Use FQIN in Dockerfile

[achrinza]

Historically, we have used Unqualified Image Names. However, this is insecure as it is ambiguous on registry to use. Fully Qualified Image Names (FQIN) make explicit the domain name of the registry to pull from.

Change details

For Dockerfiles, the general update will be:

+ FROM docker.io/library/node:18-slim
- FROM node:18-slim

Although there is special-handling for the docker.io registry that allows omission of /library namespace path prefix for "no-namespace" images, we should use the full FQIN so as to be consistent with the output of other utilities such as podman image ls.

Impact

Other than updated Dockerfiles, there should be no other noticeable impact.

Files to update

• loopback-next
  • docs/site/Application-generator.md
  • examples/access-control-migration/Dockerfile
  • examples/multi-tenancy/Dockerfile
  • examples/references-many/Dockerfile
  • examples/rest-crud/Dockerfile
  • examples/socketio/Dockerfile
  • examples/todo/Dockerfile
  • examples/todo-jwt/Dockerfile
  • examples/todo-list/Dockerfile
  • packages/cli/generators/app/templates/Dockerfile
• create-loopback
  • templates/app/Dockerfile
• loopback4-example-shopping
  • bin/dockerize.js
  • Dockerfile.monorepo
  • Dockerfile.recommender
  • Dockerfile.shopping
• loopback-blog
  • blog/2019/2019-07-24-building-an-online-game-with-loopback-4-pt5.md
• starter
  • Dockerfile

References

• https://github.com/search?q=org%3Aloopbackio%20language%3ADockerfile&type=code
• https://github.com/search?q=org%3Aloopbackio+%22FROM+node%3A%22&type=code
• https://github.com/containers/image/blob/95a2847696c8583d5bed0ce71fed3a32276aa870/docs/containers-registries.conf.5.md#note-risk-of-using-unqualified-image-names

Similar changes in other projects

• https://github.com/NetApp/trident/pull/690
• https://github.com/ceph/ceph-csi/pull/1715
• https://github.com/hedgedoc/container/pull/437