Update Dockerfile

The failure occurs when a git operation triggers recently added safe directory checks to alert the user when there is a UID or GID mismatch.  Because the ENTRYPOINT of the hugo-extended container is a call to `hugo`, there is no ability for the end user of the container to tell git to trust the /src directory before hugo is started.

It is possible to override the UID and GID when using the container, but this causes permission errors and does not seem like a user-friendly path forward.

After this change, the hugo-extended container will contain a global git configuration to trust the /src directory.  This may have security implications that have not been considered, but since only the project directory is mounted to /src, this approach seems to respect the intent of git safe directory checks.

Dockerfile

@@ -1,15 +1,14 @@
 # the following version can be overridden at image build time with --build-arg
-ARG HUGO_VERSION=0.110.0
+# renovate: datasource=github-releases depName=gohugoio/hugo
+ARG HUGO_VERSION=0.111.3
+
 # remove/comment the following line completely to compile vanilla Hugo:
 ARG HUGO_BUILD_TAGS=extended
 
-# Hugo >= v0.81.0 requires Go 1.16+ to build
-ARG GO_VERSION=1.19
-ARG ALPINE_VERSION=3.16
-
 # ---
 
-FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build
+# Hugo >= v0.81.0 requires Go 1.16+ to build
+FROM golang:1.19-alpine3.17 AS build
 
 # renew global args from above
 # https://docs.docker.com/engine/reference/builder/#scope
@@ -48,14 +47,16 @@ RUN go install github.com/yaegashi/muslstack@latest && \
 
 # ---
 
-FROM alpine:${ALPINE_VERSION}
+FROM alpine:3.17
 
 # renew global args from above & pin any dependency versions
 ARG HUGO_VERSION
 # https://github.com/jgm/pandoc/releases
+# renovate: datasource=github-releases depName=jgm/pandoc
 ARG PANDOC_VERSION=2.19.2
 # https://github.com/sass/dart-sass-embedded/releases
-ARG DART_SASS_VERSION=1.57.1
+# renovate: datasource=github-releases depName=sass/dart-sass-embedded
+ARG DART_SASS_VERSION=1.59.3
 
 LABEL version="${HUGO_VERSION}"
 LABEL repository="https://github.com/jakejarvis/hugo-docker"
@@ -122,6 +123,8 @@ RUN set -euo pipefail && \
     fi && \
     # clean up some junk
     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* && \
+    # tell git to trust /src
+    git config --global --add safe.directory /src && \
     # make super duper sure that everything went OK, exit otherwise
     hugo env && \
     go version && \

renovate.json

@@ -0,0 +1,18 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "automerge": false,
+  "regexManagers": [
+    {
+      "fileMatch": [
+        "^Dockerfile$"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( registryUrl=(?<registryUrl>.*?))?\\s.*?_VERSION=(?<currentValue>.*)\\s"
+      ],
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+    }
+  ]
+}