Always pull the container image

[JamieMagee]

Yes, we could query the registry client and compare the digest of the local manifest and the remote manifest. But that is more complicated than just letting Docker do that for us. It's also relatively quick (compared with overall Dependabot execution) when no newer image is available:

Fresh pull:

$ time docker pull docker.io/library/alpine:latest
latest: Pulling from library/alpine
4abcf2066143: Pull complete
Digest: sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest

________________________________________________________
Executed in    2.10 secs      fish           external
   usr time    1.21 millis    0.00 micros    1.21 millis
   sys time   16.02 millis  203.00 micros   15.82 millis

Cached pull:

 time docker pull docker.io/library/alpine:latest
latest: Pulling from library/alpine
Digest: sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
Status: Image is up to date for alpine:latest
docker.io/library/alpine:latest

________________________________________________________
Executed in  894.23 millis    fish           external
   usr time    1.22 millis    0.00 micros    1.22 millis
   sys time   14.08 millis  240.00 micros   13.84 millis

[jakecoffman]

I just tested this locally, since I build local ARM versions I'd have to remember to add --pull=false to test things I am building locally. Is it as this point we add a dependabot config command to set ~/.dependabot configurable defaults?

[JamieMagee]

No, that's going to add too much complexity IMO. I'll have to do:

	Exists locally	Doesn't exist locally
Exists remotely	Compare digest	Pull
Doesn't exist remotely	Continue with local image	🤷