feat: add Dockerfile support

Author: chrisbbreuer

.vscode/dictionary.txt

@@ -15,6 +15,7 @@ davidanson
 degit
 deps
 destructurable
+Dockerfiles
 dtsx
 entrypoints
 findstr

bin/cli.ts

@@ -38,7 +38,7 @@ cli.usage(`[command] [options]
 
 🤖 Buddy Bot - Your companion dependency manager
 
-Supports npm, Bun, yarn, pnpm, Composer, pkgx, Launchpad, and GitHub Actions
+Supports npm, Bun, yarn, pnpm, Composer, pkgx, Launchpad, GitHub Actions, and Dockerfiles
 Automatically migrates from Renovate and Dependabot
 
 DEPENDENCY MANAGEMENT:
@@ -70,7 +70,7 @@ CONFIGURATION & SETUP:
 Examples:
   buddy-bot setup                      # Interactive setup with migration
   buddy-bot setup --non-interactive    # Automated setup for CI/CD
-  buddy-bot scan --verbose             # Scan for updates (npm + Composer)
+  buddy-bot scan --verbose             # Scan for updates (npm + Composer + Dockerfiles)
   buddy-bot rebase 17                  # Rebase PR #17
   buddy-bot update-check               # Auto-rebase checked PRs
   buddy-bot cleanup                    # Clean up stale branches

src/buddy.ts

@@ -66,8 +66,11 @@ export class Buddy {
       // Get outdated GitHub Actions
       const githubActionsUpdates = await this.checkGitHubActionsForUpdates(packageFiles)
 
+      // Get outdated Docker images
+      const dockerUpdates = await this.checkDockerfilesForUpdates(packageFiles)
+
       // Merge all updates
-      let updates = [...packageJsonUpdates, ...dependencyFileUpdates, ...githubActionsUpdates]
+      let updates = [...packageJsonUpdates, ...dependencyFileUpdates, ...githubActionsUpdates, ...dockerUpdates]
 
       // Apply ignore filter to dependency file updates
       if (this.config.packages?.ignore && this.config.packages.ignore.length > 0) {
@@ -564,6 +567,112 @@ export class Buddy {
     return deduplicatedUpdates
   }
 
+  /**
+   * Check Dockerfiles for updates
+   */
+  private async checkDockerfilesForUpdates(packageFiles: PackageFile[]): Promise<PackageUpdate[]> {
+    const { isDockerfile } = await import('./utils/dockerfile-parser')
+    const { fetchLatestDockerImageVersion } = await import('./utils/dockerfile-parser')
+
+    const updates: PackageUpdate[] = []
+
+    // Filter to only Dockerfile files
+    const dockerfiles = packageFiles.filter(file => isDockerfile(file.path))
+
+    this.logger.info(`🔍 Found ${dockerfiles.length} Dockerfile(s)`)
+
+    for (const file of dockerfiles) {
+      try {
+        this.logger.info(`Checking Dockerfile: ${file.path}`)
+
+        // Get all Docker image dependencies from this file
+        const imageDeps = file.dependencies.filter(dep => dep.type === 'docker-image')
+        this.logger.info(`Found ${imageDeps.length} Docker images in ${file.path}`)
+
+        for (const dep of imageDeps) {
+          try {
+            this.logger.info(`Checking Docker image: ${dep.name}:${dep.currentVersion}`)
+
+            // Check if current version should be respected (like "latest", etc.)
+            const shouldRespectVersion = (version: string): boolean => {
+              const respectLatest = this.config.packages?.respectLatest ?? true
+              if (!respectLatest)
+                return false
+
+              const dynamicIndicators = ['latest', 'main', 'master', 'develop', 'dev', 'stable']
+              const cleanVersion = version.toLowerCase().trim()
+              return dynamicIndicators.includes(cleanVersion)
+            }
+
+            if (shouldRespectVersion(dep.currentVersion)) {
+              this.logger.debug(`Skipping ${dep.name} - version "${dep.currentVersion}" should be respected`)
+              continue
+            }
+
+            // Fetch latest version for this Docker image
+            const latestVersion = await fetchLatestDockerImageVersion(dep.name)
+
+            if (latestVersion) {
+              this.logger.info(`Latest version for ${dep.name}: ${latestVersion}`)
+
+              if (latestVersion !== dep.currentVersion) {
+                // Determine update type
+                const updateType = this.getUpdateType(dep.currentVersion, latestVersion)
+
+                this.logger.info(`Update available: ${dep.name} ${dep.currentVersion} → ${latestVersion} (${updateType})`)
+
+                updates.push({
+                  name: dep.name,
+                  currentVersion: dep.currentVersion,
+                  newVersion: latestVersion,
+                  updateType,
+                  dependencyType: 'docker-image',
+                  file: file.path,
+                  metadata: undefined,
+                  releaseNotesUrl: `https://hub.docker.com/r/${dep.name}/tags`,
+                  changelogUrl: undefined,
+                  homepage: `https://hub.docker.com/r/${dep.name}`,
+                })
+              }
+              else {
+                this.logger.info(`No update needed for ${dep.name}: already at ${latestVersion}`)
+              }
+            }
+            else {
+              this.logger.warn(`Could not fetch latest version for Docker image ${dep.name}`)
+            }
+          }
+          catch (error) {
+            this.logger.warn(`Failed to check version for Docker image ${dep.name}:`, error)
+          }
+        }
+      }
+      catch (error) {
+        this.logger.error(`Failed to check Dockerfile ${file.path}:`, error)
+      }
+    }
+
+    this.logger.info(`Generated ${updates.length} Docker image updates`)
+
+    // Deduplicate updates by name, version, and file
+    const deduplicatedUpdates = updates.reduce((acc, update) => {
+      const existing = acc.find(u =>
+        u.name === update.name
+        && u.currentVersion === update.currentVersion
+        && u.newVersion === update.newVersion
+        && u.file === update.file,
+      )
+      if (!existing) {
+        acc.push(update)
+      }
+      return acc
+    }, [] as PackageUpdate[])
+
+    this.logger.info(`After deduplication: ${deduplicatedUpdates.length} unique Docker image updates`)
+
+    return deduplicatedUpdates
+  }
+
   /**
    * Determine update type based on version comparison
    */
@@ -675,11 +784,11 @@ export class Buddy {
               // This prevents accidentally updating scripts or other sections with the same package name
               const escapedPackageName = cleanPackageName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
               const escapedSectionName = section.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
-              
+
               // Match the section, then find the package within that section
               const sectionRegex = new RegExp(
                 `("${escapedSectionName}"\\s*:\\s*\\{[^}]*?)("${escapedPackageName}"\\s*:\\s*")([^"]+)(")([^}]*?\\})`,
-                'gs'
+                'gs',
               )
 
