Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to run with podman instead of docker. #1160

Closed
andho opened this issue Jan 13, 2022 · 14 comments
Closed

Allow to run with podman instead of docker. #1160

andho opened this issue Jan 13, 2022 · 14 comments
Labels
enhancement New feature or request O: stale 🤖 This issue or pull request is stale, it will be closed if there is no activity

Comments

@andho
Copy link

andho commented Jan 13, 2022
edited
Loading

Is your feature request related to a problem? Please describe.
I am shifting from docker to podman for rootless containers but mega-linter uses docker.

Describe the solution you'd like
Megalinter can allow the user to choose the container runtime (docker or podman) during project setup (or user can add to the config manually). If podman is chosen, megalinter will replace docker with podman when running.

Describe alternatives you've considered
Let user define docker binary. As podman is compatible with docker in terms of usage (sub command, flags and arguments) this should work, but need further testing.

Additional context
@andho andho added the enhancement New feature or request label Jan 13, 2022
@nvuillam
Copy link
Member

nvuillam commented Jan 13, 2022
edited
Loading

I have not used podman yet but I'm open to the idea :)

Can you provide an example of CI configuration using podman that could be generated ?
Or are you talking about mega-linter-runner that embeds a docker run command ?

@andho
Copy link
Author

andho commented Jan 16, 2022

Hi, I'll update something here in a few days. Thanks for the reply.

@github-actions
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.

@github-actions github-actions bot added the O: stale 🤖 This issue or pull request is stale, it will be closed if there is no activity label Feb 16, 2022
@andho
Copy link
Author

andho commented Feb 20, 2022

I'll see if I can do a PR when I'm free. Will close this for now.

@andho andho closed this as completed Feb 20, 2022
@TimonLukas
Copy link

I was able to get Megalinter to use Podman by symlinking the docker executable to it and running a podman service to expose a socket:

ln -s /usr/bin/podman /usr/bin/local/docker
podman system service unix:///var/run/docker.sock -t 0 &

However the runner doesn't actually finish, for me it seems to get stuck at the some point every time. It's almost done, and I have a bunch of individual linter logs, but the final console report isn't generated.

@Kurt-von-Laven
Copy link
Collaborator

I'm not sure if this applies to your situation, but rootless containers were the OP's motivation for using Podman. Docker has a rootless mode as well, and rootless-docker lets you use Docker's rootless mode on GitHub Actions if either of those are of use to you. I am afraid I don't have any experience with Podman, but I'm guessing you would need to open a shell in the container and use some debugging tools. For almost any MegaLinter-related debugging, I recommend setting LOG_LEVEL=DEBUG. I actually take it as an encouraging sign that you got it to run almost to the end considering that MegaLinter has never been tested on Podman to my knowledge.

@hinricht
Copy link

Related podmn issue: #2646 (comment)

@hinricht
Copy link

hinricht commented Jul 31, 2023
edited
Loading

I can't use mega-linter with podman (Manjaro Linux):

$ pacman -Q |grep podman
podman 4.5.1-1
podman-docker 4.5.1-1

$ LOG_LEVEL=DEBUG npx mega-linter-runner
Pulling docker image oxsecurity/megalinter:v7 ... 
INFO: this operation can be long during the first use of mega-linter-runner
The next runs, it will be immediate (thanks to docker cache !)
Resolved "oxsecurity/megalinter" as an alias (/etc/containers/registries.conf.d/50-custom-shortnames.conf)
Trying to pull docker.io/oxsecurity/megalinter:v7...
Getting image source signatures
Copying blob 54896d988693 skipped: already exists  
...
Copying config 650b94a3d8 done  
Writing manifest to image destination
Storing signatures
650b94a3d8802e1d2149dd08c89af8545c515dd59e096d8b3eac1c2f43a01fd6
Command: docker run --platform linux/amd64 -v /var/run/docker.sock:/var/run/docker.sock:rw -v /home/varac/projects/work/ndr/git/gitlab/ndrde/gcp/ndr.de/mastodon/mastodon-gke:/tmp/lint:rw oxsecurity/megalinter:v7
Error: statfs /var/run/docker.sock: permission denied

