chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2

[HofmeisterAn]

What does this PR do?

This PR upgrades Docker.DotNet to the latest major version. The new release introduces a client builder API along with numerous internal improvements and fixes.

Due to changes in Docker.DotNet, the IDockerEndpointAuthenticationConfiguration interface has been updated to use the new types introduced by the library. This interface is publicly exposed via WithDockerEndpoint(IDockerEndpointAuthenticationConfiguration), most users don't use this API.

This breaking change is unlikely to affect users or developers. In most cases, the container runtime is resolved through the auto-discovery mechanism and/or configured via environment variables or the properties file (~/.testcontainers.properties).

Why is it important?

-

Related issues

-

Summary by CodeRabbit

Release Notes

• Dependencies

  • Upgraded Docker.DotNet.Enhanced packages to version 4.0.2, providing updated Docker API compatibility.

• Refactor

  • Modernized Docker client initialization pattern for improved maintainability.
  • Simplified TLS credentials handling by removing legacy custom handler customization.
  • Updated named-pipe connection timeout configuration for better reliability on Windows.

[netlify]

✅ Deploy Preview for testcontainers-dotnet ready!

Name	Link
🔨 Latest commit	4a23756
🔍 Latest deploy log	https://app.netlify.com/projects/testcontainers-dotnet/deploys/69baede1ea331500081e5f9b
😎 Deploy Preview	https://deploy-preview-1665--testcontainers-dotnet.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Walkthrough

This PR upgrades Docker.DotNet.Enhanced packages from 3.131.1 to 4.0.2 and refactors Docker client instantiation from GetDockerClientConfiguration/CreateClient to GetDockerClientBuilder/Build. It updates authentication types from Credentials to IAuthProvider, removes TlsCredentials method overrides, and modifies NPipe timeout configuration.

Changes

Cohort / File(s)	Summary
Package Dependencies Directory.Packages.props	Bumped Docker.DotNet.Enhanced and Docker.DotNet.Enhanced.X509 from 3.131.1 to 4.0.2.
Authentication Configuration src/Testcontainers/Configurations/AuthConfigs/DockerEndpointAuthenticationConfiguration.cs, src/Testcontainers/Configurations/AuthConfigs/IDockerEndpointAuthenticationConfiguration.cs	Renamed GetDockerClientConfiguration to GetDockerClientBuilder; changed return type from DockerClientConfiguration to DockerClientBuilder; replaced Credentials property with AuthProvider (type IAuthProvider); updated constructor to accept IAuthProvider; added NPipe transport configuration logic.
TLS Credentials Simplification src/Testcontainers/Builders/TlsCredentials.cs	Removed public method overrides for IsTlsCredentials() and GetHandler(HttpMessageHandler); removed unused using directives for System.Net.Http and Microsoft.Net.Http.Client.
Docker Client Creation Pattern src/Testcontainers/Builders/DockerEndpointAuthenticationProvider.cs, src/Testcontainers/Clients/DockerApiClient.cs	Migrated from GetDockerClientConfiguration/CreateClient to GetDockerClientBuilder/Build pattern; updated endpoint references from DockerClientConfiguration.EndpointBaseUri to DockerClient.Options.Endpoint; simplified error handling in authentication provider.
Test Updates tests/Testcontainers.Platform.Linux.Tests/DependsOnTest.cs, tests/Testcontainers.Platform.Linux.Tests/ReusableResourceTest.cs, tests/Testcontainers.Tests/Unit/Configurations/DockerEndpointAuthenticationProviderTest.cs, tests/Testcontainers.Tests/Unit/Containers/Unix/ProtectDockerDaemonSocketTest.cs	Updated Docker client instantiation to use GetDockerClientBuilder/Build pattern; updated authentication config references from Credentials to AuthProvider; adapted assertions to use new Options.Endpoint accessor.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• chore: Bump NuGet dependencies #1578: Updates the same Docker.DotNet.Enhanced package versions in Directory.Packages.props.
• feat: Add Docker Engine v29 support #1609: Modifies Docker.DotNet package declarations and DockerEndpointAuthenticationConfiguration authentication handling patterns.
• feat: Support configuring Docker API version #1576: Refactors Docker client construction patterns in DockerEndpointAuthenticationProvider.cs and related files.

Suggested labels

chore

Poem

🐰 A builder pattern hops into view,
Docker clients now constructed fresh and new,
AuthProvider replaces old Credentials way,
TLS simplifies—less code to sway,
Package bumps to 4.0.2 today!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 45.45% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change—bumping Docker.DotNet from 3.131.1 to 4.0.2—which is the primary focus of the pull request.
Description check	✅ Passed	The description covers the mandatory sections ('What does this PR do?' and 'Why is it important?') and provides clear context about the upgrade, breaking changes, and user impact.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/bump-docker-dotnet

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.

Change the reviews.profile setting to assertive to make CodeRabbit's nitpick more issues in your PRs.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

tests/Testcontainers.Tests/Unit/Configurations/DockerEndpointAuthenticationProviderTest.cs (1)

42-45: Consider disposing the Docker client.

The dockerClient created via Build() implements IDisposable. While the test scope is short, disposing it would be consistent with other test files and prevent potential resource leaks.

