-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update versions in different Dockfiles separately (not together) #2179
Comments
Oh, that is definitely a bug - it will be because we're using regexes to do the replace and not insisting that the string isn't just a substring. Let me take a look. |
Ah, drat, actually I'm going to have to take that back. Currently, Dependabot expects you to have a single version of a dependency, and will update you to that state if you don't. Unfortunately that's baked into the way it works quite deeply (including the branch names it uses, for example). Hence it can't deal with the different setup you want here for CI. It's not easy for me to change the above for Docker, so I'm going to leave this open as a reminder. In future, the best solution here is probably for you to be able to specify to Dockerfile you want Dependabot to be running on (rather than the directory), so you get separate PRs and the above problem doesn't occur. |
Thanks for investigating :) For now I guess I’ll disable Docker updates, eventually I’ll probably want to switch to Alpine for my CI container anyway. |
@greysteil I just got bit by this again (actually I was bit by it a few months ago, but didn't notice since I never tried to build the Docker container again with Ruby 2.6.4, I only noticed now since I wanted to upgrade to 2.6.5) connorshea/vglist@1db73a8#diff-3254677a7917c6c01f55212f86c57fbf |
Hi, @connorshea! 👋 The team is heads down right now scaling Dependabot for all of GitHub for the next few months. We're trying to get to bugs and feature requests as soon as we can, but it may be a while. Thank you for your patience and for using Dependabot! |
I encountered this today. Example PR: atc0005/go-ci#98, https://github.com/atc0005/go-ci/pull/98/files Another case of multiple Dockerfiles in the same path, but with different base images. |
Here is another example, a Dockerfile with multiple stages (using different base images).
into
@greysteil you mentioned that this bug might be hard to tackle. Seeing this bug now being at least 1,5 years old, can we assume this won't be fixed anytime soon? I am asking, because in that case I would propose to disable dependabot for our repo in the meantime. |
Do you have an example of this? Based on the documentation here: it appears that a directory path is required, instead of a specific file. |
Tagging in @feelepxyz and @jurre to make sure you get an answer. |
@atc0005 yeah we haven't made any changes to this and still only support specifying a directory. We have some plans to allow globbing for manitest files for a particular ecosystem so will keep this in mind when we start looking at that. |
Is there any update on this topic? This particular problem currently renders dependabot useless for most of my docker images and as far as I understand correctly, there is also no workaround available. Any chance this will still be addressed? |
Pretty sure this was actually fixed by #5560, so let me close this. If still happening, please reopen! |
In this PR, Dependabot updates two separate Dockerfiles that use Alpine and Debian base images respectively, but it changes the distro of one of them from Debian to Alpine. (All are from the official Ruby images)
Dockerfile
:Dockerfile.ci
:Now,
Dockerfile.ci
intentionally uses Debian, while the productionDockerfile
uses Alpine. I'm not sure if this is a weird/bad setup, but I was struggling to get Alpine working with all the test dependencies in CI (specifically chromedriver, but that's a whole other thing), so I ended up just using Debian instead for CI.I'd say there are two issues here:
ruby:2.6.1
toruby:2.6.2-alpine3.9
. I would guess that it assumes that the Dockerfile base images should match each other, but I'm not sure.Sorry I keep running into edge cases :P I love dependabot, and it usually works great for me :)
The text was updated successfully, but these errors were encountered: