A newly pulled updater image is removed at the end of the same dependabot job #10493
Open
1 task done
Labels
L: dart:pub
Dart packages via pub
L: docker
Docker containers
L: dotnet:nuget
NuGet packages via nuget or dotnet
L: elm
Elm packages
L: github:actions
GitHub Actions
L: go:modules
Golang modules
L: java:gradle
Maven packages via Gradle
L: java:maven
Maven packages via Maven
L: javascript
L: php:composer
Issues and code for Composer
L: python
L: ruby:bundler
RubyGems via bundler
L: rust:cargo
Rust crates via cargo
L: swift
Swift packages
L: terraform
Terraform packages
T: bug 🐞
Something isn't working
Is there an existing issue for this?
Package ecosystem
npm
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
When running dependabot on self-hosted runners, I can see that the docker images are pulled from the registry, in the
Run Dependabot
step with output like this:Then in the
Post Run Dependabot
step, I see this:After the images had been pulled, but before the cleanup started, I saw this line when running
docker images
in a terminal:ghcr.io/dependabot/dependabot-updater-npm 1df0623ee586f8c6ba7ca2d5b3fb39616d89ba72 32cacb8bcc0e 3 hours ago 988MB
So, it can be seen that the ghcr.io/dependabot/dependabot-updater-npm image that got pulled is the same that got removed.
While this technically work, it's a big waste of the bandwidth if there are several dependabot jobs to be executed on the same runner as is the case for my use case.
From what I can tell, this happens when the updater entry in https://github.com/github/dependabot-action/blob/main/docker/containers.json is not aligned with the
main
branch of https://github.com/dependabot/dependabot-core, i.e. the github instructs the dependabot-action to use a newer image revision than what is recorded in the containers.json file.The expected behavior would be that the up-to-date updater image should be kept even if it's not the one recorded in the containers.json file.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: