whats-up-docker icon indicating copy to clipboard operation
whats-up-docker copied to clipboard

Published 20 hours ago verified publisher icon fmartinou

compose file and Dockerfile scanning and update

Open rafipiccolo opened this issue 2 years ago • 2 comments

i created my own tool years ago, and i still use it. it basically scans all my dockerFiles and compose files and update the tag & sha of every found images so a "docker build" or a "docker compose up -d" or "docker stack deploy" effectively updates everything. Since the docker compose and dockerfile exist, i can also take the time to test them on a temporary server before deployment on production.

i can see why you chose to scan and update containers since many users do that (i may be wrong, but they are mostly begginers i think),

In my opinion a better approach is to have a docker compose file per project / server and then you only need to update it and embrace the infra as code / infra as state which has a lot of benefits.

is this something you could be interested in doing / supporting ?

rafipiccolo avatar Feb 13 '23 08:02 rafipiccolo

Hi,

Thank you for the feedback 👍 .

i can see why you chose to scan and update containers since many users do that (i may be wrong, but they are mostly beginers i think),

Initially, I created this tool to scan only. I added update capabilities in a second time to meet users expectations but it's not the primary goal of this tool.

In my opinion a better approach is to have a docker compose file per project / server and then you only need to update it and embrace the infra as code / infra as state which has a lot of benefits.

I agree with the target 👍

From my understanding, the main difference I see with your proposal would be to gather services to scan by reading files (e.g. compose files) instead of gathering them with the Docker API?

=> If so, that would be possible by implementing a 2nd watcher type (in addition to the existing docker watcher)

Some additional questions:

  • How are you dealing with the file update?
  • Are you writing the compose files in-place?
  • Are you tracking the changes from Git (just a commit? new branch+MR...?)
  • ... ?

fmartinou avatar Feb 15 '23 18:02 fmartinou

  • yes a new watcher makes sens.

  • yes my dockerfile and compose files update inplaces and i commit them to trigger deploys.

for exemple if i have this at the top of a dockerfile : FROM ubuntu or FROM ubuntu:latest or FROM ubuntu:latest@sha256:xxxxxxxxxxxxxxxxxx

my script rewrites it like this to make it updated and "fixed/immutable" : (tag+sha) FROM ubuntu:latest@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f

the same goes for images specified in compose files

  • my dockerfile is always at the root of my project. my compose file is in the project too when it's standalone. or in a separate git when it is a full server compose file. in any case my script only updates the tag + sha then i commit. then the cicd triggers tests and deploys

i guess i could use a webhook to trigger the commit after what's up docker would have updated the tags

rafipiccolo avatar Feb 16 '23 06:02 rafipiccolo