Ignore section is ignored for docker

[Bafff]

Describe the bug

Dependabot updates docker image across major versions of the image even if I'm using:

- package-ecosystem: docker
  ignore:
  - dependency-name: "*"
    update-types: ["version-update:semver-major"]

To Reproduce

My .github/dependabot.yml is like this

registries:
  dockerhub-registry:
    type: docker-registry
    url: https://registry.hub.docker.com
  microsoft-artifact-registry:
    type: docker-registry
    url: https://mcr.microsoft.com

- package-ecosystem: docker
  directory: /.pipelines
  schedule:
    interval: weekly
  target-branch: master
  registries:
    - dockerhub-registry
    - microsoft-artifact-registry
  versioning-strategy: increase
  ignore:
  ## Disable image updates to .NET 7/8+ versions. Still, it would be updated for 6.*
  - dependency-name: "*"
    update-types: ["version-update:semver-major"]

I'm receiving this result:

Title: Bump dotnet/nightly/aspnet from 6.0.20-jammy-chiseled to 8.0.0-jammy-chiseled in /.pipelines
Description:
Bumps dotnet/nightly/aspnet from 6.0.20-jammy-chiseled to 8.0.0-jammy-chiseled.


Commit:
Bump dotnet/nightly/aspnet in /.pipelines

Bumps dotnet/nightly/aspnet from 6.0.20-jammy-chiseled to 8.0.0-jammy-chiseled.

Changes:

    ± Dockerfile
    ~~~
    --- /tmp/original20231027-6-2vhz1m	2023-10-27 12:56:06.274256024 +0000
    +++ /tmp/updated20231027-6-rakqi	2023-10-27 12:56:06.274256024 +0000
    @@ -1,4 +1,4 @@
    -FROM mcr.microsoft.com/dotnet/nightly/aspnet:6.0.20-jammy-chiseled AS publish
    +FROM mcr.microsoft.com/dotnet/nightly/aspnet:8.0.0-jammy-chiseled AS publish

Expected behavior

I've expected to update docker image only in the range of aspnet:6.x.x images. Is that not correct understanding from me?

Extension (please complete the following information):

• Host: Azure DevOps
• Version: ghcr.io/tinglesoftware/dependabot-updater-docker:1.22

Running using

          - task: dependabot@1
            inputs:
              skipPullRequests: true

/usr/bin/docker run --rm -i -e GITHUB_ACCESS_TOKEN=*** -e DEPENDABOT_PACKAGE_MANAGER=docker -e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=5 -e DEPENDABOT_DIRECTORY=/.pipelines -e DEPENDABOT_TARGET_BRANCH=master -e DEPENDABOT_VERSIONING_STRATEGY=increase -e DEPENDABOT_EXTRA_CREDENTIALS=[{"type":"docker_registry","registry":"registry.hub.docker.com"},{"type":"docker_registry","registry":"mcr.microsoft.com"}] -e DEPENDABOT_FAIL_ON_EXCEPTION=true -e DEPENDABOT_SKIP_PULL_REQUESTS=true -e AZURE_ORGANIZATION=redacted -e AZURE_PROJECT=redacted -e AZURE_REPOSITORY=redacted -e AZURE_ACCESS_TOKEN=*** -e AZURE_MERGE_STRATEGY=squash ghcr.io/tinglesoftware/dependabot-updater-docker:1.22 update_script

[mburumaxwell]

Could you try to repro this using the GitHub-hosted version?

[mburumaxwell]

I will have to close this issue since I cannot get a repro.

That said, I can think of some possibilities:

1. You are facing an issue with BOM in the configuration file when it is being read by the Ruby script. We have changed this behaviour for ignore conditions in Pass ignore conditions via ENV to solve BOM issues #884 and removed the reading of the config file by the Ruby script in Pass commit options via an ENV in JSON hence no need to parse the config file in Ruby #885.
2. The handling of semantic versioning is different for docker as compared to other ecosystems. This is the case if the first possibility does not solve the issue. The easiest way to go around this is to test using the GitHub hosted version and if the behaviour persists, create an issue there.

To test for possibility one, you only need to check if the extension has been updated to the latest version (1.24.0) then run the pipeline.