$ ls -al /var/run/docker.sock
lrwxrwxrwx 1 root root 23 31. Jul 13:11 /var/run/docker.sock -> /run/podman/podman.sock

$ sudo ls -al /run/podman/podman.sock
srw-rw---- 1 root root 0 31. Jul 14:29 /run/podman/podman.sock

Is this sth you want to fix ? That would be awesome, it's the first project I encounter that doesn't with podman but only with docker.

@nvuillam
Copy link
Member

nvuillam commented Aug 1, 2023

@hinricht are you able to run MegaLinter docker image directly with podman ? (example of raw call with docker)

If yes and if you can provide the command line, we could update mega-linter-runner so it can call podman and not docker :)

@nvuillam nvuillam reopened this Aug 1, 2023
@hinricht
Copy link

hinricht commented Aug 1, 2023

@nvuillam Unfortunatly not. It fails because I don't have permissions to access /var/run/docker.sock.
In my case, /var/run/docker.sock is a symlink to /run/podman/podman.sock, which only gets created after a system-wide sudo systemctl start podman.service, but even then I don't have access to it:

~ $ sudo systemctl start podman.service
~ $ sudo ls -al /run/podman/podman.sock
srw-rw---- 1 root root 0  1. Aug 12:12 /run/podman/podman.sock

~ $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v7
Error: statfs /var/run/docker.sock: permission denied

Why does megalinter need access to docker.sock/podman.sock ?

@hinricht
Copy link

hinricht commented Aug 1, 2023
edited
Loading

Oh wait, I found a way to run mega-linter with podman. I needed to activate the user socket like this:

$ systemctl --user start podman.socket
$ systemctl --user status podman.socket
● podman.socket - Podman API Socket
     Loaded: loaded (/usr/lib/systemd/user/podman.socket; disabled; preset: enabled)
     Active: active (listening) since Tue 2023-08-01 12:21:49 CEST; 4min 25s ago
   Triggers: ● podman.service
       Docs: man:podman-system-service(1)
     Listen: /run/user/1000/podman/podman.sock (Stream)
     CGroup: /user.slice/user-1000.slice/[email protected]/app.slice/podman.socket

Aug 01 12:21:49 panza systemd[875]: Listening on Podman API Socket.

$ docker run --rm -v /run/user/1000/podman/podman.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v7
Skipped setting git safe.directory DEFAULT_WORKSPACE:  ...
Setting git safe.directory default: /github/workspace ...
Setting git safe.directory to /tmp/lint ...
[MegaLinter init] ONE-SHOT RUN
[config] Environment variables only (no config file found in /tmp/lint)
...

@nvuillam
Copy link
Member

nvuillam commented Aug 1, 2023
edited
Loading

Seems great :)

Docker-in-docker is used with very few linters (only swiftlint that does not very well I think), so you can also try without the -v argument, it might work even without your workaround :)

@hinricht
Copy link

hinricht commented Aug 1, 2023

Docker-in-docker is used with very few linters (only swiftlint that does not very well I think), so you can also try without the -v argument, it might work even without your workaround :)

It would be great to reflect this in the docs to make it easier for podman users to get started.

@github-actions github-actions bot removed the O: stale 🤖 This issue or pull request is stale, it will be closed if there is no activity label Aug 2, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Sep 2, 2023

This issue has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.

@github-actions github-actions bot added the O: stale 🤖 This issue or pull request is stale, it will be closed if there is no activity label Sep 2, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 16, 2023
@echoix echoix mentioned this issue Nov 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request O: stale 🤖 This issue or pull request is stale, it will be closed if there is no activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@andho @Kurt-von-Laven @nvuillam @TimonLukas @hinricht