Triggering dependabot updates for docker images building on standard many/musllinux containers #1630
-
Hi all, Does anyone have any success getting dependabot to spot when e.g. quay.io/pypa/manylinux2014_x86_64 changes? Background: Sadly dependabot doesn't automatically recognise the yyyy-mm-dd-sha tag format, the docs claim it will understand a simple yyyy-mm-dd tag. This means I need to either manually think to rebuild my containers (delays), or run a scheduled job to build them anyway (wasteful of resources) Has anyone found a way around this problem? Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 7 replies
-
Have you tried https://github.com/PyO3/maturin-action? While it does tie you to GHA, it has great cross-compilation support, and is faster than cibuildwheel since it can build all the rust parts then build the Python specific parts for each wheel, due to it's integration with maturin. If you have a rust project, it's worth a try. |
Beta Was this translation helpful? Give feedback.
-
The suggestion by Henry makes sense for Rust. However it seems there's still something to be done at pypa/manylinux level to improve Dependabot support in any case so I will add a new tag format which shall help with this. cibuildwheel uses a custom script to update image tags: https://github.com/pypa/cibuildwheel/blob/main/bin/update_docker.py |
Beta Was this translation helpful? Give feedback.
I slightly modified the format, should be better now with a build number. (it works as a pep440 version too as it considers the build number as a post release segment).