How to configure the dependabot.yml for updating whenever a new python patch version for alpine is available on docker hub?

Question

I'm using Docker for codebase and dependabot on GitHub.

What I want

Whenever there's a new patch version for python or new minor version of alpine for the python-alpine image on docker hub see https://hub.docker.com/_/python, I want dependabot to create a new PR for it.

What I tried

This is my dependabot.yml

version: 2
updates:
  - package-ecosystem: "docker" # See documentation for possible values
    directory: "/compose/local/django" # Location of package manifests
    schedule:
      interval: "monthly"

These are the locations of my Dockerfile.

for dev: /compose/local/django
for production: /compose/production/platform/doap

My Dockerfile at both locations start like this:

FROM python:3.8.7-alpine3.12

ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

RUN apk update \

I don't think it works. I don't see any PR as the latest is python:3.8.8-alpine3.12. How do I change my dependabot.yml?

Your config looks good to me. Maybe this could help? https://docs.github.com/en/code-security/supply-chain-security/troubleshooting-dependabot-errors#investigating-errors-with-dependabot-version-updates FWIW, you can see the files detected by Dependabot under "Insights / Dependency Graph / Dependabot". — otto.poellath, Apr 19 '21 at 09:43
FWIW your config works for me, I automatically got a PR opened by dependabot to update to python `3.9.5-alpine3.12`. Perhaps there is an issue with the path? I used `/` and put a Dockerfile in the root of the repo, and set interval to daily. — leeb, Jul 05 '21 at 10:02

How to configure the dependabot.yml for updating whenever a new python patch version for alpine is available on docker hub?

What I want

What I tried

0 Answers0