Skip to content

Enable dependabot to track container images in AttackSurfaceAnalyzer Dockerfile#27097

Open
Copilot wants to merge 2 commits intomasterfrom
copilot/enable-dependabot-for-dockerfile
Open

Enable dependabot to track container images in AttackSurfaceAnalyzer Dockerfile#27097
Copilot wants to merge 2 commits intomasterfrom
copilot/enable-dependabot-for-dockerfile

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 25, 2026
edited
Loading

The Dockerfile at tools/AttackSurfaceAnalyzer/docker/Dockerfile was not covered by dependabot's Docker update configuration, leaving its base images (mcr.microsoft.com/dotnet/sdk and mcr.microsoft.com/windows/nanoserver) untracked.

Changes

  • .github/dependabot.yml: Added new docker update entries for /tools/AttackSurfaceAnalyzer/docker — one for the default branch and explicit entries targeting release/v7.4, release/v7.5, and release/v7.6 — mirroring the existing pattern for root-level Docker entries.

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

@adityapatwardhan
Add dependabot Docker entries for AttackSurfaceAnalyzer Dockerfile
6f88428 
Co-authored-by: adityapatwardhan <12820925+adityapatwardhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/PowerShell/PowerShell/sessions/8ce2427b-f164-4608-8d42-3eff795017c5
@adityapatwardhan adityapatwardhan marked this pull request as ready for review March 25, 2026 21:12
@adityapatwardhan adityapatwardhan requested review from a team and jshigetomi as code owners March 25, 2026 21:12
Copilot AI review requested due to automatic review settings March 25, 2026 21:12
Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Dependabot configuration so Docker base images referenced by tools/AttackSurfaceAnalyzer/docker/Dockerfile are included in automated dependency update checks.

Changes:

  • Add a docker ecosystem update entry for /tools/AttackSurfaceAnalyzer/docker on the default branch.
  • Add a second docker ecosystem update entry intended to target release/* branches for the same directory.

.github/dependabot.yml
Comment on lines +41 to +45
- package-ecosystem: "docker"
directory: "/tools/AttackSurfaceAnalyzer/docker"
target-branch: "release/*"
schedule:
interval: daily
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

target-branch does not support wildcard patterns like release/* (it’s treated as a literal branch name), so Dependabot won’t open PRs against your release branches with this config. To update multiple release branches, list each release branch explicitly with its own updates entry (or remove target-branch if you only intend to update the default branch).

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member

@TravisEz13 TravisEz13 Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot fix the wild cards to point to release/v7.4 release/v7.5 and release/v7.6

Copy link
Copy Markdown
Contributor Author

Copilot AI Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 6d6e18d. Replaced the release/* wildcard with three explicit entries for release/v7.4, release/v7.5, and release/v7.6.

Copilot AI requested a review from TravisEz13 March 26, 2026 17:25
@TravisEz13 TravisEz13 added the CL-Tools Indicates that a PR should be marked as a tools change in the Change Log label Mar 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@TravisEz13 TravisEz13 TravisEz13 approved these changes

@jshigetomi jshigetomi Awaiting requested review from jshigetomi jshigetomi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@adityapatwardhan adityapatwardhan

Copilot code review Copilot

Labels

CL-Tools Indicates that a PR should be marked as a tools change in the Change Log

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TravisEz13 @adityapatwardhan