fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/fsouza/go-dockerclient	require	minor	v1.9.7 -> v1.10.0

---

Release Notes

fsouza/go-dockerclient (github.com/fsouza/go-dockerclient)

v1.10.0

Compare Source

v1.9.8

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[nalind]

This update to go-dockerclient requires Go 1.20, while Fedora 37 only includes Go 1.19.

[rhatdan]

Ok we can bump the version as soon as @cevich migrates us to F38,f39

[cevich]

Oof, how the heck will I remember to do this. Also, unless we keep this PR open, renovate will keep pestering about this update 😕 Hmmmm. Is there a go.mod way to use different versions for different toolchains?

The only other idea I have is to add an exception to the renovate config w/ a FIXME comment, then pepper the image build scripts with links pointing at it. That will shut up renovate (including for vulnerability alerts I think) and stands a chance of me remembering to re-enable it later.

Any better ideas?

[cevich]

OMG, this is crazy, why does it constantly propose newer and newer updates. This will never get in at this rate. Maybe there's a way to stop the update-madness...

[cevich]

Force-push: Rebased, ran make vendor-in-container.

[cevich]

@rhatdan @nalind PTAL. CI is green (finally). Can we please merge this quickly?

I'm afraid Renovate (annoyingly) will decide it needs force-push again 😖

[rhatdan]

/lgtm

[rhatdan]

/hold cancel

[rhatdan]

@cevich if you could figure out how to turn this off, so that it matches Podman, that would be great.

[cevich]

if you could figure out how to turn this off, so that it matches Podman, that would be great.

I'm assuming "this" means "Renovate's annoying daily force-pushes". It's very perplexing and frustrating for me because podman and buildah already share a common configuration 😕

Looking at the shared/common configuration, it says: Propose golang package version-bumps as soon as Renovate notices. For golang digest-based package updates, restrict update PRs to once per month.

The only "special" thing in podman's setup (and not buildah's) is regarding github.com/containers/* packages. For those, update proposals are restricted to once per day and updates to:

          "^github.com/containers/common",
          "^github.com/containers/image",
          "^github.com/containers/storage",

are grouped together into a single PR.

---

Re: force-push behavior, I'm similarly perplexed. Supposedly adding a non-renovate-bot commit is suppose to stop that. So is adding the stop-updating label. Neither appears to be working 😞 At this point I think this is a Renovate bug. However a non-trivial reproducer will be needed to report that, and package version changes are out of our control.

---

The only easy option I see at the moment is to restrict golang packge version bumps based on a fixed schedule. Like once per day or week or month or similar. Could that suffice?

[cevich]

@renovate renovate bot force-pushed the renovate/major-ci-vm-image branch 18 times, most recently from e0abfff to bfb8c04 yesterday in #5173 apparently it's all golang "tidy" stuff.

Perhaps that's what causes so many "updates".

[rhatdan]

I think once per/day would be fine.