Pin base Python Docker images to bugfix (#4194)

* Pin base Python Docker images to bugfix

Fix #1810

* Skip major & minor versions of Docker images in Dependabot

* Remove argument for docs Docker image

* Update Dependabot config of generated project

.github/dependabot.yml

@@ -27,6 +27,9 @@ updates:
     directory: "{{cookiecutter.project_slug}}/compose/local/django/"
     schedule:
       interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
     labels:
       - "update"
 
@@ -34,6 +37,9 @@ updates:
     directory: "{{cookiecutter.project_slug}}/compose/local/docs/"
     schedule:
       interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
     labels:
       - "update"
 
@@ -55,6 +61,9 @@ updates:
     directory: "{{cookiecutter.project_slug}}/compose/production/django/"
     schedule:
       interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
     labels:
       - "update"
 

{{cookiecutter.project_slug}}/.github/dependabot.yml

@@ -6,7 +6,7 @@ updates:
   # Update GitHub actions in workflows
   - package-ecosystem: "github-actions"
     directory: "/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
@@ -19,55 +19,61 @@ updates:
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/local/django` directory
     directory: "compose/local/django/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/local/docs` directory
     directory: "compose/local/docs/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/local/node` directory
     directory: "compose/local/node/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/aws` directory
     directory: "compose/production/aws/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/django` directory
     directory: "compose/production/django/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/postgres` directory
     directory: "compose/production/postgres/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
-  # Enable version updates for Docker
   - package-ecosystem: "docker"
     # Look for a `Dockerfile` in the `compose/production/traefik` directory
     directory: "compose/production/traefik/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
@@ -78,7 +84,7 @@ updates:
     # Look for a `requirements.txt` in the `root` directory
     # also 'setup.cfg', 'runtime.txt' and 'requirements/*.txt'
     directory: "/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 
@@ -86,9 +92,9 @@ updates:
 
   # Enable version updates for javascript/npm
   - package-ecosystem: "npm"
-    # Look for a `packages.json' in the `root` directory
+    # Look for a `packages.json` in the `root` directory
     directory: "/"
-    # Check for updates to GitHub Actions every weekday
+    # Every weekday
     schedule:
       interval: "daily"
 

{{cookiecutter.project_slug}}/compose/local/django/Dockerfile

@@ -1,7 +1,5 @@
-ARG PYTHON_VERSION=3.10-slim-bullseye
-
 # define an alias for the specfic python version used in this file.
-FROM python:${PYTHON_VERSION} as python
+FROM python:3.10.9-slim-bullseye as python
 
 # Python build stage
 FROM python as python-build-stage

{{cookiecutter.project_slug}}/compose/local/docs/Dockerfile

@@ -1,7 +1,5 @@
-ARG PYTHON_VERSION=3.10-slim-bullseye
-
 # define an alias for the specfic python version used in this file.
-FROM python:${PYTHON_VERSION} as python
+FROM python:3.10.9-slim-bullseye as python
 
 
 # Python build stage

{{cookiecutter.project_slug}}/compose/production/django/Dockerfile

@@ -1,5 +1,3 @@
-ARG PYTHON_VERSION=3.10-slim-bullseye
-
 {% if cookiecutter.frontend_pipeline in ['Gulp', 'Webpack'] -%}
 FROM node:16-bullseye-slim as client-builder
 
@@ -28,7 +26,7 @@ RUN npm run build
 {%- endif %}
 
 # define an alias for the specfic python version used in this file.
-FROM python:${PYTHON_VERSION} as python
+FROM python:3.10.9-slim-bullseye as python
 
 # Python build stage
 FROM python as python-build-stage