Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support bumping uses: docker://… in GitHub Actions workflows #8362

Open
1 task done
l0b0 opened this issue Nov 8, 2023 · 2 comments
Open
1 task done

Support bumping uses: docker://… in GitHub Actions workflows #8362

l0b0 opened this issue Nov 8, 2023 · 2 comments
Labels
T: feature-request Requests for new features

Comments

@l0b0
Copy link
Contributor

l0b0 commented Nov 8, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Feature description

To reproduce

  1. Create a new Git repo

  2. Create .github/workflows/main.yml containing

    on: [push]
jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check workflow files
        uses: docker://rhysd/actionlint:1.6.25@sha256:86ebdb1c0df5a8be92b9d53e2e0c636978a2b3c6e52c86c65a77e2c78a6bd594

  3. Create .github/dependabot.yml containing

    version: 2
updates:
- package-ecosystem: "github-actions"
  directory: "/"
  schedule:
    interval: daily

  4. Push to GitHub

  5. Run Dependabot

What happens: No PRs are created

What should happen: Dependabot should create a PR changing uses: docker://rhysd/actionlint:1.6.25@sha256:86ebdb1c0df5a8be92b9d53e2e0c636978a2b3c6e52c86c65a77e2c78a6bd594 to uses: docker://rhysd/actionlint:1.6.26@sha256:2eb91a78b5a19140be099c7b4262d298c2567f2a9f27e10ed2a4323c5bcface8.

Other info

This seems to be a known problem based on this 4-year-old comment, but I couldn't find an associated issue.

Workaround

  1. Create a new Dockerfile, such as .github/workflows/actionlint.dockerfile, with just a FROM … line containing everything after uses: docker:// from the original workflow. For the example above, FROM rhysd/actionlint:1.6.25@sha256:86ebdb1c0df5a8be92b9d53e2e0c636978a2b3c6e52c86c65a77e2c78a6bd594.
  2. "Build" (just downloads) the image in the GitHub action using something like run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile
  3. Run the resulting image, for example like run: docker run --volume="${PWD}:/repo" --workdir=/repo actionlint.
  4. Configure package-ecosystem: "docker" with directory: "/.github/workflows".
  5. Push
  6. Verify that Dependabot creates a PR to change the Dockerfile to FROM rhysd/actionlint:1.6.26@sha256:2362769b1d75056da70e7af1b12d9e52746f3a123b8f22a4322869e8f2cd45f2
@l0b0 l0b0 added the T: feature-request Requests for new features label Nov 8, 2023
@l0b0 l0b0 mentioned this issue Nov 8, 2023
Merged
3 tasks
l0b0 added a commit to linz/topo-workflows that referenced this issue Nov 8, 2023
@l0b0
feat: lint GitHub Actions workflows
7eabcb0 
Works around <dependabot/dependabot-core#8362>
for now.
l0b0 added a commit to linz/topo-workflows that referenced this issue Nov 8, 2023
@l0b0
feat: lint GitHub Actions workflows
c4368f0 
Works around <dependabot/dependabot-core#8362>
for now.
l0b0 added a commit to linz/topo-workflows that referenced this issue Nov 8, 2023
@l0b0
feat: lint GitHub Actions workflows
99465e8 
Works around <dependabot/dependabot-core#8362>
for now.
l0b0 added a commit to linz/topo-workflows that referenced this issue Nov 8, 2023
@l0b0
feat: lint GitHub Actions workflows
d6f2bb7 
Works around <dependabot/dependabot-core#8362>
for now.
l0b0 added a commit to linz/topo-workflows that referenced this issue Nov 9, 2023
@l0b0
feat: lint GitHub Actions workflows
1ebb194 
Works around <dependabot/dependabot-core#8362>
for now.
l0b0 added a commit to linz/topo-workflows that referenced this issue Nov 9, 2023
@l0b0
feat: lint GitHub Actions workflows
b1af0ec 
Works around <dependabot/dependabot-core#8362>
for now.
l0b0 added a commit to linz/topo-workflows that referenced this issue Nov 14, 2023
@l0b0
feat: lint GitHub Actions workflows
8228583 
Works around <dependabot/dependabot-core#8362>
for now.
github-merge-queue bot pushed a commit to linz/topo-workflows that referenced this issue Nov 14, 2023
@l0b0
feat: lint GitHub Actions workflows TDE-919 (#204)
f310a63 
#### Motivation

https://toitutewhenua.atlassian.net/browse/TDE-919

#### Modification

Lint GitHub Actions workflow files.

Works around <dependabot/dependabot-core#8362>
for now.

#### Checklist

- [ ] Tests updated (this is not testable)
- [ ] Docs updated (does not need documentation)
- [x] Issue linked in Title
@martincostello
Copy link
Contributor

+1 for adding support for this. All the LEGO pieces to do it exist in the repo, they're just spread across the Actions and Docker updaters and don't overlap.

Until this is a native feature, I've written a GitHub Actions workflow that does this on a schedule using the same regclient tool that the Docker updater uses.

@martincostello martincostello mentioned this issue Feb 18, 2025
Merged
5 tasks
@thomasleplus
Copy link

That would be a great feature indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: feature-request Requests for new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@l0b0 @martincostello @thomasleplus