Open ffscl opened 4 years ago
Another example where this would helpful is when the ARG
directive is used FROM
multistage Dockerfiles:
ARG FROM_IMAGE=osrf/ros2:testing-20210605003201
# multi-stage for caching
FROM $FROM_IMAGE AS cacher
...
# multi-stage for building
FROM $FROM_IMAGE AS builder
...
Another example where this would helpful is when the ARG defines the version:
ARG NODE_VERSION=14.20
FROM node:${NODE_VERSION}-alpine as code
@joebowbeer , I'd assume that it'd be tricky to support that kind of partial variable substitution compared to a basic complete substitution, given the reversed parsing of Dockerfile to determine the line charges to commit into an automated PR.
I suppose it'd be simple to detect an outdated tag, but harder to derive a satisfactory commit to bump the influencing args when arbitrary sub-string formatting is used.
@ruffsl thanks for the reality check. I realize that renovate doesn't handle that directly either.
I'll simplify my test case to:
ARG NODE_BASE=node:14.19-alpine
FROM ${NODE_BASE} as code
I would like dependabot to create one PR updating to node:14.20-alpine
and another updating to node:18.10-alpine
Any update on this issue?
How about doing something like this:
ARG ARCHITECTURE
FROM eclipse-mosquitto:2.0.14-openssl AS amd64
FROM arm64v8/eclipse-mosquitto:2.0.14-openssl AS arm64
FROM ${ARCHITECTURE} AS final
Does the trick for me. Bumps both architectures.
How about doing something like this:
ARG ARCHITECTURE FROM eclipse-mosquitto:2.0.14-openssl AS amd64 FROM arm64v8/eclipse-mosquitto:2.0.14-openssl AS arm64 FROM ${ARCHITECTURE} AS final
Does the trick for me. Bumps both architectures.
This was super helpful. Works well!
How about doing something like this:
ARG ARCHITECTURE FROM eclipse-mosquitto:2.0.14-openssl AS amd64 FROM arm64v8/eclipse-mosquitto:2.0.14-openssl AS arm64 FROM ${ARCHITECTURE} AS final
Does the trick for me. Bumps both architectures.
This was super helpful. Works well!
Actually, looks like it doesn't work precisely for my use case. I have something like below:
ARG BASE_IMAGE_TARGET=dev
FROM 482568942567.dkr.ecr.us-east-1.amazonaws.com/my-image:1.0.5 AS dev
FROM 587463598343.dkr.ecr.us-east-1.amazonaws.com/my-image:1.0.5 AS prod
FROM ${BASE_IMAGE_TARGET} AS final
For some reason, dependabot will only trigger an update for the first one, e.g. 482568942567.dkr.ecr.us-east-1.amazonaws.com/my-image:1.0.5
. However, if I flip the order of lines 2 & 3 about, it will trigger for only 587463598343.dkr.ecr.us-east-1.amazonaws.com/my-image:1.0.5
For some reason, dependabot will only trigger an update for the first one
I don't know much golang, but I'd suspect the FROM regex used here only applies to the first matching pattern in the Dockerfile:
A alternative would be to update over all matching groups of found substrings within the Dockerfile. E.g. like the difference between processing over the return values of the match()
vs search()
functions in the Python regex library:
https://docs.python.org/3/howto/regex.html#match-versus-search
Feature request: Dependabot to support
ARG
with default values in anyFROM
statement when resolving dependencies.Docker supports
ARG
instructions before the firstFROM
instruction. (https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact). TheARG
instruction should be easy to parse and evaluate.Example:
Before checking for new versions, the
FROM
instruction should be evaluated as:Use case: Using a registry mirror that dependabot doesn't have access to. With this feature in your CI you could override the registry as follows without breaking dependabot: