Development Containers

General Availability of Dependabot Integration

23 Jan 2024 - @joshspicer

We are excited to announce that starting today, in collaboration with the Dependabot Team, the devcontainers package ecosystem is now generally available! Dependabot will now be able to update your public Dev Container Features, keeping them up-to-date with the latest published versions.

To opt-in, add a .github/dependabot.yml to a repository containing one or more devcontainer.json configuration files:

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "devcontainers" # See documentation for possible values
    directory: "/"
    schedule:
      interval: weekly

Once configured, Dependabot will begin to create pull requests to update your Dev Container Features:

Dependabot PR

An example diff generated by Dependabot is shown below:

---
 .devcontainer-lock.json              | 8 ++++----
 .devcontainer.json                   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.devcontainer-lock.json b/.devcontainer-lock.json
index 324582b..a3868d9 100644
--- a/.devcontainer-lock.json
+++ b/.devcontainer-lock.json
@@ -1,9 +1,9 @@
 {
   "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:1": {
-      "version": "1.0.9",
-      "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:b4c04ba88371a8ec01486356cce10eb9fe8274627d8d170aaec87ed0d333080d",
-      "integrity": "sha256:b4c04ba88371a8ec01486356cce10eb9fe8274627d8d170aaec87ed0d333080d"
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "version": "2.7.1",
+      "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:f6a73ee06601d703db7d95d03e415cab229e78df92bb5002e8559bcfc047fec6",
+      "integrity": "sha256:f6a73ee06601d703db7d95d03e415cab229e78df92bb5002e8559bcfc047fec6"
     }
   }
 }
\ No newline at end of file
diff --git a/.devcontainer.json b/.devcontainer.json
index e9d9af5..9eb9165 100644
--- a/.devcontainer.json
+++ b/.devcontainer.json
@@ -1,6 +1,6 @@
 {
     "image": "mcr.microsoft.com/devcontainers/base:jammy",
     "features": {
-        "ghcr.io/devcontainers/features/docker-in-docker:1": {}
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {}
     }
 }

This updater ensures publicly-accessible Features are pinned to the latest version in the associated devcontainer.json file. If a dev container has an associated lockfile, that file will also be updated. For more information on lockfiles, see this specification.

Features in any valid dev container location will be updated in a single pull request.

Dependabot version updates are free to use for all repositories on GitHub.com. For more information see the Dependabot version update documentation.