Update .devcontainer configuration #4843
Conversation
|
I have a question @echoix According to this manager it is able to update But I don't see that renovate has opened PRs on this file ever: https://github.com/oxsecurity/megalinter/pulls?q=author%3Aapp%2Frenovate+azure And this particular dependency is very old: It's from 2020: https://pypi.org/project/azure-devops/#history |
🦙 MegaLinter status:
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ API | spectral | 1 | 0 | 0 | 1.69s | |
| bash-exec | 6 | 1 | 0 | 0.02s | ||
| ✅ BASH | shellcheck | 6 | 0 | 0 | 0.21s | |
| ✅ BASH | shfmt | 6 | 0 | 0 | 0 | 0.78s |
| ✅ COPYPASTE | jscpd | yes | no | no | 2.84s | |
| ✅ DOCKERFILE | hadolint | 129 | 0 | 0 | 28.33s | |
| ✅ JSON | jsonlint | 20 | 0 | 0 | 0.21s | |
| ✅ JSON | v8r | 22 | 0 | 0 | 13.57s | |
| markdownlint | 267 | 0 | 302 | 0 | 21.63s | |
| ✅ MARKDOWN | markdown-table-formatter | 267 | 0 | 0 | 0 | 165.99s |
| bandit | 215 | 66 | 0 | 3.3s | ||
| ✅ PYTHON | black | 215 | 0 | 0 | 0 | 4.98s |
| ✅ PYTHON | flake8 | 215 | 0 | 0 | 1.85s | |
| ✅ PYTHON | isort | 215 | 0 | 0 | 0 | 1.29s |
| ✅ PYTHON | mypy | 215 | 0 | 0 | 11.63s | |
| ✅ PYTHON | pylint | 215 | 0 | 0 | 30.02s | |
| ✅ PYTHON | ruff | 215 | 0 | 0 | 0 | 0.54s |
| ✅ REPOSITORY | checkov | yes | no | no | 33.54s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.77s | |
| grype | yes | 31 | no | 14.67s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 11.53s | |
| ✅ REPOSITORY | trivy | yes | no | no | 16.52s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.65s | |
| trufflehog | yes | 1 | no | 57.22s | ||
| ✅ SPELL | cspell | 718 | 0 | 0 | 12.61s | |
| lychee | 349 | 26 | 0 | 69.6s | ||
| ✅ XML | xmllint | 3 | 0 | 0 | 0 | 1.0s |
| ✅ YAML | prettier | 160 | 0 | 0 | 0 | 3.68s |
| ✅ YAML | v8r | 102 | 0 | 0 | 12.85s | |
| ✅ YAML | yamllint | 161 | 0 | 0 | 2.88s |
See detailed report in MegaLinter reports
It's a pain, we can't expect it to update to a pre-release version, and all the versions of azure-devops on pip are pre-releases. https://pypi.org/project/azure-devops/#history So it's not a problem per say If I remember correctly, that dependency we had problems with it. |
If we want we could create a package rule with: https://docs.renovatebot.com/configuration-options/#ignoreunstable |
|
Isn't it linked to the version used in the built image? |
|
Seriously, I don't think a dev container should have installed all the tools we install inside the Megalinter image in order to be able to develop. |
|
On codespaces, storage, even when shut down, will continue to count against your personal usage. But, the general default image isn't counted, and would start immediately as it is readily available on the machines. |
|
What happens if you don't include the Dockerfile at all in the devcontainer.json file. Is it allowed? That's interesting to read: |
|
I am new to devcontainers so whatever you and @nvuillam decide. |
|
I am also new to .devcontainer , but I thin, it should allow to developer on MegaLinter and run at least some test cases (including with python breakpoints) in the online vscode So probably not all the linters (coz it would be too long to load), but at least a few :) |
|
It doesn't hurt to just start with this. It can't be worse than now |
Fixes #4840
I have tried to run rebuild container command to be sure that all changes are correct.
And I've run on local (Windows and Ubuntu with WSL2) renovate to see that the regexes are working correctly.