Use ghcr.io images by default + podman option on mega-linter-runner (#5874)

* init

* Migrates to ghcr.io container registry

Updates the docker image registry from docker://oxsecurity to ghcr.io/oxsecurity.
This ensures better discoverability and management of the MegaLinter images.
A new documentation file listing all the standalone linters and their docker images is added.

* Updates Docker image badge links

Updates the Docker image badge and pull count links in the generated documentation to remove the redundant host prefix from the image name.

This change ensures the badge links point to the correct Docker Hub repository, improving the accuracy and usability of the documentation.

* Updates linters and documentation

Updates linter versions for groovy-lint, java-pmd, repository-trufflehog, and snakemake.

Corrects broken links in documentation for disabled linters and updates powershell CLI executable.

Adds Docker Hub image links to flavor documentation and provides documentation on custom flavors.

* Updates default Docker image location

Updates the default Docker image location to the GitHub Container Registry (ghcr.io).

This change ensures that the correct image is pulled, especially for the default `oxsecurity/megalinter` image, improving image availability and reliability.

* Adds podman support

Enables the use of podman as a container engine, providing an alternative to docker.

Updates the runner to use ghcr.io docker images by default.

Adds a new parameter `--container-engine` to specify either docker or podman as the container runner.

* Adds option to specify container engine

Adds a new `--container-engine` option to allow users to specify the Docker engine (`docker` or `podman`) to be used.
This provides more flexibility and control over the container runtime environment.

* Adds ML_DOCKER_NAME to constants

Adds the ML_DOCKER_NAME constant to the megalinter constants file.
This constant is likely needed for referencing the Docker image name
within the automation scripts or other parts of the codebase.

* Fix syntax error by adding missing semicolon for containerEngine declaration

* Update options

* Initializes containerEngine in constructor

The `containerEngine` property was previously being initialized outside of the constructor, which is not best practice.

This commit updates the code to initialize `containerEngine` within the constructor for better code organization and clarity.

* [MegaLinter] Apply linters fixes

* Validates container engine selection

Removes the class constructor and validates the container engine value directly within the `run` method.

This ensures that the container engine is validated before proceeding with the MegaLinter execution.

---------

Co-authored-by: nvuillam <[email protected]>

Author: nvuillam

.automation/build.py

@@ -42,10 +42,14 @@
     DEFAULT_DOCKERFILE_RUST_ARGS,
     DEFAULT_RELEASE,
     DEFAULT_REPORT_FOLDER_NAME,
+    DOCKER_PACKAGES_ROOT_URL,
+    GHCR_PACKAGES_ROOT_URL,
     ML_DOC_URL_BASE,
     ML_DOCKER_IMAGE,
     ML_DOCKER_IMAGE_LEGACY,
     ML_DOCKER_IMAGE_LEGACY_V5,
+    ML_DOCKER_IMAGE_WITH_HOST,
+    ML_DOCKER_NAME,
     ML_REPO,
     ML_REPO_URL,
 )
@@ -229,7 +233,7 @@ def generate_flavor(flavor, flavor_info):
     description: "0 if no source file has been updated, 1 if source files has been updated"
 runs:
   using: "docker"
-  image: "docker://{ML_DOCKER_IMAGE}:{image_release}"
+  image: "docker://{ML_DOCKER_IMAGE_WITH_HOST}:{image_release}"
   args:
     - "-v"
     - "/var/run/docker.sock:/var/run/docker.sock:rw"
@@ -293,7 +297,7 @@ def generate_flavor(flavor, flavor_info):
     description: "0 if no source file has been updated, 1 if source files has been updated"
 runs:
   using: "docker"
-  image: "docker://{ML_DOCKER_IMAGE}-{flavor}:{image_release}"
+  image: "docker://{ML_DOCKER_IMAGE_WITH_HOST}-{flavor}:{image_release}"
   args:
     - "-v"
     - "/var/run/docker.sock:/var/run/docker.sock:rw"
@@ -808,7 +812,9 @@ def generate_linter_dockerfiles():
                 dockerfile, descriptor_and_linter, requires_docker, "none", extra_lines
             )
             gha_workflow_yml += [f'            "{linter_lower_name}",']
-            docker_image = f"{ML_DOCKER_IMAGE}-only-{linter_lower_name}:{VERSION_V}"
+            docker_image = (
+                f"{ML_DOCKER_IMAGE_WITH_HOST}-only-{linter_lower_name}:{VERSION_V}"
+            )
             docker_image_badge = (
                 f"![Docker Image Size (tag)]({BASE_SHIELD_IMAGE_LINK}/"
                 f"{ML_DOCKER_IMAGE}-only-{linter_lower_name}/{VERSION_V})"
@@ -1161,13 +1167,16 @@ def generate_descriptor_documentation(descriptor):
 
