Skip to content

Dev Container lock file and Dependabot configuration for devcontainers#1776

Open
brooke-hamilton wants to merge 2 commits intoedgefrom
brooke-hamilton/devcontainer-lock
Open

Dev Container lock file and Dependabot configuration for devcontainers#1776
brooke-hamilton wants to merge 2 commits intoedgefrom
brooke-hamilton/devcontainer-lock

Conversation

@brooke-hamilton
Copy link
Member

@brooke-hamilton brooke-hamilton commented Mar 16, 2026

Thank you for helping make the Radius documentation better!

Please follow this checklist before submitting:

  • Read the contribution guide
  • Commands include options for Linux, MacOS, and Windows within codetabs
  • New file and folder names are globally unique
  • Page references use shortcodes instead of markdown or URL links
  • Images use HTML style and have alternative text
  • Places where multiple code/command options are given have codetabs

In addition, please fill out the following to help reviewers understand this pull request:

Description

Addition of a devcontainer lock file (.devcontainer/devcontainer-lock.json) to pin devcontainer feature versions with integrity hashes, and a new Dependabot configuration entry in .github/dependabot.yml for automated weekly updates of devcontainer features on the edge branch.

Changes

  • .devcontainer/devcontainer-lock.json (new): Pins devcontainer features (git, go, hugo, node) to specific versions with SHA-256 integrity hashes for reproducible builds.
  • .github/dependabot.yml (modified): Adds a devcontainers package ecosystem entry targeting the edge branch with a weekly update schedule.

Issue reference

N/A — Proactive improvement to pin devcontainer feature versions and enable automated dependency updates.

@brooke-hamilton
devcontainer lock and dependabot config
1f30c5f 
Signed-off-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
@brooke-hamilton brooke-hamilton requested review from a team as code owners March 16, 2026 15:05
@github-actions
Copy link

github-actions bot commented Mar 16, 2026
edited
Loading

Static Web App Preview

Environment Deployment
pr1776 View workflow run

Deployed from commit d1a8b0c0195837c7a6609a118787328b40effc5f via the publisher workflow.

@brooke-hamilton brooke-hamilton enabled auto-merge (squash) March 16, 2026 16:12
DariuszPorowski
DariuszPorowski requested changes Mar 16, 2026
View reviewed changes
Copy link
Member

@DariuszPorowski DariuszPorowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idea: How about keeping version of features explicite in devcontainer.json to be aligned with lock file? like here: https://github.com/radius-project/wellknown/blob/87d878457e7740aa9073f9373025d561986a46b6/.devcontainer/devcontainer.json#L9 Dependabot handles this nicely and versions always match 1:1 between files: https://github.com/radius-project/wellknown/pull/48/changes

@DariuszPorowski DariuszPorowski changed the title Devcontainer lock file and Dependabot configuration for devcontainers Dev Container lock file and Dependabot configuration for devcontainers Mar 16, 2026
@brooke-hamilton
Copy link
Member Author

brooke-hamilton commented Mar 16, 2026

@copilot implement suggestion in comment #1776 (review)

Copy link
Contributor

Copilot AI commented Mar 16, 2026

@brooke-hamilton I've opened a new pull request, #1781, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Mar 16, 2026
Merged
6 tasks
@brooke-hamilton
Dev Container lock file and Dependabot configuration for devcontainers (
d1a8b0c 
#1781)

* Initial plan

* Pin explicit feature versions in devcontainer.json to match lock file

Co-authored-by: brooke-hamilton <45323234+brooke-hamilton@users.noreply.github.com>

* Update devcontainer-lock.json keys to match explicit versions in devcontainer.json

Co-authored-by: brooke-hamilton <45323234+brooke-hamilton@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: brooke-hamilton <45323234+brooke-hamilton@users.noreply.github.com>
@brooke-hamilton
Copy link
Member Author

brooke-hamilton commented Mar 16, 2026

idea: How about keeping version of features explicite in devcontainer.json to be aligned with lock file? like here: https://github.com/radius-project/wellknown/blob/87d878457e7740aa9073f9373025d561986a46b6/.devcontainer/devcontainer.json#L9 Dependabot handles this nicely and versions always match 1:1 between files: https://github.com/radius-project/wellknown/pull/48/changes

Good idea. Implemented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DariuszPorowski DariuszPorowski DariuszPorowski requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@brooke-hamilton @DariuszPorowski