docker-lock
docker-lock copied to clipboard
safe-waters
Automatically manage image digests in Dockerfiles, docker-compose files, and Kubernetes manifests by tracking them in a separate Lockfile
### Given Given some apps using different settings, but reference to same build local image. ```compose version: "3.6" networks: napp: services: build: pull_policy: never image: private/image build: network: foobar context:...
### Bug when `services.X` and `networks.X` have same name ```txt in 'docker-compose.yml' '2' images rewritten, but expected to rewrite '1' ``` ```compose version: "3.6" networks: app: services: build: pull_policy: never...
### `ARG VARIANT` Given ```Dockerfile ARG VARIANT FROM python:${VARIANT} ``` After lock generate + rewerite, wrong ```Dockerfile ARG VARIANT FROM python ``` After lock generate + rewerite, correct. But compared...
https://docs.docker.com/compose/compose-file/build/ ```yaml build: context: . dockerfile: webapp.Dockerfile ``` Official docs cover usage of `*.Dockerfile`.
### Given - user `foobar` have `Dockerfile` with owner group `foobar:foobar` ### Problems ```sh $ docker run -v "${PWD}":/run safewaters/docker-lock lock generate ``` Actual: generate `docker-lock.json` with owner group `root:root`,...
If one of the images has been built on a `scratch` image, the final stage is based upon the `scratch` image; we should not add it to the `docker-lock.json` file....
From https://github.com/marketplace/docker-lock-bot at the time of writing: > For more in depth examples with screenshots, view the docker-lock-bot[README](https://github.com/safe-waters/docker-lock-bot). This links to https://github.com/safe-waters/docker-lock-bot but if I go there I get 404...
I've been thinking about building something similar to this that includes the ability to copy images to an alternative registry, rather than just resolving tags to digests. Abstractly, I'd love...
The way we'd like to use a tool like docker lock is that we'd leave the digests in our Dockerfiles and upon each rewrite, we'd lookup the current digests and...
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.8.3 to 0.12.5. Release notes Sourced from github.com/moby/buildkit's releases. v0.12.5 https://hub.docker.com/r/moby/buildkit Notable changes: This release contains following security fixes: Runc has been updated to v1.1.12 addressing https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Metadata
Owner
Metadata
Automatically manage image digests in Dockerfiles, docker-compose files, and Kubernetes manifests by tracking them in a separate Lockfile