Add support for Podman

csutter · csutter · commit 4e4d95f50b4a · 2025-03-07T17:35:16.000Z
This adds support for a `GOVUK_DOCKER_CONTAINER_ENGINE` environment
variable to define how to run GOV.UK Docker, primarily to allow using
Podman instead of Docker (while still defaulting to the latter).

It also adds the appropriate SELinux context to the `nginx-proxy`
container to allow it to access host Docker (i.e. Podman) socket.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -133,6 +133,8 @@ services:
     volumes:
       - /var/run/docker.sock:/tmp/docker.sock
       - ./nginx-proxy.conf:/etc/nginx/proxy.conf
+    security_opt:
+      - 'label=type:docker_t'
     networks:
       default:
         aliases:
diff --git a/docs/how-tos.md b/docs/how-tos.md
@@ -129,3 +129,21 @@ connection), you can set the `SKIP_BRANCH_CHECKS` environment variable:
 ```bash
 SKIP_BRANCH_CHECKS=1 make my-app
 ```
+
+## How to: Use Podman instead of Docker
+
+If you prefer to use [Podman](https://podman.io/) instead of Docker to run and orchestrate your
+containers, you can set `GOVUK_DOCKER_CONTAINER_RUNTIME=podman` in your environment (for example, in
+your `.bashrc`).
+
+Note that Podman needs an external "compose provider" installed as a backing tool for `podman
+compose` (which itself is just a wrapper), and the ideal option is Docker's v2 Compose CLI plugin.
+You do not need Docker itself installed, and `podman compose` will pick up on the plugin
+automatically if installed, for example through:
+- Podman Desktop on macOS or Windows
+- your Linux distribution's package manager or Homebrew on macOS (check to make sure it's >= 2.x)
+- manually installing a release from [its repository](https://github.com/docker/compose)
+
+GOV.UK Docker works by running an Nginx container on port 80, which requires root privileges to bind
+to. You will need to run `govuk-docker` as root on Linux, or if you are using Podman Machine, have
+it configured appropriately (this is taken care of for you when using Podman Desktop).
diff --git a/exe/govuk-docker b/exe/govuk-docker
@@ -12,6 +12,7 @@
 
 COMPOSE_FLAGS=("-f" "$(dirname "$0")/../docker-compose.yml")
 COMPOSE_FILES="$(dirname "$0")/../projects/*/docker-compose.yml"
+GOVUK_DOCKER_CONTAINER_RUNTIME="${GOVUK_DOCKER_CONTAINER_RUNTIME:-docker}"
 
 for file in $COMPOSE_FILES; do
   COMPOSE_FLAGS+=("-f" "$file")
@@ -21,5 +22,5 @@ if ! "$(dirname "$0")"/govuk-docker-version >/dev/null; then
   read -rp "Press enter to continue..."
 fi
 
->&2 echo "docker compose -f [...] $*"
-docker compose "${COMPOSE_FLAGS[@]}" "$@"
+>&2 echo "${GOVUK_DOCKER_CONTAINER_RUNTIME} compose -f [...] $*"
+${GOVUK_DOCKER_CONTAINER_RUNTIME} compose "${COMPOSE_FLAGS[@]}" "$@"
