Update GitLab dependency proxy prefixed docker images and pinned PHP PECL packages in Dockerfiles with renovate-bot
ARG DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX
FROM $DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/composer:2 AS composer
FROM $DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/php:7.4-cli-alpine3.15
ENV MUSL_LOCPATH="/usr/local/share/i18n/locales/musl"
RUN set -eux \
&& PACKAGES_PERSISTENT="exiftool git openssh-client imagemagick freetype libjpeg-turbo \
libpng libxpm libwebp icu-libs libintl libstdc++ libzip poppler-utils unzip" \
&& PACKAGES_VOLATILE="$PHPIZE_DEPS cmake make musl-dev gcc gettext-dev \
libwebp-dev libjpeg-turbo-dev libpng-dev libxpm-dev libwebp-dev \
freetype-dev zlib-dev linux-headers libzip-dev icu-dev g++ libxml2-dev \
gnutls-dev libzip-dev libressl-dev zlib-dev" \
&& apk add --update --no-cache $PACKAGES_PERSISTENT $PACKAGES_VOLATILE \
&& docker-php-ext-configure gd --enable-gd --with-webp --with-jpeg \
--with-xpm --with-freetype \
&& docker-php-ext-configure intl \
&& docker-php-ext-install exif gd intl mysqli soap zip \
&& pecl install xdebug-3.1.3 \
&& pecl install redis-5.3.7 \
&& docker-php-ext-enable redis xdebug \
&& cd /tmp && git clone https://gitlab.com/rilian-la-te/musl-locales.git \
&& cd /tmp/musl-locales && cmake . && make && make install \
&& /usr/local/bin/locale -a \
&& rm -rf /tmp/pear \
&& apk del --purge $PACKAGES_VOLATILE \
&& mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
COPY --from=composer /usr/bin/composer /usr/bin/composer
COPY "settings.ini" "$PHP_INI_DIR/conf.d/"
COPY "xdebug.ini" "$PHP_INI_DIR/conf.d/"
RUN addgroup -g 1000 -S cli \
&& adduser -S -G cli -u 1000 -s /bin/bash 1000
USER 1000:1000
WORKDIR "/var/www/html"
- Keep the
composer
andphp
docker source images updated despite using a GitLab dependency proxy variable prefix. - Keep the
redis
andxdebug
PECL packages auto-updated with renovate'sregexManager
.
{
"extends": ["config:base", ":automergeMinor", ":rebaseStalePrs"],
"major": {
"dependencyDashboardApproval": true
},
"regexManagers": [
{
"description": "Update docker references with GitLab dependency proxy prefix variables",
"fileMatch": [
"^\\.gitlab-ci\\.ya?ml$",
"(^|/|\\.)Dockerfile(?:\\.[^/]+)?$",
"(^|/|\\.)docker-compose\\.ya?ml$"
],
"matchStrings": [
"\\$\\{?(?:CI_)?DEPENDENCY_PROXY_(?:DIRECT_)?GROUP_IMAGE_PREFIX\\}?\\/(?<depName>[^:]+):(?<currentValue>[a-z0-9.-]+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?"
],
"datasourceTemplate": "docker",
"versioningTemplate": "docker"
},
{
"description": "Update pecl packages in Dockerfiles",
"fileMatch": ["(^|/|\\.)Dockerfile(?:\\.[^/]+)?$"],
"matchStrings": [
"&& pecl install (?<depName>(?:imagick|redis|xdebug))-(?<currentValue>[a-zA-Z0-9.-]+) \\\\"
],
"datasourceTemplate": "github-tags",
"lookupNameTemplate": "{{#if (containsString depName 'redis')}}php{{depName}}/php{{depName}}{{else}}{{depName}}/{{depName}}{{/if}}",
"versioningTemplate": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(?<prerelease>[^.-]+)?(-(?<compatibility>.*))?$"
}
]
}
PECL packages' repositories are not standardized.
As I found, redis
(https://pecl.php.net/package/redis) uses phpredis/phpredis
on GitHub.
Other packages like xdebug
or imagick
host their repositories under <name>/<name>
, e.g. xdebug/xdebug
on GitHub.
This ruleset naively prefixes redis
with php
; for all other dependency names it simply uses the dependency name as detailed above.
Adjust your lookupNameTemplate
to generate the correct github lookup names for your dependencies accordingly.
When adding more dependencies, also make sure to update your matchStrings
to match the PECL extension's name.
If your PECL dependencies are not hosted on GitHub, then add another section, using another datasourceTemplate
, like gitlab-tags
, git-tags
etc.
You can find all available datasources in the renovate documentation and code.