-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Docker compose files #390
Comments
👍 for this, and should be relatively straightforward. A couple of things I want to get to first, but I'm definitely game for adding this to Dependabot at some point! |
Hi, Thanks in advance |
I hope so, yes! This is another one that @hmarr owns on our side, but he's very busy scaling Dependabot up to 100m repos! |
It currently can't SHA-pin the docker-compose.yml `image` keys, so can't help us achieve reproducible builds (dependabot/dependabot-core#390)
@stalebot please leave this open - hoping it gets implemented |
Just buy Renovate already, integrate and call it done people 🤣 |
I made this a few months ago as a workaround until is supported by dependabot. https://github.com/sbe-arg/simple-compose-service-updates in case anyone is interested |
Looks interesting, but these two points sounds too limiting: "compose files must be on your repo root" (complex projects often have several compose files in different dirs) and "requires full registry including default docker.io/…" (no one name images from default registry this way in compose files and requiring this won't work because people will forget to do this because compose itself will work without this and only updates will be broken which is much harder to notice). |
The compose file locations is a very easy fix, noone has requested a path var or a full scan of yaml files in all subdirectories. The registry names is harder although for docker hub it can be mocked, other registries always have to be specified. Open issues and ill try to address them. Thats the normal process for open sourcing. |
any update?
|
whats up? |
@AliMD, I recommend reading through all of the above comments for a few different workarounds. My comment above is, in my opinion, a fairly robust workaround: #390 (comment) |
Here's a pointer to the Renovate code that could jump-start a Developer in to making this work on Dependabot. |
Thanks, @banesullivan. This can work as a temporary solution. |
@mountainash Thank you, but we currently use Dependabot. Switching to another tool would involve a time investment. |
@greysteil is any plan for support this? or use another tool? |
Not sure - I haven't worked on Dependabot for a few years now. @jeffwidman might know? |
Unfortunately I'm also no longer on the Dependabot maintainer team so have no additional insight into this. |
The only solution for me was just using Renovate for everything, either self hosted or as the free GitHub App. |
So I'm guessing we're all jumping ship and boarding Renovate? :P |
Is this still planned? |
From @armin-joellenbeck on December 23, 2017 9:21
Knowing when new Docker images are published would be helpful when the are used in a Docker compose file too.
Just like #20, with the file
docker-compose.yml
instead ofDockerfile
.Copied from original issue: dependabot/feedback#66
The text was updated successfully, but these errors were encountered: