Add updater container support for conda, deno, and nix

[Copilot]

Three ecosystems shipped by dependabot-core (conda, deno, nix) had no corresponding updater image wiring in this action, causing jobs targeting them to fail image resolution.

Changes

• docker/Dockerfile.{conda,deno,nix} — new single-FROM Dockerfiles pinning the latest available versioned tag (v2.0.20260507203823) + sha256 digest for each upstream ghcr.io/dependabot/dependabot-updater-<ecosystem> image (tag family v2.0.20260427215009 used by other ecosystems doesn't exist for these three yet)
• src/update-containers.ts — registers the three new keys in the manifest object:

  conda: getImageName('Dockerfile.conda'),
  deno: getImageName('Dockerfile.deno'),
  nix: getImageName('Dockerfile.nix'),

• docker/containers.json — regenerated via npm run update-container-manifest
• dist/ — rebuilt via npm run package

Original prompt

Summary

Add updater container support for three ecosystems that are present in dependabot/dependabot-core but missing from this action: conda, deno, and nix.

Why

dependabot-core registers these ecosystems (see the canonical require "dependabot/<ecosystem>" list in core), and updater images are published to ghcr.io/dependabot/dependabot-updater-<ecosystem>. However, this repository does not yet wire them up, so jobs targeting these ecosystems fail to resolve an image.

Currently registered ecosystems live in:

• src/update-containers.ts — the manifest map
• docker/ — one Dockerfile.<ecosystem> per updater
• docker/containers.json — generated manifest

After diffing against the full dependabot-core ecosystem list, the missing ones are: conda, deno, nix.

What to change

1. Create three new Dockerfiles under docker/, each containing a single FROM line pointing at the matching upstream updater image. Follow the exact pattern used by the existing files (e.g. docker/Dockerfile.bun, docker/Dockerfile.bazel):

   • docker/Dockerfile.conda → FROM ghcr.io/dependabot/dependabot-updater-conda:<latest tag>@sha256:<digest>
   • docker/Dockerfile.deno → FROM ghcr.io/dependabot/dependabot-updater-deno:<latest tag>@sha256:<digest>
   • docker/Dockerfile.nix → FROM ghcr.io/dependabot/dependabot-updater-nix:<latest tag>@sha256:<digest>

   Use the same tag/digest version family as the other Dockerfiles already in the repo (currently v2.0.20260427215009). Look up the matching sha256 digest for each image at that tag from ghcr.io/dependabot/dependabot-updater-<ecosystem>. If a digest is not resolvable, leave a TODO comment and use the latest available pinned digest at the same tag family.

2. Register them in src/update-containers.ts in the manifest object, alphabetically/grouped consistent with neighboring entries:

   conda: getImageName('Dockerfile.conda'),
   deno: getImageName('Dockerfile.deno'),
   nix: getImageName('Dockerfile.nix'),

3. Regenerate docker/containers.json by running the project's own script — DO NOT hand-edit this file:

   npm ci
   npm run update-container-manifest

   Commit the regenerated docker/containers.json.

4. Search for any other places that enumerate ecosystems (tests, fixtures, docs/README, type definitions) and update them where appropriate. For example, search for existing ecosystem names like "bun", "bazel", "docker_compose" to find lists that may need the new entries added.

Required validation steps (run all of these and ensure they pass)

Per project convention these scripts must be run after the changes; commit any resulting artifact updates:

npm ci
npm run update-container-manifest   # regenerates docker/containers.json
npm run format                      # prettier --write
npm run lint                        # eslint --fix
npm run format-check
npm run lint-check
npm test
npm run package                     # rebuilds dist/main and dist/cleanup — committed artifacts!

The dist/ directory is a checked-in build artifact for this Action — the npm run package output must be committed, otherwise the action will run stale code at runtime.

Acceptance criteria

• docker/Dockerfile.conda, docker/Dockerfile.deno, docker/Dockerfile.nix exist and follow the single-FROM-line pattern with a pinned tag and sha256 digest.
• src/update-containers.ts manifest object contains conda, deno, nix keys.
• docker/containers.json is regenerated via npm run update-container-manifest and contains all three new entries.
• dist/ is rebuilt via npm run package and committed.
• npm run format-check, npm run lint-check, and npm test all pass.
• No other ecosystem enumeration list in the repo is left out of sync.

High-level PR description (use this in the PR body)

Adds updater container support for three ecosystems already shipped by dependabot-core but missing here: conda, deno, and nix. New Dockerfile.<ecosystem> entries are added under docker/, the manifest map in src/update-containers.ts is extended, and docker/containers.json is regenerated via npm run update-container-manifest. The bundled dist/ artifacts are rebuilt with npm run package so the action ships the updated logic. Linting, formatting, and tests have been run.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Create proper PR on dependabot-actions using the project PR template and a...

This pull request was created from Copilot chat.

[Copilot]

Pull request overview

Adds missing updater container wiring for the conda, deno, and nix Dependabot ecosystems so jobs targeting those ecosystems can resolve a pinned updater image (via docker/containers.json) at runtime.

Changes:

• Added new docker/Dockerfile.{conda,deno,nix} files that pin the upstream ghcr.io/dependabot/dependabot-updater-<ecosystem> images by tag + sha256 digest.
• Registered conda, deno, and nix in src/update-containers.ts so the manifest generator includes them.
• Regenerated docker/containers.json and rebuilt the bundled dist/ artifacts to include the updated manifest.

Show a summary per file

File	Description
src/update-containers.ts	Adds conda, deno, nix entries to the manifest used to generate docker/containers.json.
docker/Dockerfile.conda	Pins the upstream conda updater image (tag + digest).
docker/Dockerfile.deno	Pins the upstream deno updater image (tag + digest).
docker/Dockerfile.nix	Pins the upstream nix updater image (tag + digest).
docker/containers.json	Regenerated container manifest including the three new ecosystems.
dist/main/index.js	Rebuilt bundle so runtime code ships the updated container manifest.
dist/cleanup/index.js	Rebuilt bundle so runtime code ships the updated container manifest.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 5/7 changed files
• Comments generated: 0