               // Preserve the original prefix when updating to new version
@@ -708,10 +817,14 @@ export class Buddy {
 
     // Handle dependency file updates (deps.yaml, dependencies.yaml, etc.)
     // Only process if we have dependency file updates to avoid unnecessary processing
-    const dependencyFileUpdates = updates.filter(update =>
-      (update.file.includes('.yaml') || update.file.includes('.yml'))
-      && !update.file.includes('.github/workflows/'),
-    )
+    const dependencyFileUpdates = updates.filter((update) => {
+      const fileName = update.file.toLowerCase()
+      const isDependencyFile = fileName.endsWith('deps.yaml')
+        || fileName.endsWith('deps.yml')
+        || fileName.endsWith('dependencies.yaml')
+        || fileName.endsWith('dependencies.yml')
+      return isDependencyFile && !update.file.includes('.github/workflows/')
+    })
     if (dependencyFileUpdates.length > 0) {
       try {
         const { generateDependencyFileUpdates } = await import('./utils/dependency-file-parser')
@@ -761,6 +874,24 @@ export class Buddy {
       }
     }
 
+    // Handle Dockerfile updates
+    // Only process if we have Dockerfile updates to avoid unnecessary processing
+    const dockerfileUpdates = updates.filter(update =>
+      update.dependencyType === 'docker-image',
+    )
+    if (dockerfileUpdates.length > 0) {
+      try {
+        const { generateDockerfileUpdates } = await import('./utils/dockerfile-parser')
+        // Pass only the Dockerfile updates for this specific group
+        const dockerUpdates = await generateDockerfileUpdates(dockerfileUpdates)
+        fileUpdates.push(...dockerUpdates)
+      }
+      catch (error) {
+        this.logger.error('Failed to generate Dockerfile updates:', error)
+        // Continue with other updates even if Dockerfile updates fail
+      }
+    }
+
     return fileUpdates
   }
 

src/scanner/package-scanner.ts

@@ -8,6 +8,7 @@ import { readdir, readFile, stat } from 'node:fs/promises'
 import { join } from 'node:path'
 import { BuddyError } from '../types'
 import { isDependencyFile, parseDependencyFile as parseDepFile } from '../utils/dependency-file-parser'
+import { isDockerfile, parseDockerfile as parseDockerfileUtil } from '../utils/dockerfile-parser'
 import { isGitHubActionsFile, parseGitHubActionsFile } from '../utils/github-actions-parser'
 
 export class PackageScanner {
@@ -95,6 +96,20 @@ export class PackageScanner {
         }
       }
 
