driftctl icon indicating copy to clipboard operation
driftctl copied to clipboard

Published 20 hours ago verified publisher icon snyk

Add `driftctl` version into Docker image's labels

Open rirze opened this issue 2 years ago • 4 comments

Description Add version information into the driftctl docker image. It would be as simple as adding: LABEL snyk.driftctl.version=$DRIFTCTL_VERSION into the Dockerfile.

I work in environments where I cannot easily check APIs or public sites for image updates. It would be incredibly useful to check the version from docker image attributes and check for updates that way. I already check other docker images in a similar fashion, so it would be nice to share the same workflow across my images.

Example

$  docker image inspect snyk/driftctl
[
   {
     ....
     "Config": {
            ...
            "Labels": {
                "snyk.driftctl.version": "0.28.1"
            }
        },
       ....
  }
]

For example, for terraform:

$  docker image inspect hashicorp/terraform 
[
   {
     ....
     "Config": {
            ...
            "Labels": {
                "com.hashicorp.terraform.version": "1.1.4"
            }
        },
       ....
  }
]

rirze avatar Apr 18 '22 18:04 rirze

Hi @rirze ! Thanks for your interest in driftctl 🙏🏻

I'm curious about your usecase, are you saying that you cannot reach docker hub APIs from your environment ? I'm wondering why can't you use image tags as source of truth for versions numbers ?

For maintainers: Docker images are configured as auto build on the docker hub, but we can probably use some hooks to override it and inject some labels.

eliecharra avatar Apr 19 '22 08:04 eliecharra

Thanks for the reply.

You are correct, I work in environments where I cannot use dockerhub APIs. I have found it immensely easier to write scripts that check for labels (i.e. parsing a key-value in a JSON) compared to extracting CLI output from a docker subcommand (docker images).

Please do let me know if this is a viable option. I do see many other images use labels as well, if that helps influence your decision.

rirze avatar Apr 19 '22 14:04 rirze

hi @rirze! I'd like to understand your workflow better. Once you get the value of snyk.driftctl.version from a label, what do you compare it with, if you can't access the docker hub?

sjourdan avatar Apr 20 '22 12:04 sjourdan

@sjourdan Sure, it's pretty simple imo.

I have a version-controlled config file with the pinned versions of the docker images I use. Every day, I have a scheduled task that pulls down the latest image (latest snyk/driftcl image in this case) and then extracts the version of that latest image. It then compares the version string to the one written in the config file. If it is a newer version, it triggers a rebuild of my custom docker image that depends on snyk/driftctl and updates the config file with the latest version.

If that's not clear, please let me know.

rirze avatar Apr 20 '22 14:04 rirze