moby-ryuk icon indicating copy to clipboard operation
moby-ryuk copied to clipboard

Published 20 hours ago verified publisher icon testcontainers

Docker :Latest needs to point to latest version

Open James-von-Detroit opened this issue 2 years ago • 9 comments

Just a heads up that the docker version testcontainers/ryuk:latest is pointing to an old version that hasn't been updated in three years.

https://hub.docker.com/layers/testcontainers/ryuk/latest/images/sha256-b2762871bff62df9bfcec62609da821803a575e06d74aa7ce1654ded208cc7c5?context=explore

James-von-Detroit avatar Oct 06 '23 20:10 James-von-Detroit

Indeed, thanks for catching that. We can do this:

  1. directly update the latest tag with current 0.5.1
  2. automate the push to latest on each release of Ryuk

mdelapenya avatar Oct 09 '23 16:10 mdelapenya

That would be great! Yes please do push the current version to the latest docker tag. I will be waiting for this and to test with my workflow. Thanks!

James-von-Detroit avatar Oct 09 '23 19:10 James-von-Detroit

@mdelapenya actually, we intentionally stopped publish :latest, as we encourage everyone to use fixed versions. If anything, we should remove the outdated :latest tag :)

bsideup avatar Oct 09 '23 20:10 bsideup

Just to get a bit more context, what is your use case to using Ryuk with a latest tag @James-von-Detroit?

kiview avatar Oct 10 '23 09:10 kiview

@kiview Thank you for your question. I am using Ryuk with a latest tag because I want to pull the most recent version of the of the software. Using the latest tag ensures that I get the most updated features and fixes from the developers. I think it is a bad representation of this tool to have a latest tag that is outdated by three years and has many security vulnerabilities. It could mislead users who rely on the latest tag in their workflow and expect to get the most current version of Ryuk. Therefore, I suggest that the developers either update the latest tag regularly or remove it altogether to avoid confusion and potential risks.

You can go to this link https://hub.docker.com/r/testcontainers/ryuk/tags and see for yourself, sort by latest (Which I believe is the default view). And it shows the the latest tag and no updates to it. It's just good practice to align these things, it may not make sense to you with the latest tag, but I assure you people use it.

James-von-Detroit avatar Oct 10 '23 19:10 James-von-Detroit

Thanks for the answer @James-von-Detroit, but please clarify, where do you use Ryuk with latest tag? Are you manually configuring Testcontainers to use Ryuk with latest tag? This is not recommended, since Testcontainers libraries versions rely on specific Ryuk versions. So before making the decision, I'd like to understand the actual use case.

I agree with the fact, that having an outdated latest tag makes no sense.

kiview avatar Oct 11 '23 06:10 kiview

Note that even when I pull with "docker pull testcontainers/ryuk" and not using the latest tag. That it pulls that 3-year-old version.

James-von-Detroit avatar Nov 03 '23 15:11 James-von-Detroit

@James-von-Detroit FYI Docker CLI will automatically append :latest if no tag is specified.

bsideup avatar Nov 04 '23 00:11 bsideup

Maybe some use testcontainers/ryuk without using the other Testcontainers libraries. An option is to intentionally break the :latest tag by pushing an invalid/failing image, so that users have to choose an explicit version.

gesellix avatar Feb 22 '24 22:02 gesellix