 def generate_flavor_documentation(flavor_id, flavor, linters_tables_md):
     flavor_github_action = f"{ML_REPO}/flavors/{flavor_id}@{VERSION_V}"
-    flavor_docker_image = f"{ML_DOCKER_IMAGE}-{flavor_id}:{VERSION_V}"
+    flavor_docker_image = f"{ML_DOCKER_IMAGE_WITH_HOST}-{flavor_id}:{VERSION_V}"
+    flavor_docker_image_dockerhub = (
+        f"docker.io/{ML_DOCKER_IMAGE}-{flavor_id}:{VERSION_V}"
+    )
     docker_image_badge = (
         f"![Docker Image Size (tag)]({BASE_SHIELD_IMAGE_LINK}/"
         f"{ML_DOCKER_IMAGE}-{flavor_id}/{VERSION_V})"
     )
     docker_pulls_badge = (
-        f"![Docker Pulls]({BASE_SHIELD_COUNT_LINK}/" f"{ML_DOCKER_IMAGE}-{flavor_id})"
+        f"![Docker Pulls]({BASE_SHIELD_COUNT_LINK}/{ML_DOCKER_IMAGE}-{flavor_id})"
     )
     flavor_doc_md = [
         "---",
@@ -1187,7 +1196,12 @@ def generate_flavor_documentation(flavor_id, flavor, linters_tables_md):
         "## Usage",
         "",
         f"- [GitHub Action]({MKDOCS_URL_ROOT}/installation/#github-action): **{flavor_github_action}**",
-        f"- Docker image: **{flavor_docker_image}**",
+        "",
+        "- Docker images:",
+        "",
+        f"  - GitHub Packages: **{flavor_docker_image}**",
+        f"  - Docker Hub: **{flavor_docker_image_dockerhub}**",
+        "",
         f"- [mega-linter-runner]({MKDOCS_URL_ROOT}/mega-linter-runner/): `mega-linter-runner --flavor {flavor_id}`",
         "",
         "## Embedded linters",
@@ -2003,9 +2017,7 @@ def build_flavors_md_table(filter_linter_name=None, replace_link=False):
         + +len(linters_by_type["other"])
     )
     docker_image_badge = f"![Docker Image Size (tag)]({BASE_SHIELD_IMAGE_LINK}/{ML_DOCKER_IMAGE}/{VERSION_V})"
-    docker_pulls_badge = (
-        f"![Docker Pulls]({BASE_SHIELD_COUNT_LINK}/" f"{ML_DOCKER_IMAGE})"
-    )
+    docker_pulls_badge = f"![Docker Pulls]({BASE_SHIELD_COUNT_LINK}/{ML_DOCKER_IMAGE})"
     md_line_all = (
         f"| {icon_html} | [all]({MKDOCS_URL_ROOT}/supported-linters/) | "
         f"Default MegaLinter Flavor | {str(linters_number)} | {docker_image_badge} {docker_pulls_badge} |"
@@ -2106,29 +2118,32 @@ def update_docker_pulls_counter():
     now_str = datetime.now().replace(microsecond=0).isoformat()
     for flavor_id in all_flavors_ids:
         if flavor_id == "all":
-            docker_image_url = (
-                f"https://hub.docker.com/v2/repositories/{ML_DOCKER_IMAGE}"
-            )
+            ghcr_image_url = f"{GHCR_PACKAGES_ROOT_URL}/{ML_DOCKER_NAME}"
+            docker_image_url = f"{DOCKER_PACKAGES_ROOT_URL}/{ML_DOCKER_IMAGE}"
             legacy_docker_image_url = (
-                f"https://hub.docker.com/v2/repositories/{ML_DOCKER_IMAGE_LEGACY}"
+                f"{DOCKER_PACKAGES_ROOT_URL}/{ML_DOCKER_IMAGE_LEGACY}"
             )
             legacy_v5_docker_image_url = (
-                f"https://hub.docker.com/v2/repositories/{ML_DOCKER_IMAGE_LEGACY_V5}"
+                f"{DOCKER_PACKAGES_ROOT_URL}/{ML_DOCKER_IMAGE_LEGACY_V5}"
             )
         else:
+            ghcr_image_url = f"{GHCR_PACKAGES_ROOT_URL}/{ML_DOCKER_NAME}-{flavor_id}"
             docker_image_url = (
-                f"https://hub.docker.com/v2/repositories/{ML_DOCKER_IMAGE}-{flavor_id}"
+                f"{DOCKER_PACKAGES_ROOT_URL}/{ML_DOCKER_IMAGE}-{flavor_id}"
+            )
+            legacy_docker_image_url = (
+                f"{DOCKER_PACKAGES_ROOT_URL}/{ML_DOCKER_IMAGE_LEGACY}-{flavor_id}"
             )
-            legacy_docker_image_url = f"https://hub.docker.com/v2/repositories/{ML_DOCKER_IMAGE_LEGACY}-{flavor_id}"
             legacy_v5_docker_image_url = (
-                "https://hub.docker.com/v2/repositories/"
+                f"{DOCKER_PACKAGES_ROOT_URL}/"
                 + f"{ML_DOCKER_IMAGE_LEGACY_V5}-{flavor_id}"
             )
 
