From d90f16b6479327f6e4acd7695acec29ac241b2f1 Mon Sep 17 00:00:00 2001
From: Bruno Alla <browniebroke@users.noreply.github.com>
Date: Thu, 16 Mar 2023 16:05:02 +0000
Subject: [PATCH] Pin base Python Docker images to bugfix (#4194)

* Pin base Python Docker images to bugfix

Fix #1810

* Skip major & minor versions of Docker images in Dependabot

* Remove argument for docs Docker image

* Update Dependabot config of generated project
---
 .github/dependabot.yml                        |  9 +++++
 .../.github/dependabot.yml                    | 40 +++++++++++--------
 .../compose/local/django/Dockerfile           |  4 +-
 .../compose/local/docs/Dockerfile             |  4 +-
 .../compose/production/django/Dockerfile      |  4 +-
 5 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d95192f3..d308ff96 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -27,6 +27,9 @@ updates:
     directory: "{{cookiecutter.project_slug}}/compose/local/django/"
     schedule:
       interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
     labels:
       - "update"
 
@@ -34,6 +37,9 @@ updates:
     directory: "{{cookiecutter.project_slug}}/compose/local/docs/"
     schedule:
       interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
     labels:
       - "update"
 
@@ -55,6 +61,9 @@ updates:
     directory: "{{cookiecutter.project_slug}}/compose/production/django/"
     schedule:
       interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
     labels:
       - "update"
 
diff --git a/{{cookiecutter.project_slug}}/.github/dependabot.yml b/{{cookiecutter.project_slug}}/.github/dependabot.yml
index 420a63cd..3f4eefe9 100644
--- a/{{cookiecutter.project_slug}}/.github/dependabot.yml
+++ b/{{cookiecutter.project_slug}}/.github/dependabot.yml
@@ -6,7 +6,7 @@ updates:
   # Update GitHub actions in workflows
   - package-ecosystem: "github-actions"
     directory: "/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
@@ -19,55 +19,61 @@ updates:
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/local/django` directory
     directory: "compose/local/django/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/local/docs` directory
     directory: "compose/local/docs/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/local/node` directory
     directory: "compose/local/node/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/aws` directory
     directory: "compose/production/aws/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/django` directory
     directory: "compose/production/django/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/postgres` directory
     directory: "compose/production/postgres/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/traefik` directory
     directory: "compose/production/traefik/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
@@ -78,7 +84,7 @@ updates:
     # Look for a `requirements.txt` in the `root` directory
     # also 'setup.cfg', 'runtime.txt' and 'requirements/*.txt'
     directory: "/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
@@ -86,9 +92,9 @@ updates:
 
   # Enable version updates for javascript/npm
   - package-ecosystem: "npm"
-    # Look for a `packages.json' in the `root` directory
+    # Look for a `packages.json` in the `root` directory
     directory: "/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
diff --git a/{{cookiecutter.project_slug}}/compose/local/django/Dockerfile b/{{cookiecutter.project_slug}}/compose/local/django/Dockerfile
index 3ea6b2d4..36659d31 100644
--- a/{{cookiecutter.project_slug}}/compose/local/django/Dockerfile
+++ b/{{cookiecutter.project_slug}}/compose/local/django/Dockerfile
@@ -1,7 +1,5 @@
-ARG PYTHON_VERSION=3.10-slim-bullseye
-
 # define an alias for the specfic python version used in this file.
-FROM python:${PYTHON_VERSION} as python
+FROM python:3.10.9-slim-bullseye as python
 
 # Python build stage
 FROM python as python-build-stage
diff --git a/{{cookiecutter.project_slug}}/compose/local/docs/Dockerfile b/{{cookiecutter.project_slug}}/compose/local/docs/Dockerfile
index c45d18c9..f52e34d2 100644
--- a/{{cookiecutter.project_slug}}/compose/local/docs/Dockerfile
+++ b/{{cookiecutter.project_slug}}/compose/local/docs/Dockerfile
@@ -1,7 +1,5 @@
-ARG PYTHON_VERSION=3.10-slim-bullseye
-
 # define an alias for the specfic python version used in this file.
-FROM python:${PYTHON_VERSION} as python
+FROM python:3.10.9-slim-bullseye as python
 
 
 # Python build stage
diff --git a/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile b/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile
index ef80441b..ac4ca771 100644
--- a/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile
+++ b/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile
@@ -1,5 +1,3 @@
-ARG PYTHON_VERSION=3.10-slim-bullseye
-
 {% if cookiecutter.frontend_pipeline in ['Gulp', 'Webpack'] -%}
 FROM node:16-bullseye-slim as client-builder
 
@@ -28,7 +26,7 @@ RUN npm run build
 {%- endif %}
 
 # define an alias for the specfic python version used in this file.
-FROM python:${PYTHON_VERSION} as python
+FROM python:3.10.9-slim-bullseye as python
 
 # Python build stage
 FROM python as python-build-stage