# verdigado pre-commit container A container image to include all dependencies (and a warmed up cache) used in our [`pre-commit`](https://pre-commit.com/) hooks/CI steps to speed up execution. If you see any pre-commit CI jobs installing dependencies: - Make sure to execute `pre-commit` using this container - Add the hook to this repo's `.pre-commit-config.yaml` - Optionally install dependencies in the `Dockerfile` with the versions set up for `Renovate` ## Usage In your `.woodpecker.yaml`, adapt and add the following block: ```yaml steps: check-pre-commit: image: git.verdigado.com/verdigado-images/container-pre-commit:latest environment: - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check commands: - pre-commit run --all-files ``` If renovate is set up for your repo, it'll add and update the pinned digest/hash of the image. ## Development Generally you should have `Docker` or something alike installed. If you need to copy files into the container, don't forget to add exclusions to the general _exclude all_ in `.dockerignore`. To **update the base image** (like `3.12.4-alpine3.20` to a newer Alpine version), manual work is still required, but supported by a little script. **Renovate might not create a PR for newer image tags.** 1. In the `Dockerfile`, update the Alpine version for the image and the renovate comments (`# renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose`). ```diff - FROM python:3-alpine3.19@sha256:00c0ffeeacab... + FROM python:3-alpine3.20 # You can omit the sha256 digest, the script prints it out # ... - # renovate: datasource=repology depName=alpine_3_19/build-base versioning=loose + # renovate: datasource=repology depName=alpine_3_20/build-base versioning=loose ENV BUILD_BASE_VERSION="0.8.15" # ... ``` 1. Now run `./get_pkg_versions.sh`. It pulls the alpine image from the Dockerfile, prints it's digest and the latest packages it could find via `apk` inside that container and prints out the names and versions. Example output of `./get_pkg_versions.sh` for a new image, which is not yet pulled: ```plain Unable to find image 'python:3.12.3-alpine3.18' locally 3.12.3-alpine3.18: Pulling from library/python 619be1103602: Pull complete [...] 0eb61f1af52e: Pull complete Digest: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721 Status: Downloaded newer image for python:3.12.3-alpine3.18 [Script output starts here] Checking 5/5 latest package versions on python:3.12.3-alpine3.18 Image digest found: sha256:24680ddf8422899b24756d62b31eb5de782fbb42e9c2bb1c70f1f55fcf891721 --- build-base-0.5-r3 gcc-12.2.1_git20220924-r10 git-2.40.1-r0 openssh-keygen-9.3_p2-r1 ruby-3.2.4-r0 ``` 1. Copy the package versions and update the respective `ENV` with it manually in the `Dockerfile`. You also might add the digest to the base image. 1. Test building the image and you can commit it.