chore(deps): update fedora:latest docker digest to cf907e6

[KubeArchitectBot]

This PR contains the following updates:

Package	Type	Update	Change
fedora	final	digest	6af051a -> cf907e6

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates the Fedora base image digest in .devcontainer/dockerfile’s FROM line from sha256:6af051ad… to sha256:cf907e6a…. No other lines or configurations in the Dockerfile are changed.

Changes

Cohort / File(s)	Summary
Devcontainer base image digest update .devcontainer/dockerfile	Replace Fedora base image digest in FROM line: sha256:6af051ad... → sha256:cf907e6a.... All other ARGs, RUN steps, user/env/workdir/entrypoint/ports unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Update fedora:latest Docker digest to ef2fe4d #244 — Also updates the Fedora base image digest in .devcontainer/dockerfile.
• chore(deps): update fedora:latest docker digest to 6af051a #299 — Changes the same FROM digest in .devcontainer/dockerfile, preceding this digest update.
• chore(deps): update fedora:latest docker digest to 6c53109 #292 — Performs the same digest update pattern in .devcontainer/dockerfile.

Suggested reviewers

• RelativeSure

Poem

A hop, a skip, a checksum swap—
I nudge the base, then lightly stop.
New digest set, the burrow’s clean,
Dev burrows build with fresher sheen.
Thump-thump! my paws—release day cheer,
One tiny hash, the path is clear. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore(deps): update fedora:latest docker digest to cf907e6" concisely and accurately describes the primary change—updating the Fedora base image digest—and follows conventional commit style so a reviewer can understand the main change at a glance.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/devcontainer-fedora-latest

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.devcontainer/dockerfile (1)

1-1: Consider pinning to a stable Fedora release tag instead of “latest”.

Using a numbered release tag (and its digest) improves predictability of Renovate bumps and reduces surprise breakage when “latest” advances.

Example pattern:

-FROM fedora:latest@sha256:cf907e6a54b0ffd3275e03745b4914e748e69c352810918493ca91789188106c
+# Prefer a stable major; keep digest pin managed by Renovate
+# (replace <digest-for-fedora-XY> with the exact digest Renovate proposes)
+FROM fedora:XY@sha256:<digest-for-fedora-XY>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 77c2087 and bb27299.

📒 Files selected for processing (1)

• .devcontainer/dockerfile (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: MegaLinter
• GitHub Check: run-megalinter

🔇 Additional comments (2)

.devcontainer/dockerfile (2)

1-1: Digest pin update LGTM — local provenance & build verification required (docker unavailable here).

Could not run the provided script: "/bin/bash: line 5: docker: command not found". Run these locally and paste outputs:

# 1) Inspect digest provenance
docker buildx imagetools inspect \
  fedora@sha256:cf907e6a54b0ffd3275e03745b4914e748e69c352810918493ca91789188106c | sed -n '1,160p'

# 2) Build the devcontainer
docker build -f .devcontainer/dockerfile -t autocopr/devcontainer:pr300 .

# 3) Sanity-check inside
docker run --rm autocopr/devcontainer:pr300 bash -lc 'cat /etc/os-release; dnf --version || true; dnf5 --version || true; fish --version || true'

Confirm the inspect output maps that digest to the intended fedora:latest manifest/repoTags and that the build + sanity-run succeed.

---

1-1: Verify dnf/dnf5 availability and dnf5 config-manager in the Fedora base image

You mix dnf and dnf5—ensure both are present in the base image and that dnf5 config-manager works without extra plugins. I couldn't run the check here because docker is not installed; please run locally:

docker run --rm autocopr/devcontainer:pr300 bash -lc 'command -v dnf && command -v dnf5 && dnf5 config-manager --help >/dev/null && echo OK'
# or, if you use podman:
podman run --rm autocopr/devcontainer:pr300 bash -lc 'command -v dnf && command -v dnf5 && dnf5 config-manager --help >/dev/null && echo OK'