Dependabot ignores version constraint for i386 Docker image #609

atc0005 · 2022-04-19T11:45:44Z

https://github.com/atc0005/go-ci/blob/d1aeb7e2b0317eac35f3e8d15a7908f5ddf9e80a/stable/build/alpine-x86/Dockerfile

Lines 174 to 200 in d1aeb7e

    
           - package-ecosystem: docker 
        
             directory: "/stable/build/alpine-x86" 
        
             open-pull-requests-limit: 10 
        
             target-branch: "master" 
        
             schedule: 
        
               interval: "daily" 
        
               time: "02:00" 
        
               timezone: "America/Chicago" 
        
             assignees: 
        
               - "atc0005" 
        
             labels: 
        
               - "dependencies" 
        
               - "CI" 
        
             allow: 
        
               - dependency-type: "all" 
        
             commit-message: 
        
               prefix: "docker" 
        
             ignore: 
        
               - dependency-name: "golang" 
        
                 versions: 
        
                   # Temporarily restrict Go updates to just the 1.17 series until 
        
                   # golangci-lint fully supports Go 1.18. 
        
                   # 
        
                   # See https://github.com/atc0005/go-ci/issues/557 for additional 
        
                   # details. 
        
                   - ">= 1.18" 
        
                   - "< 1.17"

Currently using i386/golang:1.17.9-alpine3.14 (set manually), Dependabot offers i386/golang:1.18.1-alpine3.14

Current PR:

docker: bump i386/golang from 1.17.9-alpine3.14 to 1.18.1-alpine3.14 in /stable/build/alpine-x86 #608

Previous PR:

docker: bump i386/golang from 1.17.8-alpine3.14 to 1.18.1-alpine3.14 in /stable/build/alpine-x86 #601

Summary:

expected no offer of Dockerfile update as 1.17.9 is the latest Go 1.17 image at this time (docker: bump i386/golang from 1.17.9-alpine3.14 to 1.18.1-alpine3.14 in /stable/build/alpine-x86 #608)
expected an update from 1.17.8 to 1.17.9 instead of 1.17.8 to 1.18.1 as docker: bump i386/golang from 1.17.8-alpine3.14 to 1.18.1-alpine3.14 in /stable/build/alpine-x86 #601 applied (which I later manually reversed once I realized that I merged an invalid PR)

The current PR is unexpected as the version constraint should be preventing 1.18 from being offered for all but the unstable Dockerfile (different directory path, different Dependabot config block). The prior PR was incorrect as the version constraint was expected to result in an offer of an update version update for the same series (1.17.x instead of 1.18.x).

The text was updated successfully, but these errors were encountered:

atc0005 · 2022-04-19T11:46:34Z

Created local GH issue for reference using notes from:

Dependabot ignores version constraint for i386 Docker image dependabot/dependabot-core#5009

Follow advice from Dependabot devs to use `i386/golang` dep name instead of generic `golang` dependency name. This is intended to fix dependency version constraints. refs GH-609

Drop from 1.17.9 to 1.17.8 in order to test Dependabot version constraints for updates. refs GH-609

atc0005 · 2022-04-25T09:49:03Z

Resolved by #610, confirmed working by #611 and #612.

atc0005 added bug Something isn't working dependencies CI stable stable-build-only labels Apr 19, 2022

atc0005 added this to the Next Release milestone Apr 19, 2022

atc0005 self-assigned this Apr 19, 2022

atc0005 added a commit that referenced this issue Apr 19, 2022

Update dep name for stable/build/alpine-x86

8eaa228

Follow advice from Dependabot devs to use `i386/golang` dep name instead of generic `golang` dependency name. This is intended to fix dependency version constraints. refs GH-609

atc0005 mentioned this issue Apr 19, 2022

Update dep name for stable/build/alpine-x86 #610

Merged

atc0005 added a commit that referenced this issue Apr 19, 2022

Lower version for i386/golang Docker image

5304262

Drop from 1.17.9 to 1.17.8 in order to test Dependabot version constraints for updates. refs GH-609

atc0005 mentioned this issue Apr 19, 2022

Lower version for i386/golang Docker image #611

Merged

atc0005 closed this as completed Apr 25, 2022

atc0005 mentioned this issue Feb 12, 2024

Dependabot ignores version constraints (range exclusions) for multiple Docker images #1387

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot ignores version constraint for i386 Docker image #609

Dependabot ignores version constraint for i386 Docker image #609

atc0005 commented Apr 19, 2022

atc0005 commented Apr 19, 2022

atc0005 commented Apr 25, 2022

Dependabot ignores version constraint for i386 Docker image #609

Dependabot ignores version constraint for i386 Docker image #609

Comments

atc0005 commented Apr 19, 2022

atc0005 commented Apr 19, 2022

atc0005 commented Apr 25, 2022