+      // Look for Dockerfiles
+      const dockerfiles = await this.findDockerfiles()
+      this.logger.info(`🔍 Found ${dockerfiles.length} Dockerfile(s): ${dockerfiles.join(', ')}`)
+      for (const filePath of dockerfiles) {
+        if (this.shouldIgnorePath(filePath)) {
+          continue
+        }
+        const packageFile = await this.parseDockerfile(filePath)
+        if (packageFile) {
+          packageFiles.push(packageFile)
+          this.logger.info(`📦 Parsed Dockerfile: ${filePath} with ${packageFile.dependencies.length} dependencies`)
+        }
+      }
+
       const duration = Date.now() - startTime
       this.logger.success(`Found ${packageFiles.length} package files in ${duration}ms`)
 
@@ -250,6 +265,45 @@ export class PackageScanner {
     return workflowFiles
   }
 
+  /**
+   * Find Dockerfiles in the project
+   */
+  private async findDockerfiles(): Promise<string[]> {
+    const dockerfiles: string[] = []
+
+    try {
+      // Common Dockerfile names
+      const dockerfileNames = [
+        'Dockerfile',
+        'dockerfile',
+        'Dockerfile.dev',
+        'Dockerfile.prod',
+        'Dockerfile.production',
+        'Dockerfile.development',
+        'Dockerfile.test',
+        'Dockerfile.staging',
+      ]
+
+      for (const fileName of dockerfileNames) {
+        const files = await this.findFiles(fileName)
+        dockerfiles.push(...files)
+      }
+
+      // Also look for files that start with Dockerfile using pattern matching
+      const dockerfilePatterns = await this.findFilesByPattern('Dockerfile*')
+      for (const file of dockerfilePatterns) {
+        if (!dockerfiles.includes(file) && isDockerfile(file)) {
+          dockerfiles.push(file)
+        }
+      }
+    }
+    catch {
+      // Ignore if no Dockerfiles exist
+    }
+
+    return dockerfiles
+  }
+
   /**
    * Parse a GitHub Actions workflow file
    */
@@ -266,6 +320,22 @@ export class PackageScanner {
     }
   }
 
+  /**
+   * Parse a Dockerfile
+   */
+  async parseDockerfile(filePath: string): Promise<PackageFile | null> {
+    try {
+      const fullPath = join(this.projectPath, filePath)
+      const content = await readFile(fullPath, 'utf-8')
+      const result = await parseDockerfileUtil(filePath, content)
+      return result
+    }
+    catch (_error) {
+      this.logger.warn(`Failed to parse Dockerfile ${filePath}:`, _error)
+      return null
+    }
+  }
+
   /**
    * Find Composer files in the project
    */

src/types.ts

@@ -152,7 +152,7 @@ export interface PackageFile {
   /** File path relative to repository root */
   path: string
   /** Type of package file */
-  type: 'package.json' | 'bun.lockb' | 'package-lock.json' | 'yarn.lock' | 'pnpm-lock.yaml' | 'deps.yaml' | 'deps.yml' | 'dependencies.yaml' | 'dependencies.yml' | 'pkgx.yaml' | 'pkgx.yml' | '.deps.yaml' | '.deps.yml' | 'composer.json' | 'composer.lock' | 'github-actions'
+  type: 'package.json' | 'bun.lockb' | 'package-lock.json' | 'yarn.lock' | 'pnpm-lock.yaml' | 'deps.yaml' | 'deps.yml' | 'dependencies.yaml' | 'dependencies.yml' | 'pkgx.yaml' | 'pkgx.yml' | '.deps.yaml' | '.deps.yml' | 'composer.json' | 'composer.lock' | 'github-actions' | 'Dockerfile'
   /** Raw file content */
   content: string
   /** Parsed dependencies */
@@ -165,7 +165,7 @@ export interface Dependency {
   /** Current version or range */
   currentVersion: string
   /** Dependency type */
-  type: 'dependencies' | 'devDependencies' | 'peerDependencies' | 'optionalDependencies' | 'require' | 'require-dev' | 'github-actions'
+  type: 'dependencies' | 'devDependencies' | 'peerDependencies' | 'optionalDependencies' | 'require' | 'require-dev' | 'github-actions' | 'docker-image'
   /** File where dependency is defined */
   file: string
   /** Line number in file */
@@ -182,7 +182,7 @@ export interface PackageUpdate {
   /** Update type */
   updateType: 'major' | 'minor' | 'patch'
   /** Dependency type */
-  dependencyType: 'dependencies' | 'devDependencies' | 'peerDependencies' | 'optionalDependencies' | 'require' | 'require-dev' | 'github-actions'
+  dependencyType: 'dependencies' | 'devDependencies' | 'peerDependencies' | 'optionalDependencies' | 'require' | 'require-dev' | 'github-actions' | 'docker-image'
   /** Source file */
   file: string
   /** Package metadata from registry */