search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.72k stars 1.02k forks source link

[Docker] Update docker images used within the codebase #6893

Open yeikel opened 1 year ago

yeikel commented 1 year ago

Is there an existing issue for this?

Feature description

Disclaimer

This is probably very difficult to implement given all the different files these could be stored. I am logging it to hear your thoughts and to see if there are possible ways to do this

Background

While using testcontainers, it is common to define docker images using the following syntax: 


// Referring directly to an image on Docker Hub (mysql:8.0.24)
final MySQLContainer<?> mysql = new MySQLContainer<>(
    DockerImageName.parse("mysql:8.0.24")
)

final MySQLContainer<?> mysql = new MySQLContainer<>(
    DockerImageName.parse("registry.mycompany.com/mirror/mysql:8.0.24")
        .asCompatibleSubstituteFor("mysql")
)

It would be ideal if dependabot could detect and update them

if parsing all files is too expensive, maybe we could configure specific files to scan.

apupier commented 2 months ago

If others interested, I guess it would need to add more options/code to the "Docker" ecosystem https://github.com/dependabot/dependabot-core/tree/main/docker/lib/dependabot/docker

I'm wondering if searching in Properties file can be a good first iteration. I think it is relatively common to extract the versions in these files and it would allow a simpler parsing. We might even force a convention to search for the container value, like container.* or *.container property key.