+        flavor_count_0 = perform_count_request(ghcr_image_url)
         flavor_count_1 = perform_count_request(docker_image_url)
         flavor_count_2 = perform_count_request(legacy_docker_image_url)
         flavor_count_3 = perform_count_request(legacy_v5_docker_image_url)
-        flavor_count = flavor_count_1 + flavor_count_2 + flavor_count_3
+        flavor_count = flavor_count_0 + flavor_count_1 + flavor_count_2 + flavor_count_3
         logging.info(f"- docker pulls for {flavor_id}: {flavor_count}")
         total_count = total_count + flavor_count
         flavor_stats = list(docker_stats.get(flavor_id, []))

CHANGELOG.md

@@ -17,6 +17,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
     - Console Reporter
     - Text Reporter
     - Git platforms PR/MR comments Reporter
+  - Use ghcr.io docker images by default because of rate limits on docker.io
   - Use uv to create the venv folder for pip-installed linters
   - Add copilot instructions for GitHub Copilot
 
@@ -57,6 +58,8 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
 
 - mega-linter-runner
   - Add all CI/CD providers in the --install command
+  - Use ghcr.io docker images by default
+  - New parameter **--container-engine** allowing to use **podman** as runner.
 
 - Linter versions upgrades (N)
   - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.16.0 to **1.16.1** on 2025-06-16

action.yml

@@ -7,7 +7,7 @@ outputs:
     description: "0 if no source file has been updated, 1 if source files has been updated"
 runs:
   using: "docker"
-  image: "docker://oxsecurity/megalinter:v8.8.0"
+  image: "docker://ghcr.io/oxsecurity/megalinter:v8.8.0"
   args:
     - "-v"
     - "/var/run/docker.sock:/var/run/docker.sock:rw"

docs/descriptors/groovy_npm_groovy_lint.md

@@ -165,10 +165,10 @@ Note: command-line arguments have priority on config file properties - default:
 ```dockerfile
 ENV JAVA_HOME_17=/usr/lib/jvm/java-17-openjdk
 # renovate: datasource=npm depName=npm-groovy-lint
-ARG NPM_GROOVY_LINT_VERSION=15.2.0
+ARG NPM_GROOVY_LINT_VERSION=15.2.1
 ```
 
