Auto-update melange image if older than 30 days

[AmberArcadia]

Automatically checks the age of the local melange Docker image and silently pulls an updated version if it's older than 30 days.

This helps ensure users have recent melange versions with the latest features and bug fixes, such as support for the test-resources field that was added in recent versions.

Changes:

• Added check_and_update_melange_image() function that checks image creation date
• If image is >30 days old, silently pulls the latest version in the background
• If image doesn't exist locally, pulls it automatically
• Handles errors gracefully and continues with existing image if update fails

The check runs at the start of the shellcheck hook, so users get updated images without manual intervention or delays.

[AmberArcadia]

Hmmm it won't show the prompt by default it seems, oh well.

● Bash(timeout 25 pre-commit try-repo /home/amber-arcadia/Documents/GitRepos/pre-commit-hooks shellcheck-run-steps --verbose --files os/aws-privateca-issuer.yaml 2>&1 | tail -50)                     
  ⎿  ===============================================================================                                                                                                                   
     Using config:                                                                                                                                                                                     
     ===============================================================================                                                                                                                   
     repos:                                                                                                                                                                                            
     -   repo: ../pre-commit-hooks                                                                                                                                                                     
         rev: be610949abd356e2daa4e4a9e9659b6dd1d845e2                                                                                                                                                 
         hooks:                                                                                                                                                                                        
         -   id: shellcheck-run-steps                                                                                                                                                                  
     ===============================================================================                                                                                                                   
     [INFO] Initializing environment for ../pre-commit-hooks.                                                                                                                                          
     [INFO] Installing environment for ../pre-commit-hooks.                                                                                                                                            
     [INFO] Once installed this environment will be reused.                                                                                                                                            
     [INFO] This may take a few minutes...                                                                                                                                                             
     shellcheck run steps.....................................................Passed                                                                                                                   
     - hook id: shellcheck-run-steps                                                                                                                                                                   
     - duration: 16.38s                                                                                                                                                                                
                                                                                                                                                                                                       
     ⚠️  Melange image is 0 days old (created 2026-03-26)                                                                                                                                              
     ⚠️  Pulling updated melange image: cgr.dev/chainguard/melange:latest                                                                                                                              
     ⚠️  Press Ctrl+C now to abort or wait 15 seconds to continue...                                                                                                                                   
     Pulling cgr.dev/chainguard/melange:latest...                                                                                                                                                      
     latest: Pulling from chainguard/melange                                                                                                                                                           
     Digest: sha256:6c53e6558fc69b516f5c5704fe6aead50d91bfc40ebe9163797a52a18627f1e1                                                                                                                   
     Status: Image is up to date for cgr.dev/chainguard/melange:latest                                                                                                                                 
     cgr.dev/chainguard/melange:latest                                                                                                                                                                 
     ✓ Melange image updated successfully                                                                                                                                                              
     2026/03/27 00:52:42 WARN unable to detect commit for build config file: opening git repository: repository does not exist                                                                         
     2026/03/27 00:52:42 WARN git repository URL for build config not provided                              

[stevebeattie]

Beyond one minor nit that doesn't necessarily need to block landing this looks good to me.

[stevebeattie]

By performing this before the argument parser checking, the melange image check happens even if one does shellcheck_run_steps.py --help which might be unexpected or take a bit to show the help information.

[dannf]

Great idea!

[dannf]

personally, I'd prefer once a day since we typically don't worry too much about backwards compat in melange changes. It might be cool to make this a config option.

[dannf]

Another option would be to make this melange_image_outdated() check that returns True if the image is missing or out of date. We can use that to decide if we should add --pull always to the docker run command below. I think that would avoid having the 2 different docker pull code paths here.

Or, if we made it docker_image_outdated(img, age), we could re-use it for the shellcheck image as well!