Proposed fix

-      var dockerClient = authConfig.GetDockerClientBuilder().Build();
+      using var dockerClient = authConfig.GetDockerClientBuilder().Build();
       Assert.Equal(dockerClientEndpoint, authConfig.Endpoint);
       Assert.Equal(dockerClientEndpoint, dockerClient.Options.Endpoint);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/Testcontainers.Tests/Unit/Configurations/DockerEndpointAuthenticationProviderTest.cs`
around lines 42 - 45, The test creates a Docker client via
authConfig.GetDockerClientBuilder().Build() and never disposes it; update the
DockerEndpointAuthenticationProviderTest to dispose dockerClient (the variable
created from Build())—either wrap the Build() call and assertions in a
using/using var block or call dockerClient.Dispose() after the assertions so the
IDisposible Docker client is properly cleaned up.

src/Testcontainers/Configurations/AuthConfigs/DockerEndpointAuthenticationConfiguration.cs (1)

25-25: Derive the fallback timeout from NPipeTransportOptions instead of hardcoding it.

NPipeTransportOptions.ConnectTimeout already defaults to 10 seconds. Duplicating that literal here means this fallback can silently drift from the transport's real default on the next Docker.DotNet upgrade. (github.com)

♻️ Proposed refactor

-    private static readonly TimeSpan NPipeConnectTimeout = EnvironmentConfiguration.Instance.GetNamedPipeConnectionTimeout() ?? PropertiesFileConfiguration.Instance.GetNamedPipeConnectionTimeout() ?? TimeSpan.FromSeconds(10);
+    private static readonly TimeSpan NPipeConnectTimeout =
+      EnvironmentConfiguration.Instance.GetNamedPipeConnectionTimeout()
+      ?? PropertiesFileConfiguration.Instance.GetNamedPipeConnectionTimeout()
+      ?? new NPipeTransportOptions().ConnectTimeout;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/Testcontainers/Configurations/AuthConfigs/DockerEndpointAuthenticationConfiguration.cs`
at line 25, The hardcoded 10s fallback for NPipeConnectTimeout should be
replaced with the transport's default; change the fallback expression so that
when EnvironmentConfiguration.Instance.GetNamedPipeConnectionTimeout() and
PropertiesFileConfiguration.Instance.GetNamedPipeConnectionTimeout() are null it
uses new NPipeTransportOptions().ConnectTimeout (the default for
NPipeTransportOptions) instead of TimeSpan.FromSeconds(10), so update the static
initializer for NPipeConnectTimeout accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@src/Testcontainers/Configurations/AuthConfigs/DockerEndpointAuthenticationConfiguration.cs`:
- Around line 48-71: GetDockerClientBuilder in
DockerEndpointAuthenticationConfiguration dereferences the nullable Uri property
Endpoint (used in WithEndpoint(Endpoint) and Endpoint.Scheme) without guarding
against null; update the method to validate Endpoint before calling WithEndpoint
and before checking "npipe". Specifically, check if Endpoint is null (or
Uri.IsWellFormedUriString/valid) and either throw a descriptive
ArgumentNullException/InvalidOperationException or skip setting the
endpoint/transport options, and only evaluate Endpoint.Scheme when Endpoint !=
null; ensure the references to WithEndpoint and the npipe branch
(NPipeTransportOptions/NPipeConnectTimeout) are protected by this guard so
default struct instances no longer cause NullReferenceException.

---

Nitpick comments:
In
`@src/Testcontainers/Configurations/AuthConfigs/DockerEndpointAuthenticationConfiguration.cs`:
- Line 25: The hardcoded 10s fallback for NPipeConnectTimeout should be replaced
with the transport's default; change the fallback expression so that when
EnvironmentConfiguration.Instance.GetNamedPipeConnectionTimeout() and
PropertiesFileConfiguration.Instance.GetNamedPipeConnectionTimeout() are null it
uses new NPipeTransportOptions().ConnectTimeout (the default for
NPipeTransportOptions) instead of TimeSpan.FromSeconds(10), so update the static
initializer for NPipeConnectTimeout accordingly.

In
`@tests/Testcontainers.Tests/Unit/Configurations/DockerEndpointAuthenticationProviderTest.cs`:
- Around line 42-45: The test creates a Docker client via
authConfig.GetDockerClientBuilder().Build() and never disposes it; update the
DockerEndpointAuthenticationProviderTest to dispose dockerClient (the variable
created from Build())—either wrap the Build() call and assertions in a
using/using var block or call dockerClient.Dispose() after the assertions so the
IDisposible Docker client is properly cleaned up.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f0fc8fef-a79a-4aa0-b10e-afbe2731a45c

📥 Commits

Reviewing files that changed from the base of the PR and between c362747 and 3cc34f5.

📒 Files selected for processing (10)

• Directory.Packages.props
• src/Testcontainers/Builders/DockerEndpointAuthenticationProvider.cs
• src/Testcontainers/Builders/TlsCredentials.cs
• src/Testcontainers/Clients/DockerApiClient.cs
• src/Testcontainers/Configurations/AuthConfigs/DockerEndpointAuthenticationConfiguration.cs
• src/Testcontainers/Configurations/AuthConfigs/IDockerEndpointAuthenticationConfiguration.cs
• tests/Testcontainers.Platform.Linux.Tests/DependsOnTest.cs
• tests/Testcontainers.Platform.Linux.Tests/ReusableResourceTest.cs
• tests/Testcontainers.Tests/Unit/Configurations/DockerEndpointAuthenticationProviderTest.cs
• tests/Testcontainers.Tests/Unit/Containers/Unix/ProtectDockerDaemonSocketTest.cs

💤 Files with no reviewable changes (1)

• src/Testcontainers/Builders/TlsCredentials.cs