Added 'update-deps' skill and updated 'moby/docker' to 29.5.2.

[AlexSkrypnyk]

Summary

Adds a project-scoped Claude skill (update-deps) that automates Dockerfile dependency version bumping. The skill scans Dockerfile for Renovate-annotated entries, resolves each dependency's latest upstream version via its datasource (GitHub releases, npm, Node.js LTS, or Docker Hub), prints a diff table, and edits the pinned version=... literals in place. Git operations (branching, committing, pushing) are explicitly out of scope and left to the caller.

Also includes the first use of the skill: bumping moby/docker from 28.5.2 to 29.5.2 (a major version bump - upstream tag docker-v29.5.2).

Changes

.claude/skills/update-deps/SKILL.md (new)

• Defines the update-deps skill with four sections: dependency discovery, per-datasource version resolution, diff table rendering, and in-place Dockerfile editing.
• Documents supported datasources: github-releases, npm, node (LTS), and docker (base image digest).
• Includes per-datasource fallback logic (e.g. tags when no releases exist, docker pull fallback for digest resolution).
• Instructs the model to stop after file edits and not touch goss.yaml, versions-config.json, or README.

.gitignore (new)

• Adds entries to allow .claude/skills/ to be tracked while keeping settings.local.json ignored.

Dockerfile

• Bumps moby/docker (moby/moby on GitHub) from 28.5.2 to 29.5.2 in the pinned version= literal.

Summary by CodeRabbit

• New Features

  • Added a new skill specification for updating Dockerfile dependency version pins and base image digests.

• Chores

  • Updated the installed Docker engine version from 28.5.2 to 29.5.2.
  • Updated ignore rules to exclude local tool/runtime metadata and settings files.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 2fd66413-1390-4e67-9202-de9219f7d98d

📥 Commits

Reviewing files that changed from the base of the PR and between 9860f0a and 23c6c6b.

📒 Files selected for processing (1)

• .claude/skills/update-deps/SKILL.md

---

📝 Walkthrough

Walkthrough

This PR adds an update-deps skill spec for resolving Renovate-annotated Dockerfile pins and applying precise in-file edits, updates .gitignore to exclude .claude skill artifacts, and bumps the Docker static engine version in the Dockerfile from 28.5.2 to 29.5.2.

Changes

Dependency Update Automation

Layer / File(s)	Summary
update-deps skill specification .claude/skills/update-deps/SKILL.md	New skill document defines full control flow: discovery of Renovate-annotated Dockerfile dependencies, per-datasource latest resolution rules (github-releases, npm, node, docker), render/stop behavior, and exact in-file edit instructions for version= literals and base image @sha256: digests with verification.
Integration and example application .gitignore, Dockerfile	.gitignore is updated to exclude .claude skill artifacts. Dockerfile updates the installed static Docker engine version variable from 28.5.2 to 29.5.2.

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the two main changes: adding the 'update-deps' skill and updating Docker to version 29.5.2, matching the file modifications in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/update-deps-skill

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.claude/skills/update-deps/SKILL.md:
- Around line 23-25: The fenced code block containing the Renovate regex should
include a language identifier for proper highlighting; update the block around
the regex pattern (the triple-backtick block that starts with the regex pattern
for "#\s*renovate:...") to use "regex" (i.e., ```regex) so the pattern inside
(including named groups like (?<datasource>...), (?<depName>...),
(?<currentValue>...)) is rendered correctly.
- Around line 67-73: The fenced code block that contains the dependency table in
the SKILL.md example is missing a language identifier; update the opening
backticks for that block to include "markdown" (i.e., change the starting ``` to
```markdown for the fenced code block that wraps the table) so the table renders
with proper syntax highlighting and formatting.

In @.gitignore:
- Around line 1-4: Remove the redundant negation lines "! .claude",
"!.claude/skills", and "!.claude/skills/*" from .gitignore and keep only the
explicit ignore for ".claude/settings.local.json"; if your real intent was to
ignore all files under .claude except the skills directory instead, replace the
current lines with a pattern that first ignores ".claude/*" and then selectively
unignore ".claude/skills/" and its contents (use ".claude/*",
"!.claude/skills/", "!.claude/skills/**") while preserving the
".claude/settings.local.json" ignore.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: c16047d3-f7b8-48f9-9b77-1dfd55b54e8c

📥 Commits

Reviewing files that changed from the base of the PR and between cbfd0a0 and 9860f0a.

📒 Files selected for processing (3)

• .claude/skills/update-deps/SKILL.md
• .gitignore
• Dockerfile

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Simplify gitignore logic by removing redundant negation patterns.

The negation patterns (lines 1-3) attempt to explicitly include .claude/skills, but Git tracks all files by default unless explicitly ignored. Negation patterns only make sense when negating a previous ignore rule. Since .claude is not being ignored anywhere, these negation patterns are redundant and potentially confusing.

If the intent is to track .claude/skills/* while ignoring settings.local.json, only line 4 is needed.

♻️ Simplified approach

-!.claude
-!.claude/skills
-!.claude/skills/*
 .claude/settings.local.json

Alternatively, if you want to ignore everything in .claude/ except the skills/ subdirectory:

-!.claude
-!.claude/skills
-!.claude/skills/*
+.claude/*
+!.claude/skills/
 .claude/settings.local.json

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	!.claude
	!.claude/skills
	!.claude/skills/*
	.claude/settings.local.json
	.claude/settings.local.json

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.gitignore around lines 1 - 4, Remove the redundant negation lines "!
.claude", "!.claude/skills", and "!.claude/skills/*" from .gitignore and keep
only the explicit ignore for ".claude/settings.local.json"; if your real intent
was to ignore all files under .claude except the skills directory instead,
replace the current lines with a pattern that first ignores ".claude/*" and then
selectively unignore ".claude/skills/" and its contents (use ".claude/*",
"!.claude/skills/", "!.claude/skills/**") while preserving the
".claude/settings.local.json" ignore.

[AlexSkrypnyk]

Not adopting. The negation patterns counteract a rule in the user's global ~/.gitignore that excludes .claude/ across all repos. Without these explicit un-ignores, the project-scoped Claude skill files in .claude/skills/ would be silently ignored. The negations look redundant when viewing only the project gitignore, but they are load-bearing once the global rule is in play.

[coderabbitai]

@AlexSkrypnyk, understood — thank you for the explanation. That context makes the negation patterns completely sensible: they exist to override a global ~/.gitignore rule that blanket-ignores .claude/ across all repositories, ensuring the project-scoped skill files in .claude/skills/ are still tracked. I'll record this so I don't flag it in future reviews.

---

✏️ Learnings added

Learnt from: AlexSkrypnyk
Repo: drevops/ci-runner PR: 383
File: .gitignore:1-4
Timestamp: 2026-05-21T06:18:22.340Z
Learning: In the `drevops/ci-runner` repository, the `.gitignore` negation patterns `!.claude`, `!.claude/skills`, and `!.claude/skills/*` are intentional and load-bearing. They counteract a common global `~/.gitignore` rule that excludes the `.claude/` directory across all repos. Without these explicit un-ignores in the project-level `.gitignore`, files under `.claude/skills/` would be silently ignored. Do not flag these negation patterns as redundant.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.