ci: ignore chainguard/python in Dependabot docker updates#575
ci: ignore chainguard/python in Dependabot docker updates#575
Conversation
Chainguard free-tier images only expose latest/latest-dev tags and use digest pinning from cgr.dev -- Dependabot cannot enumerate versions, causing unknown_error failures. Digests are updated manually. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request resolves persistent Dependabot failures by instructing it to disregard Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
|
Important Review skippedAuto reviews are limited based on label configuration. 🚫 Review skipped — only excluded labels are configured. (1)
Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughThe pull request adds a Dependabot Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Possibly related PRs
Suggested labels
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
📝 Coding Plan
Comment |
There was a problem hiding this comment.
Code Review
This pull request aims to fix failing Dependabot runs by ignoring the chainguard/python Docker image, which causes errors because it doesn't have enumerable version tags. The change adds an ignore rule to the dependabot.yml configuration. My review found a potential issue with the dependency-name specified in the ignore rule. It should likely include the full registry path (cgr.dev/chainguard/python) to match the image name in the Dockerfile and ensure the rule is effective.
| reviewers: | ||
| - Aureliolo | ||
| ignore: | ||
| - dependency-name: chainguard/python |
There was a problem hiding this comment.
The dependency-name for the Chainguard image appears to be incomplete. According to the Dockerfile, the full image name is cgr.dev/chainguard/python. For Dependabot to correctly identify and ignore the dependency, the dependency-name should match the full image name specified in the FROM instruction, including the registry part. Using just chainguard/python might not be effective, causing Dependabot runs to continue failing.
- dependency-name: cgr.dev/chainguard/python🤖 I have created a release *beep* *boop* --- ## [0.3.6](v0.3.5...v0.3.6) (2026-03-19) ### Features * **cli:** add backup subcommands (backup, backup list, backup restore) ([#568](#568)) ([4c06b1d](4c06b1d)) * **engine:** implement execution loop auto-selection based on task complexity ([#567](#567)) ([5bfc2c6](5bfc2c6)) ### Bug Fixes * activate structured logging pipeline -- wire 8-sink system, integrate Uvicorn, suppress spam ([#572](#572)) ([9b6bf33](9b6bf33)) * **cli:** bump grpc-go v1.79.3 -- CVE-2026-33186 auth bypass ([#574](#574)) ([f0171c9](f0171c9)) * resolve OpenAPI schema validation warnings for union/optional fields ([#558](#558)) ([5d96b2b](5d96b2b)) ### CI/CD * bump codecov/codecov-action from 5.5.2 to 5.5.3 in the minor-and-patch group ([#571](#571)) ([267f685](267f685)) * ignore chainguard/python in Dependabot docker updates ([#575](#575)) ([1935eaa](1935eaa)) ### Maintenance * bump the major group across 1 directory with 2 updates ([#570](#570)) ([b98f82c](b98f82c)) * bump the minor-and-patch group across 2 directories with 4 updates ([#569](#569)) ([3295168](3295168)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Summary
chainguard/pythonin Dependabot's docker/backend ecosystem entrylatest/latest-devtags and use digest pinning fromcgr.dev-- Dependabot cannot enumerate versions, causingunknown_errorfailures on every scheduled rundocker buildx imagetools inspect)Test plan
docker/backendsucceeds (no morechainguard/pythonunknown_error)python(official Docker Hub) image updates still work normally🤖 Generated with Claude Code