models: add devcontainers as a known ecosystem (#1240)

2025-12-23 08:47:33 +00:00 · 2025-10-13 23:08:56 -04:00 · 2025-10-13 23:08:56 -04:00 · e9e4eb9ec4
commit e9e4eb9ec4
parent 4494b8a426
6 changed files with 51 additions and 3 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -840,7 +840,7 @@ dependencies = [

 [[package]]
 name = "github-actions-models"
-version = "0.33.0"
+version = "0.34.0"
 dependencies = [
 "indexmap",
 "serde",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -20,7 +20,7 @@ rust-version = "1.88.0"
 [workspace.dependencies]
 anyhow = "1.0.100"
 github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.10" }
-github-actions-models = { path = "crates/github-actions-models", version = "0.33.0" }
+github-actions-models = { path = "crates/github-actions-models", version = "0.34.0" }
 itertools = "0.14.0"
 pest = "2.8.3"
 pest_derive = "2.8.3"
--- a/crates/github-actions-models/Cargo.toml
+++ b/crates/github-actions-models/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "github-actions-models"
-version = "0.33.0"
+version = "0.34.0"
 description = "Unofficial, high-quality data models for GitHub Actions workflows, actions, and related components"
 repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/github-actions-models"
 keywords = ["github", "ci"]
--- a/crates/github-actions-models/src/dependabot/v2.rs
+++ b/crates/github-actions-models/src/dependabot/v2.rs
@ -245,23 +245,58 @@ pub enum AllowDeny {
 #[derive(Deserialize, Debug, PartialEq)]
 #[serde(rename_all = "kebab-case")]
 pub enum PackageEcosystem {
+    /// `bun`
+    Bun,
+    /// `bundler`
    Bundler,
+    /// `cargo`
    Cargo,
+    /// `composer`
    Composer,
+    /// `conda`
+    Conda,
+    /// `devcontainers`
+    Devcontainers,
+    /// `docker`
    Docker,
+    /// `docker-compose`
+    DockerCompose,
+    /// `dotnet-sdk`
+    DotnetSdk,
+    /// `helm`
+    Helm,
+    /// `elm`
    Elm,
+    /// `gitsubmodule`
    Gitsubmodule,
+    /// `github-actions`
    GithubActions,
+    /// `gomod`
    Gomod,
+    /// `gradle`
    Gradle,
+    /// `maven`
    Maven,
+    /// `mix`
    Mix,
+    /// `npm`
    Npm,
+    /// `nuget`
    Nuget,
+    /// `pip`
    Pip,
+    /// `pub`
    Pub,
+    /// `rust-toolchain`
+    RustToolchain,
+    /// `swift`
    Swift,
+    /// `terraform`
    Terraform,
+    /// `uv`
+    Uv,
+    /// `vcpkg`
+    Vcpkg,
 }

 /// Rebase strategies for Dependabot updates.
--- a/crates/github-actions-models/tests/sample-dependabot/v2/devcontainers.yml
+++ b/crates/github-actions-models/tests/sample-dependabot/v2/devcontainers.yml
@ -0,0 +1,8 @@
+# from: https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+  - package-ecosystem: "devcontainers" # See documentation for possible values
+    directory: "/"
+    schedule:
+      interval: weekly
--- a/docs/release-notes.md
+++ b/docs/release-notes.md
@ -9,6 +9,11 @@ of `zizmor`.

 ## Next (UNRELEASED)

+### Bug Fixes 🐛
+
+* Fixed a bug where `zizmor` would fail to parse Dependabot configuration files
+  that specified a `package-ecosystem: devcontainers` update block (#1240)
+
 ## 1.15.0

 This release comes with support for auditing