Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatic update of packages in the Docker image #47

Open
asbjornu opened this issue Sep 2, 2021 · 6 comments · May be fixed by #50
Open

Automatic update of packages in the Docker image #47

asbjornu opened this issue Sep 2, 2021 · 6 comments · May be fixed by #50

Comments

@asbjornu
Copy link
Member

asbjornu commented Sep 2, 2021

In the Dockerfile, both APK and NPM packages are pinned to specific versions as per best practice. We need to devise a way to keep these packages up to date.

For NPM, perhaps we can use package.json and package-lock.json to move the packages out of the Dockerfile and then use Renovate to keep package-lock.json up to date.

RUN apk --no-cache add git~=2.30 bash~=5.1

For APK packages, a possible solution is described in renovatebot/renovate#5422 (comment).

@asbjornu
Copy link
Member Author

asbjornu commented Sep 2, 2021

With all the files this change seems to spur, I think it would be best if we moved the Dockerfile and all related files into a docker subdirectory of the repository.

@rickstaa
Copy link
Member

rickstaa commented Sep 2, 2021

@asbjornu Both solutions look good to me.

I think especially the APK package solution is trivial since judging from renovatebot/renovate#5422 (comment) the Dockerfile might break when the base image is updated. Good catch!

I have no problem with moving the Dockerfile into a docker subdirectory. I quickly checked the other Reviewdog actions and saw that it has not been done before. However, most other actions don't use pinned versions or pin the docker base image. I don't think there is a special reason for the flat folder structure used in the https://github.com/reviewdog/action-template, but if you want, we can quickly check this with @haya14busa.

@asbjornu
Copy link
Member Author

asbjornu commented Sep 6, 2021

I've started digging into this and think I've hit a couple of snags. If we start using package.json and package-lock.json to install packages during docker build, we can't install packages globally. That makes the following line fail for obvious reasons:

echo "[action-remark-lint] Versions: $(remark --version), remark-lint: $(npm remark-lint --version)"

I can replace remark with npx remark-cli, but npx remark-lint doesn't work and I can't figure out how to execute remark-lint when it's installed locally. Ideas?

The other snag that may be a problem is that the following lines may conflict with the package.json file from the user?

if [[ -f "package.json" ]]; then
echo "[action-remark-lint] Installing npm dependencies..."
npm install
fi

Thoughts?

@asbjornu
Copy link
Member Author

asbjornu commented Sep 6, 2021

Actually, running npm remark-lint --version locally only returns the version number of npm and not that of remark-lint. It seems like passing --version to npm will ignore everything in between and just return the version of npm. Example:

$ npm non-existent-package-being-ignored --version
7.20.3

@rickstaa
Copy link
Member

rickstaa commented Sep 6, 2021

@asbjornu Good point, I also overlooked that. Some solutions can be found here (https://stackoverflow.com/questions/14657170/installing-global-npm-dependencies-via-package-json). I liked the PATH solution the most, but I could not get it to work on my local environment (i.e., I didn't spend enough time trying to get it to work).

If we however are planning to use renovate, I think it already provides us with the tools to upgrade npm packages inside docker files without using a package.json file (see renovatebot/renovate#3717 (comment)).

@rickstaa
Copy link
Member

rickstaa commented Sep 6, 2021

Thanks again for working on this! If implemented, I think it is a good feature to also use in the other actions. Let me know if you run into any problems. I haven't worked with these more advanced features of renovate features, but I’m happy to read up.

@asbjornu asbjornu linked a pull request Sep 6, 2021 that will close this issue
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants