Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker: Support ARG FROM #4597

Closed
hfhbd opened this issue Jan 6, 2022 · 1 comment · Fixed by #4598
Closed

Docker: Support ARG FROM #4597

hfhbd opened this issue Jan 6, 2022 · 1 comment · Fixed by #4598
Labels
core 🍏 Relates to the dependabot-core library itself L: docker Docker containers T: feature-request Requests for new features

Comments

@hfhbd
Copy link
Contributor

hfhbd commented Jan 6, 2022
edited
Loading

Package ecosystem
docker
Package manager version
"Dockerfile"
Language version
docker
Manifest location and content prior to update

ARG HUB=docker.io
FROM ${HUB}/docker:20.10.7-dind

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "daily"

Updated dependency

ARG HUB=docker.io
FROM ${HUB}/docker:20.10.12-dind

What you expected to see, versus what you actually saw
Actually, this line does not support ARGs parsing including replacing:

dependabot-core/docker/lib/dependabot/docker/file_parser.rb

Line 42 in b7ad648

next unless FROM_LINE.match?(line)

Dependabot should put all ARGs in a map and replace the values before executing the regex.
This syntax is valid: https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact

Native package manager behavior
n/a
Images of the diff or a link to the PR, issue or logs
n/a, because Dependabot does not detect this line as valid FROM syntax, so no dependency was detected.
🕹 Bonus points: Smallest manifest that reproduces the issue
@hfhbd hfhbd added the T: bug 🐞 Something isn't working label Jan 6, 2022
@jurre jurre added L: docker Docker containers T: feature-request Requests for new features core 🍏 Relates to the dependabot-core library itself and removed T: bug 🐞 Something isn't working labels Jan 6, 2022
@hfhbd hfhbd mentioned this issue Jan 6, 2022
Merged
@jeffwidman
Copy link
Member

I'm temp re-opening due to the reversion (explained in #4837) and then closing as a dupe of #2057

@jeffwidman jeffwidman reopened this Sep 15, 2022
@jeffwidman jeffwidman closed this as not planned Won't fix, can't repro, duplicate, stale Sep 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core 🍏 Relates to the dependabot-core library itself L: docker Docker containers T: feature-request Requests for new features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Docker: Support ARG FROM
3 participants
@jeffwidman @jurre @hfhbd