Update dockerfile to import helpers from ecosystem images#14191
Closed
AbhishekBhaskar wants to merge 1 commit intomainfrom
Closed
Update dockerfile to import helpers from ecosystem images#14191AbhishekBhaskar wants to merge 1 commit intomainfrom
AbhishekBhaskar wants to merge 1 commit intomainfrom
Conversation
cb090a8 to
0708d13
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR uses Docker multi-stage builds to import helpers from pre-built ecosystem images rather than duplicating setup code. However, the PR contains numerous unrelated changes that should have been in separate PRs, including:
- Version downgrades from 0.362.0 to 0.361.1 across all gems
- Removal of pnpm trust downgrade handling
- Removal of NuGet wildcard version support
- Simplification of Maven property resolution
- Major refactoring of git_submodules versioning logic
- Removal of directory-aware PR comparison logic
- Deletion of test coverage and extensive code quality documentation
- Significant changes to error messages and test helpers
Changes:
- Docker multi-stage builds for pre_commit ecosystem using go_modules and bundler base images
- Version rollback from 0.362.0 to 0.361.1 for all Dependabot gems
- Removal of multiple features: pnpm trust downgrade handling, NuGet wildcard versions, Maven nested property resolution, directory-aware PR matching
- Deletion of ~500 lines of test coverage and instruction documentation files
- Major refactoring of git_submodules package versioning approach
Reviewed changes
Copilot reviewed 56 out of 58 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| pre_commit/Dockerfile | Multi-stage build importing from go_modules and bundler images |
| updater/lib/dependabot/setup.rb | Removed pre_commit require statement |
| script/dependabot | Added pre_commit volume mount |
| go_modules/Dockerfile, npm_and_yarn/Dockerfile, cargo/Dockerfile, bundler/Dockerfile | Added ARG for parameterized base image |
| Gemfile.lock, updater/Gemfile.lock | Version downgrade from 0.362.0 to 0.361.1 |
| pre_commit/lib/dependabot/pre_commit/metadata_finder.rb | Gutted implementation, changed to placeholder |
| pre_commit/spec/dependabot/pre_commit/metadata_finder_spec.rb | Removed all tests |
| updater/lib/dependabot/updater/group_update_creation.rb | Removed directory-aware PR matching logic |
| updater/lib/dependabot/dependency_change_builder.rb | Simplified error messages |
| npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb | Removed pnpm trust downgrade fallback |
| nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/FileWriters/XmlFileWriter.cs | Removed wildcard version preservation |
| maven/lib/dependabot/maven/file_parser/property_value_finder.rb | Removed nested property resolution |
| gradle/* | Added experiment flags for gradle_wrapper_updater |
| git_submodules/* | Major refactoring of versioning approach |
| common/lib/dependabot/workspace/git.rb | Changed error capture logic |
| .github/instructions/*.instructions.md | Deleted all instruction files |
| .github/copilot-instructions.md | Consolidated all instructions into single file |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What are you trying to accomplish?
This PR uses Docker's multi-stage build feature to import from already-built ecosystem images instead of duplicating the setup code. This enables us to reference the pre-built ecosystem images like
ghcr.io/dependabot/dependabot-updater-go_modulesand copy the necessary files/directories from them.Anything you want to highlight for special attention from reviewers?
Docker's multi-stage build feature allows you to use
COPY --from=with:ghcr.io/dependabot/dependabot-updater-go_modules)Note: For this to work, the ecosystem images (
ghcr.io/dependabot/dependabot-updater-go_modulesandghcr.io/dependabot/dependabot-updater-bundler) must be built first, so there's a build order dependency.How will you know you've accomplished your goal?
If pre-commit's
additional_dependenciessupport works fine.Checklist