unpin docker version in pre-commit hook

[electriquo]

What I did

eliminating inconsistency. e.g. for version 2.10.0, pre-commit hooks points to outdated version

hadolint/.pre-commit-hooks.yaml

Line 7 in 47e3022

entry: ghcr.io/hadolint/hadolint:v2.9.3 hadolint

How I did it

unpinning the version from the docker hook, behaves in the same manner as the native hook.
this is not the best approach, since each version will pull the latest docker image but will also run on the latest version that is installed on the operating system. the best way to handle the issue is to pin the exact version with each release.

How to verify it

set .pre-commit-config.yaml as follows

  - repo: https://github.com/hadolint/hadolint
    rev: 23b2b76fe7b757658019ca4e080efa208784621b
    hooks:
      - id: hadolint-docker

then execute pre-commit and see whether the latest docker images has been pulled

$ pre-commit run -a hadolint-docker
$ docker run --rm ghcr.io/hadolint/hadolint /bin/hadolint --version
Haskell Dockerfile Linter 2.10.0

[lorenzo]

maybe better to commit the file after each release in a github action?

[electriquo]

@lorenzo i think it will not solve the issue. pre-commit checkouts the repository at the rev and then reads the pre-commit-hooks.yaml, which is where the version of the docker image is specified.

[electriquo]

@lorenzo any other thoughts?

[lorenzo]

I’m not familiar with pre-commit hooks. What do you mean by “it checkouts the commit at the rev”? Do you have to keep updating the version locally?

[electriquo]

What do you mean by “it checkouts the commit at the rev”?

from pre-commit docs

rev: the revision or tag to clone at.

A sample repository:

repos:
-   repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v1.2.3
    hooks:
    -   ...

[electriquo]

@lorenzo did i answer your question?

[lorenzo]

@foolioo Thanks, I understand what you mean. If this is merged, how do you usually tell docker to update to the latest tag when it is released? Once an image is downloaded to the cache, it will not change anymore

[electriquo]

@lorenzo there are 3 ways:

1. you pin and bump the version in the hook with each release (of curse, this can be automated)
2. use pre-commit with the docker image directly, watch for changes, and update accordingly
3. expect the dependency in hadolint to be met

alternatives are enumerated by order of best practice.

[lorenzo]

Ok, I understand. I think it makes sense to change this. Thanks for your patience