[Docker] Update docker images declared in `action.yaml` files

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.

https://docs.github.com/en/code-security/dependabot

MIT License

4.69k stars 1.01k forks source link

[Docker] Update docker images declared in `action.yaml` files #6892

Open yeikel opened 1 year ago

yeikel commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Feature description

Add option in dependabot to parse docker images declared in action.yaml files

Example file


runs:
  using: 'composite'
  steps:
    - name: Run
      shell: bash
      run: >
        docker run ubuntu@sha256:7a57c69fe1e9d5b97c5fe649849e79f2cfc3bf11d10bbd5218b4eb61716aebe6

yeikel commented 1 year ago

@jeffwidman Do you consider this a new ecosystem or an improvement to the existing docker implementation?

Would you accept a PR for it?

jeffwidman commented 1 year ago

As I mentioned in https://github.com/dependabot/dependabot-core/issues/7189, there's probably some work we need to do first for the config schema...

I'd see this as a part of adding support for bumping docker images in GitHub Actions, with this as an advanced feature of that support probably.