Skip to content

Dev Container lock file and Dependabot configuration for devcontainers#1776

Merged
brooke-hamilton merged 2 commits intoedgefrom
brooke-hamilton/devcontainer-lock
Mar 27, 2026
Merged

Dev Container lock file and Dependabot configuration for devcontainers#1776
brooke-hamilton merged 2 commits intoedgefrom
brooke-hamilton/devcontainer-lock

Conversation

@brooke-hamilton
Copy link
Copy Markdown
Member

@brooke-hamilton brooke-hamilton commented Mar 16, 2026

Thank you for helping make the Radius documentation better!

Please follow this checklist before submitting:

  • Read the contribution guide
  • Commands include options for Linux, MacOS, and Windows within codetabs
  • New file and folder names are globally unique
  • Page references use shortcodes instead of markdown or URL links
  • Images use HTML style and have alternative text
  • Places where multiple code/command options are given have codetabs

In addition, please fill out the following to help reviewers understand this pull request:

Description

Addition of a devcontainer lock file (.devcontainer/devcontainer-lock.json) to pin devcontainer feature versions with integrity hashes, and a new Dependabot configuration entry in .github/dependabot.yml for automated weekly updates of devcontainer features on the edge branch.

Changes

  • .devcontainer/devcontainer-lock.json (new): Pins devcontainer features (git, go, hugo, node) to specific versions with SHA-256 integrity hashes for reproducible builds.
  • .github/dependabot.yml (modified): Adds a devcontainers package ecosystem entry targeting the edge branch with a weekly update schedule.

Issue reference

N/A — Proactive improvement to pin devcontainer feature versions and enable automated dependency updates.

@brooke-hamilton
devcontainer lock and dependabot config
1f30c5f 
Signed-off-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
@brooke-hamilton brooke-hamilton requested review from a team as code owners March 16, 2026 15:05
@brooke-hamilton brooke-hamilton enabled auto-merge (squash) March 16, 2026 16:12
DariuszPorowski
DariuszPorowski requested changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@DariuszPorowski DariuszPorowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idea: How about keeping version of features explicite in devcontainer.json to be aligned with lock file? like here: https://github.com/radius-project/wellknown/blob/87d878457e7740aa9073f9373025d561986a46b6/.devcontainer/devcontainer.json#L9 Dependabot handles this nicely and versions always match 1:1 between files: https://github.com/radius-project/wellknown/pull/48/changes

@DariuszPorowski DariuszPorowski changed the title Devcontainer lock file and Dependabot configuration for devcontainers Dev Container lock file and Dependabot configuration for devcontainers Mar 16, 2026
@brooke-hamilton
Copy link
Copy Markdown
Member Author

brooke-hamilton commented Mar 16, 2026

@copilot implement suggestion in comment #1776 (review)

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 16, 2026

@brooke-hamilton I've opened a new pull request, #1781, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Mar 16, 2026
Merged
6 tasks
@brooke-hamilton
Dev Container lock file and Dependabot configuration for devcontainers (
d1a8b0c 
#1781)

* Initial plan

* Pin explicit feature versions in devcontainer.json to match lock file

Co-authored-by: brooke-hamilton <45323234+brooke-hamilton@users.noreply.github.com>

* Update devcontainer-lock.json keys to match explicit versions in devcontainer.json

Co-authored-by: brooke-hamilton <45323234+brooke-hamilton@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: brooke-hamilton <45323234+brooke-hamilton@users.noreply.github.com>
@brooke-hamilton
Copy link
Copy Markdown
Member Author

brooke-hamilton commented Mar 16, 2026

idea: How about keeping version of features explicite in devcontainer.json to be aligned with lock file? like here: https://github.com/radius-project/wellknown/blob/87d878457e7740aa9073f9373025d561986a46b6/.devcontainer/devcontainer.json#L9 Dependabot handles this nicely and versions always match 1:1 between files: https://github.com/radius-project/wellknown/pull/48/changes

Good idea. Implemented.

@brooke-hamilton brooke-hamilton merged commit fcd2870 into edge Mar 27, 2026
9 checks passed
@brooke-hamilton brooke-hamilton deleted the brooke-hamilton/devcontainer-lock branch March 27, 2026 02:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DariuszPorowski DariuszPorowski DariuszPorowski approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@brooke-hamilton @DariuszPorowski