 - APK packages (Linux):
   - [openjdk17](https://pkgs.alpinelinux.org/packages?branch=v3.21&arch=x86_64&name=openjdk17)
 - NPM packages (node.js):
-  - [[email protected].0](https://www.npmjs.com/package/npm-groovy-lint/v/15.2.0)
+  - [[email protected].1](https://www.npmjs.com/package/npm-groovy-lint/v/15.2.1)

docs/descriptors/java_pmd.md

@@ -120,7 +120,7 @@ ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 # Linter install
 # renovate: datasource=github-tags depName=pmd/pmd extractVersion=^pmd_releases/(?<version>.*)$
-ARG PMD_VERSION=7.15.0
+ARG PMD_VERSION=7.16.0
 
 RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${PMD_VERSION}/pmd-dist-${PMD_VERSION}-bin.zip && \
     unzip pmd-dist-${PMD_VERSION}-bin.zip || echo "Error unzipping" && \

docs/descriptors/powershell_powershell.md

@@ -53,7 +53,7 @@ description: How to use powershell (configure, ignore files, ignore errors, help
 | POWERSHELL_POWERSHELL_RULES_PATH                  | Path where to find linter configuration file                                                                                                                                                 | Workspace folder, then MegaLinter default rules                     |
 | POWERSHELL_POWERSHELL_DISABLE_ERRORS              | Run linter but consider errors as warnings                                                                                                                                                   | `false`                                                             |
 | POWERSHELL_POWERSHELL_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed                                                                                                                                                             | `0`                                                                 |
-| POWERSHELL_POWERSHELL_CLI_EXECUTABLE              | Override CLI executable                                                                                                                                                                      | `['pwsh']`                                                          |
+| POWERSHELL_POWERSHELL_CLI_EXECUTABLE              | Override CLI executable                                                                                                                                                                      | `['powershell']`                                                    |
 
 ## IDE Integration
 

docs/descriptors/powershell_powershell_formatter.md

@@ -52,7 +52,7 @@ description: How to use powershell_formatter (configure, ignore files, ignore er
 | POWERSHELL_POWERSHELL_FORMATTER_RULES_PATH                  | Path where to find linter configuration file                                                                                                                                                 | Workspace folder, then MegaLinter default rules                     |
 | POWERSHELL_POWERSHELL_FORMATTER_DISABLE_ERRORS              | Run linter but consider errors as warnings                                                                                                                                                   | `true`                                                              |
 | POWERSHELL_POWERSHELL_FORMATTER_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed                                                                                                                                                             | `0`                                                                 |
-| POWERSHELL_POWERSHELL_FORMATTER_CLI_EXECUTABLE              | Override CLI executable                                                                                                                                                                      | `['pwsh']`                                                          |
+| POWERSHELL_POWERSHELL_FORMATTER_CLI_EXECUTABLE              | Override CLI executable                                                                                                                                                                      | `['powershell']`                                                    |
 
 ## IDE Integration
 

docs/descriptors/repository_trufflehog.md

@@ -241,7 +241,7 @@ analyze
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=docker depName=trufflesecurity/trufflehog
-ARG REPOSITORY_TRUFFLEHOG_VERSION=3.90.1
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.90.2
 FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} AS trufflehog
 COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
 ```

docs/descriptors/snakemake_snakemake.md

@@ -1058,8 +1058,8 @@ defaults.
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=pypi depName=snakemake
-ARG PIP_SNAKEMAKE_VERSION=9.8.1
+ARG PIP_SNAKEMAKE_VERSION=9.8.2
 ```
 
 - PIP packages (Python):
-  - [snakemake==9.8.1](https://pypi.org/project/snakemake/9.8.1)
+  - [snakemake==9.8.2](https://pypi.org/project/snakemake/9.8.2)

docs/flavors.md

@@ -41,5 +41,7 @@ _The following table doesn't display docker pulls from [MegaLinter v4 & v5 image
 
 If you need a new flavor, [post an issue](https://github.com/oxsecurity/megalinter/issues) :wink:
 
+You can also generate your own [Custom Flavors](https://megalinter.io/beta/custom-flavors/) to have exactly the linters you need in your MegaLinter Docker image
+
 
 <!-- flavors-section-end -->