diff --git a/base.json b/base.json index ddce9c1..bd9b735 100644 --- a/base.json +++ b/base.json @@ -12,7 +12,7 @@ "group:linters" ], "docker": { - "pinDigests": false + "pinDigests": true }, "regexManagers": [ { diff --git a/docker.json b/docker.json index ba86445..69b90aa 100644 --- a/docker.json +++ b/docker.json @@ -2,6 +2,18 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "description": ["Preset for use with all of thegeeklab/* docker images"], "extends": ["github>thegeeklab/renovate-presets:base"], + "packageRules": [ + { + "description": "Automerge digest updates (usually security patches)", + "datasources": ["docker"], + "packagePatterns": [ + "^((amd64|arm32v7|arm64v8)/)?python", + "^((amd64|arm32v7|arm64v8)/)?alpine" + ], + "updateTypes": ["pin", "digest"], + "automerge": true + } + ], "regexManagers": [ { "fileMatch": ["^Dockerfile$"],