Does anyone know of automation for automatically updating the digests referenced in a dockerfile when new upstream versions are released, as denoted by new tags with higher semver?
I've a project on github which builds a binary using a golang alpine image (e.g golang:1.21.3-alpine3.18), then copies the compiled binary in to the official alpine image (e.g. alpine:3.18.4) and releases it. I'm digest pinning these images, and would like to have a github action or job which runs every week and checks for a more modern golang image where it chooses the highest golang version, then the highest alpine version and opens a PR to update the dockerfile with this, and the equivalent alpine version. Does anyone know of existing automation to do this, or have any pointers? Thanks!
Github Dependabot or Mend RenovateBot can automatically verify your dependincies, including docker base images, and will submit pull requests to alert you an update is available.