fix(docker_compose): support folded scalar and docker.io-prefixed image values (#15100)

* fix(docker_compose): support folded scalar and docker.io-prefixed image values

* Address review: non-raising builder methods and literal scalar coverage

* Address review: tighten YAML helpers to always return content

* Clarify why compose updater calls dockerfile-style helper

* Address review: scope back to extending the dockerfile-style regex

Drop the YAML fallback path in the docker_compose updater and revert the
shared_file_updater refactor. Folded/literal block scalar image: values
are now handled by extending the existing dockerfile-style declaration
regex with an optional YAML block scalar indicator.

Author: thavaahariharangit

docker/lib/dependabot/docker_compose/file_updater.rb

@@ -29,7 +29,18 @@ def container_image_regex
 
       sig { override.params(escaped_declaration: String).returns(Regexp) }
       def build_old_declaration_regex(escaped_declaration)
-        %r{#{IMAGE_REGEX}\s+["']?(?:\$\{[^\}:]+:-)?(docker\.io/)?#{escaped_declaration}(?:\})?["']?(?=\s|$)}
+        %r{
+          #{IMAGE_REGEX}
+          (?:[>|][-+]?\s*)?              # optional YAML block scalar indicator (folded/literal)
+          \s+
+          ["']?
+          (?:\$\{[^\}:]+:-)?
+          (docker\.io/)?
+          #{escaped_declaration}
+          (?:\})?
+          ["']?
+          (?=\s|$)
+        }x
       end
 
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }

docker/spec/dependabot/docker_compose/file_updater_spec.rb

@@ -638,5 +638,97 @@
         its(:content) { is_expected.to include "image: ${UBUNTU_IMAGE:-ubuntu:17.10}\n" }
       end
     end
+
+    context "when dependency is in a folded scalar image field" do
+      let(:dockerfile_body) do
+        fixture("docker_compose", "composefiles", "folded_digest")
+      end
+
+      let(:dependency) do
+        Dependabot::Dependency.new(
+          name: "library/nginx",
+          version: "1.25.5",
+          previous_version: "1.25.4",
+          requirements: [{
+            requirement: nil,
+            groups: [],
+            file: "docker-compose.yml",
+            source: {
+              tag: "1.25.5",
+              digest: "9a5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4d"
+            }
+          }],
+          previous_requirements: [{
+            requirement: nil,
+            groups: [],
+            file: "docker-compose.yml",
+            source: {
+              tag: "1.25.4",
+              digest: "3f5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4c"
+            }
+          }],
+          package_manager: "docker_compose"
+        )
+      end
+
+      describe "the updated docker-compose.yml" do
+        subject(:updated_dockerfile) do
+          updated_files.find { |f| f.name == "docker-compose.yml" }
+        end
+
+        its(:content) do
+          is_expected.to include(
+            "docker.io/library/nginx:1.25.5@sha256:" \
+            "9a5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4d"
+          )
+        end
+      end
+    end
+
+    context "when dependency is in a literal scalar image field" do
+      let(:dockerfile_body) do
+        fixture("docker_compose", "composefiles", "literal_digest")
+      end
+
+      let(:dependency) do
+        Dependabot::Dependency.new(
+          name: "library/nginx",
+          version: "1.25.5",
+          previous_version: "1.25.4",
+          requirements: [{
+            requirement: nil,
+            groups: [],
+            file: "docker-compose.yml",
+            source: {
+              tag: "1.25.5",
+              digest: "9a5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4d"
+            }
+          }],
+          previous_requirements: [{
+            requirement: nil,
+            groups: [],
+            file: "docker-compose.yml",
+            source: {
+              tag: "1.25.4",
+              digest: "3f5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4c"
+            }
+          }],
+          package_manager: "docker_compose"
+        )
+      end
+
+      describe "the updated docker-compose.yml" do
+        subject(:updated_dockerfile) do
+          updated_files.find { |f| f.name == "docker-compose.yml" }
+        end
+
+        its(:content) do
+          is_expected.to include(
+            "docker.io/library/nginx:1.25.5@sha256:" \
+            "9a5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4d"
+          )
+        end
+      end
+    end
   end
 end

docker/spec/fixtures/docker_compose/composefiles/folded_digest

@@ -0,0 +1,5 @@
+name: web-stack
+services:
+  nginx:
+    image: >-
+      docker.io/library/nginx:1.25.4@sha256:3f5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4c

docker/spec/fixtures/docker_compose/composefiles/literal_digest

@@ -0,0 +1,5 @@
+name: web-stack
+services:
+  nginx:
+    image: |
+      docker.io/library/nginx:1.25.4@sha256:3f5f6c8a4e8b1c3b0e0c2d7c9d5f0e2b6c1a9f4d8e7b3c2a1f0d9e8c7b6a5f4c