for how to replace GITLAB_TOKEN which is deprecated).

I still have the issue that it's run twice. I will check it they are run sequentially or in parallel. Will let you know :+1:

I tried with the following gitlab-ci.yml

renovate:
  stage: renovate
  image: 
    name: renovate/renovate
  script:
    - echo "Hello world"

which results in

ERROR: Repository is not found (repository=sh)

In the logs I can see

DEBUG: CLI config
       "config": {"repositories": ["sh"]}

Which I understand that sh is passed as argument by gitlab and renovate try to run with this repository.

Either you're not sharing your whole config above, or your config is incomplete.

1. You need to configure Renovate using env variables, you are not showing any there, e.g. platform, token, autodiscover
2. I don't know what GitLab's rules are for script, but any script seems like a mistake to me

Everything is available there => https://gitlab.com/mycf.sg/renovate (I should have linked before)

Environment variables set are:

• GITHUB_COM_TOKEN
• LOG_LEVEL
• RENOVATE_CONFIG_FILE
• RENOVATE_TOKEN

The error ERROR: Repository is not found (repository=sh) is actually the one I met when I set up renovate a while ago.

I don't know what GitLab's rules are for script, but any script seems like a mistake to me

I agree :smile:

IMHO the issue is not related to renovate (If I run locally it's working well). Annoying part is my configuration breaking from v13 to v14 but I found a workaround.

Are you also setting RENOVATE_PLATFORM? And are you intending to just Renovate one repo, or multiple? For multiple you'd need RENOVATE_AUTODISCOVER=true too. Unless of course you put those in your config file.

I think there might be a firewall blocking me from your repo btw.

FYI Renovate takes the first non-url param as a repository name, e.g. you usually run it like renovate facebook/jest to Renovate the facebook/jest repo. So if you or GitLab indirectly are running the container like renovate sh -c "echo world" then that would explain why Renovate thinks you're trying to access repo sh.

In v14 Renovate changed from an alpine-based image to an Ubuntu-based one. The way it "normally" runs should have stayed the same (e.g. from command line) but it sounds like the way it runs within GitLab CI could have changed.

If it helps at all, I'm doing the same thing running the docker image via GitLab CI and I don't have any issues.

Here is my .gitlab-ci.yml file:

image: docker:latest

services:
  - docker:dind

stages:
  - renovate

renovate:
  stage: renovate
  script:
    - docker pull renovate/renovate:latest
    - docker run renovate/renovate:latest --host-rules="<SNIP>" --platform gitlab --timezone Europe/London --token $RENOVATE_TOKEN --autodiscover --log-level debug --print-config true
  only:
    - master

Then I just set RENOVATE_TOKEN CI variable for my renovate bot user's personal access token.

@rarkins maybe its worth adding my code to the readme?

@Jamesking56 yes, it would be great if you can submit a PR to the self hosting doc. I think the main difference seems to be that you're running renovate indirectly within dind rather than directly. It sounds like GitLab tries to run "scripts" using sh or something like that, whereas Renovate is just expecting its CLI arguments.

I updated the link to the repository (pasted wrong one).

I don't use RENOVATE_PLATFORM, it's already set in renovate.json. I don't use RENOVATE_AUTODISCOVER as well. It's working well but it's too powerful, I want to limit for the moment the repositories using renovate.

So if you or GitLab indirectly are running the container like renovate sh -c "echo world" then that would explain why Renovate thinks you're trying to access repo sh.

I think that's the case and that explains well the error. This error was also trigger with v13 docker images and that's why I used a solution to override the entrypoint.
I've seen the changes (from alpine to ubuntu) and I can't explain why my previous configuration is not compatible with the new images. According to gitlab documentation (https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#overriding-the-entrypoint-of-an-image) it should depends on docker version, so it shouldn't be impacted by moving the docker image from alpine to ubuntu.

I think we can close the issue, or would you like to dig further ? (edit, already closed :grimacing:)

Note: Thanks for dind sharing, I tried to avoid using it as much as I can, in that case it makes things cleaner :+1:

@Nebulis Thanks for the feedback. If/once you find a config for running via GitLab CI directly (without dind) then it would definitely be great if you can add it to the self hosting doc in this repo. I think the key here is how GitLab CI uses "scripts" as a replacement for the traditional "cmd" in Docker.