jeffwidman
commented
1 year ago Interesting, I didn't realize they could be tagged there.
The docker ecosystem currently will inspect any file matching: https://github.com/dependabot/dependabot-core/blob/7353a1e4083f840c5be916d0e33d64557f8b722e/docker/lib/dependabot/docker/file_fetcher.rb#L12
As well as kubernetes files: https://github.com/dependabot/dependabot-core/blob/7353a1e4083f840c5be916d0e33d64557f8b722e/docker/lib/dependabot/docker/file_fetcher.rb#L73
And helm charts: https://github.com/dependabot/dependabot-core/blob/7353a1e4083f840c5be916d0e33d64557f8b722e/docker/lib/dependabot/docker/file_fetcher.rb#L81
We do receive requests to bump image references in a few other places, and before we do that we'll probably need to add an additional config that allows a user to specify a sub-type of an ecosystem so we know what to actually parse...
Related:
yhrn
Is there an existing issue for this?
Feature description
It would be great if it was possible to have image tags in Maven
pom.xmlfiles be updated by Dependabot. The use case we have, and that I imagine is not too uncommon in general, is for Jib.Right now Maven is the most important use case for us but going forward I wonder if there is some thinking around some kind of broader support for file types and formats since image references tend to show up in lots of different kinds of files, e.g. Gradle build files, ko configuration, Skaffold configuration, Makefiles, etc?
Maybe this is already supported but I just can't find any documentation describing what file formats the Dependabot Docker support understands. And I guess this is another problem, it would be great if there was more documentation on exactly what kind of updates, in what file types Dependabot can perform.