Support for Docker compose files

[greysteil]

From @armin-joellenbeck on December 23, 2017 9:21

Knowing when new Docker images are published would be helpful when the are used in a Docker compose file too.

Just like #20, with the file docker-compose.yml instead of Dockerfile.

Copied from original issue: dependabot/feedback#66

[greysteil]

👍 for this, and should be relatively straightforward. A couple of things I want to get to first, but I'm definitely game for adding this to Dependabot at some point!

[victorcerutti]

Hi,
This would be a really good addition, is this still going to happen someday ?

Thanks in advance

[greysteil]

I hope so, yes! This is another one that @hmarr owns on our side, but he's very busy scaling Dependabot up to 100m repos!

[bkaid]

@stalebot please leave this open - hoping it gets implemented

[ab77]

Just buy Renovate already, integrate and call it done people 🤣

[sbe-arg]

I made this a few months ago as a workaround until is supported by dependabot. https://github.com/sbe-arg/simple-compose-service-updates in case anyone is interested

[powerman]

I made this a few months ago as a workaround until is supported by dependabot. https://github.com/sbe-arg/simple-compose-service-updates in case anyone is interested

Looks interesting, but these two points sounds too limiting: "compose files must be on your repo root" (complex projects often have several compose files in different dirs) and "requires full registry including default docker.io/…" (no one name images from default registry this way in compose files and requiring this won't work because people will forget to do this because compose itself will work without this and only updates will be broken which is much harder to notice).

[sbe-arg]

The compose file locations is a very easy fix, noone has requested a path var or a full scan of yaml files in all subdirectories.

The registry names is harder although for docker hub it can be mocked, other registries always have to be specified.

Open issues and ill try to address them. Thats the normal process for open sourcing.

[njfamirm]

any update?

👍 for this, and should be relatively straightforward. A couple of things I want to get to first, but I'm definitely game for adding this to Dependabot at some point!

[AliMD]

whats up?
Any temporary solution after 5 years?! 😢

[banesullivan]

Any temporary solution

@AliMD, I recommend reading through all of the above comments for a few different workarounds. My comment above is, in my opinion, a fairly robust workaround: #390 (comment)

[mountainash]

Here's a pointer to the Renovate code that could jump-start a Developer in to making this work on Dependabot.

[njfamirm]

@AliMD, I recommend reading through all of the above comments for a few different workarounds. My comment above is, in my opinion, a fairly robust workaround: #390 (comment)

Thanks, @banesullivan. This can work as a temporary solution.

[njfamirm]

Here's a pointer to the Renovate code that could jump-start a Developer in to making this work on Dependabot.

@mountainash Thank you, but we currently use Dependabot. Switching to another tool would involve a time investment.

[njfamirm]

👍 for this, and should be relatively straightforward. A couple of things I want to get to first, but I'm definitely game for adding this to Dependabot at some point!

@greysteil is any plan for support this? or use another tool?

[greysteil]

Not sure - I haven't worked on Dependabot for a few years now. @jeffwidman might know?

[jeffwidman]

Unfortunately I'm also no longer on the Dependabot maintainer team so have no additional insight into this.

[kevinquillen]

The only solution for me was just using Renovate for everything, either self hosted or as the free GitHub App.

[marchershey]

So I'm guessing we're all jumping ship and boarding Renovate? :P

[PythonCoderAS]

Is this still planned?